Talos has added and modified multiple rules in the browser-other, malware-cnc, os-windows, protocol-tftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:15421 <-> DISABLED <-> DELETED CONTENT-REPLACE AIM or ICQ deny login for unencrypted connection (deleted.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 3:26877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCPRecomputeMss denial of service attempt (os-windows.rules) * 3:26972 <-> ENABLED <-> SERVER-OTHER CUPS IPP multi-valued attribute memory corruption attempt (server-other.rules) * 3:27906 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC prep_reprocess_req null pointer dereference attempt (server-other.rules) * 3:28487 <-> ENABLED <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt (os-windows.rules) * 3:28488 <-> ENABLED <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt (os-windows.rules) * 3:29441 <-> ENABLED <-> PROTOCOL-VOIP CISCO Telepresence VCS SIP denial of service attempt (protocol-voip.rules) * 3:29944 <-> ENABLED <-> FILE-IMAGE Microsoft Multiple Products potentially malicious PNG detected - large or invalid chunk size (file-image.rules) * 3:29945 <-> ENABLED <-> FILE-IMAGE Microsoft Multiple Products potentially malicious PNG detected - large or invalid chunk size (file-image.rules) * 3:30282 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header denial of service attempt (protocol-voip.rules) * 3:30283 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header denial of service attempt (protocol-voip.rules) * 3:30881 <-> ENABLED <-> MALWARE-OTHER dns request with long host name segment - possible data exfiltration attempt (malware-other.rules) * 3:30884 <-> ENABLED <-> PROTOCOL-VOIP Cisco MXP Telepresence gssapi-data unauthenticated denial of service attempt (protocol-voip.rules) * 3:30885 <-> ENABLED <-> PROTOCOL-VOIP Cisco SIP malformed date header buffer overflow attempt (protocol-voip.rules) * 3:30886 <-> ENABLED <-> PROTOCOL-VOIP Cisco SIP malformed date header buffer overflow attempt (protocol-voip.rules) * 3:30887 <-> ENABLED <-> SERVER-OTHER Cisco Tshell command injection attempt (server-other.rules) * 3:30888 <-> ENABLED <-> SERVER-OTHER Cisco Tshell command injection attempt (server-other.rules) * 3:30889 <-> ENABLED <-> PROTOCOL-VOIP Content-Type media type overflow denial of service attempt (protocol-voip.rules) * 3:30890 <-> ENABLED <-> PROTOCOL-VOIP Content-Type media type overflow denial of service attempt (protocol-voip.rules) * 3:30901 <-> ENABLED <-> FILE-FLASH known malicious flash actionscript decryption routine (file-flash.rules) * 3:30902 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30903 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30912 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30913 <-> ENABLED <-> FILE-OTHER Cisco Webex WRF heap corruption attempt (file-other.rules) * 3:30921 <-> ENABLED <-> FILE-OTHER Cisco WebEx Player atas32.dll memory overread attempt (file-other.rules) * 3:30922 <-> ENABLED <-> FILE-OTHER Cisco WebEx Player atas32.dll memory overread attempt (file-other.rules) * 3:30929 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN CSRF attempt (server-other.rules) * 3:30931 <-> ENABLED <-> SERVER-OTHER Cisco RV180W remote file inclusion attempt (server-other.rules) * 3:30932 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF heap corruption attempt (file-other.rules) * 3:30933 <-> ENABLED <-> SERVER-OTHER Cisco RV180 VPN remote code execution attempt (server-other.rules) * 3:30942 <-> ENABLED <-> FILE-OTHER Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (file-other.rules) * 3:30943 <-> ENABLED <-> FILE-OTHER Cisco Webex ARF Player LZW decompress memory corruption denial of service attempt (file-other.rules) * 3:31361 <-> ENABLED <-> SERVER-OTHER OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt (server-other.rules) * 3:31398 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified IP phone BVSMWeb portal attack attempt (protocol-voip.rules) * 3:31451 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified IP phone BVSMWeb portal attack attempt (protocol-voip.rules) * 3:31615 <-> ENABLED <-> OS-OTHER Cisco IOS EnergyWise malformed packet denial of service attempt (os-other.rules) * 3:31616 <-> ENABLED <-> OS-OTHER Cisco IOS EnergyWise malformed packet denial of service attempt (os-other.rules) * 3:31664 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:31665 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:31666 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:31667 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:31668 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Web and E-Mail Interaction Manager cross site scripting attempt (server-webapp.rules) * 3:31738 <-> ENABLED <-> PROTOCOL-DNS domain not found containing random-looking hostname - possible DGA detected (protocol-dns.rules) * 3:31891 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 3:31979 <-> ENABLED <-> SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt (server-other.rules) * 3:31980 <-> ENABLED <-> SERVER-OTHER Cisco IOS RSVP Path message with no session attribute denial of service attempt (server-other.rules) * 3:31981 <-> ENABLED <-> SERVER-OTHER Cisco RSVP Protocol invalid Set ID DoS attempt (server-other.rules) * 3:31982 <-> ENABLED <-> SERVER-OTHER Cisco IOS mdns memory leak (server-other.rules) * 3:31983 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:31984 <-> ENABLED <-> OS-OTHER Cisco IOS mDNS malformed rrlength denial of service attempt (os-other.rules) * 3:32101 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN login.html memory corruption attempt (server-webapp.rules) * 3:32106 <-> ENABLED <-> SERVER-OTHER Cisco ASA SCPS command injection attempt (server-other.rules) * 3:32107 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN directory traversal attempt (server-webapp.rules) * 3:32108 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN directory traversal attempt (server-webapp.rules) * 3:32110 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 denial of service attempt (server-other.rules) * 3:32111 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 denial of service attempt (server-other.rules) * 3:32112 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 denial of service attempt (server-other.rules) * 3:32113 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 denial of service attempt (server-other.rules) * 3:32114 <-> ENABLED <-> SERVER-OTHER Cisco ASA SunRPC inspection engine denial of service attempt (server-other.rules) * 3:32115 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:32116 <-> ENABLED <-> SERVER-OTHER Cisco ASA SQLNet inspection engine denial of service attempt (server-other.rules) * 3:32207 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32208 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32209 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32210 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32211 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32212 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32213 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32214 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32215 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32216 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32217 <-> ENABLED <-> PROTOCOL-VOIP out of range port specification exploit attempt (protocol-voip.rules) * 3:32218 <-> ENABLED <-> PROTOCOL-VOIP out of range port specification exploit attempt (protocol-voip.rules) * 3:32398 <-> ENABLED <-> SERVER-OTHER Cisco RV180W Router cross-site request forgery attempt (server-other.rules) * 3:33053 <-> ENABLED <-> OS-WINDOWS Microsoft RADIUS Server invalid access-request username denial of service attempt (os-windows.rules) * 3:33229 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Services Catalog XML external entity injection attempt (server-webapp.rules) * 3:33587 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules) * 3:33869 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules) * 3:33870 <-> ENABLED <-> PROTOCOL-VOIP Cisco TelePresence Video Communication Server SDP media description denial of service attempt (protocol-voip.rules) * 3:33871 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Video Communication Server authentication bypass attempt (server-webapp.rules) * 3:33927 <-> ENABLED <-> SERVER-OTHER Cisco IOS virtual routing and forwarding ICMP redirect denial of service attempt (server-other.rules) * 3:33928 <-> ENABLED <-> SERVER-OTHER Cisco IOS mDNS denial of service attempt (server-other.rules) * 3:33929 <-> ENABLED <-> SERVER-OTHER Cisco IOS mDNS denial of service attempt (server-other.rules) * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules) * 3:34023 <-> ENABLED <-> PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt (protocol-voip.rules) * 3:34051 <-> ENABLED <-> PROTOCOL-DNS Cisco ASA memory exhaustion denial of service attempt (protocol-dns.rules) * 3:34180 <-> ENABLED <-> OS-OTHER Cisco Secure Desktop Applet command execution attempt (os-other.rules) * 3:34369 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central command injection attempt (server-webapp.rules) * 3:34967 <-> ENABLED <-> SERVER-OTHER Fortinet FSSO stack buffer overflow attempt (server-other.rules) * 3:34968 <-> ENABLED <-> SERVER-WEBAPP Cisco Sourcefire 3D System integrated BMC arbitrary file upload attempt (server-webapp.rules) * 3:34971 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 3:34972 <-> ENABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 3:35336 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35337 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35338 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35339 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35340 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35341 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35342 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35343 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35347 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified MeetingPlace password change policy bypass attempt (server-webapp.rules) * 3:35721 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (os-windows.rules) * 3:35722 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0008 attack attempt (os-windows.rules) * 3:35727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2015-0011 attack attempt (file-other.rules) * 3:35728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2015-0011 attack attempt (file-other.rules) * 3:35729 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0009 attack attempt (os-windows.rules) * 3:35730 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0009 attack attempt (os-windows.rules) * 3:35834 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0043 attack attempt (file-multimedia.rules) * 3:35835 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0043 attack attempt (file-multimedia.rules) * 3:35868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35877 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35881 <-> ENABLED <-> FILE-PDF download of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35882 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:35884 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35885 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35890 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35891 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35894 <-> ENABLED <-> SERVER-OTHER HP OpenView Data Protector Omnilnet command injection attempt (server-other.rules) * 3:35895 <-> ENABLED <-> SERVER-OTHER Hewlett-Packard Radia Client Automation VerbData buffer overflow attempt (server-other.rules) * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35899 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35900 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35901 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35905 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35906 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35907 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35908 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35911 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35912 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35913 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe authentication attempt (server-other.rules) * 3:35914 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe trigger creation attempt (server-other.rules) * 3:35915 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe rule creation attempt (server-other.rules) * 3:35918 <-> ENABLED <-> SERVER-OTHER EMC NetWorker server overflow attempt (server-other.rules) * 3:35919 <-> ENABLED <-> SERVER-OTHER Vinzant Global ECS Agent untrusted command execution attempt (server-other.rules) * 3:35922 <-> ENABLED <-> SERVER-WEBAPP Entrust Authority Enrollment Server stack buffer overflow attempt (server-webapp.rules) * 3:35923 <-> ENABLED <-> SERVER-WEBAPP LANDesk Management Suite arbitrary remote file upload attempt (server-webapp.rules) * 3:35924 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager remote jsp code execution attempt (server-webapp.rules) * 3:35925 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager LDAP plugin field null byte injection attempt (server-webapp.rules) * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules) * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules) * 3:35928 <-> ENABLED <-> SERVER-WEBAPP IBM Domino cross site scripting attempt (server-webapp.rules) * 3:35929 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35930 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35931 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35932 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35941 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller and UCS Director directory traversal attempt (server-webapp.rules) * 3:35942 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:35943 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:36153 <-> ENABLED <-> SERVER-OTHER IBM Domino LDAP server ModifyRequest stack buffer overflow attempt (server-other.rules) * 3:36208 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules) * 3:36209 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid url atom out of bounds read attempt (file-multimedia.rules) * 3:36210 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36211 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0002 attack attempt (os-windows.rules) * 3:36214 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules) * 3:36215 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1119 attack attempt (file-other.rules) * 3:36218 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules) * 3:36219 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules) * 3:36220 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules) * 3:36221 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0056 attack attempt (os-windows.rules) * 3:36222 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36223 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (os-windows.rules) * 3:36246 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP header parsing memory leak attempt (protocol-voip.rules) * 3:36557 <-> ENABLED <-> SERVER-OTHER Cisco ASA DHCPv6 relay denial of service attempt (server-other.rules) * 3:36558 <-> ENABLED <-> SERVER-OTHER Cisco ASA DHCPv6 relay solicit denial of service attempt (server-other.rules) * 3:36649 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance range request memory leak denial of service attempt (server-other.rules) * 3:36652 <-> ENABLED <-> SERVER-OTHER Cisco ESA malformed spf TXT record anti-spam bypass attempt (server-other.rules) * 3:36913 <-> ENABLED <-> SERVER-WEBAPP Cisco WebEx Meetings Server command injection attempt (server-webapp.rules) * 3:37358 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine default password authentication attempt (server-webapp.rules) * 3:37414 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS zero length DHCP VPN suboption denial of service attempt (server-other.rules) * 3:37426 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS DHCP option parsing denial of service attempt (server-other.rules) * 3:37439 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Manager getkvmurl.cgi command injection attempt (server-webapp.rules) * 3:37440 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Manager getkvmurl.cgi command injection attempt (server-webapp.rules) * 3:37492 <-> ENABLED <-> SERVER-WEBAPP Cisco RV220 platform.cgi SQL injection attempt (server-webapp.rules) * 3:37505 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:37506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0086 attack attempt (file-pdf.rules) * 3:37675 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (server-other.rules) * 3:37853 <-> ENABLED <-> SERVER-WEBAPP Cisco ACE A5 trace.vm command injection attempt (server-webapp.rules) * 3:38087 <-> ENABLED <-> SERVER-WEBAPP Cisco WLAN Controller insecure configuration wizard access attempt (server-webapp.rules) * 3:38137 <-> ENABLED <-> SERVER-OTHER Cisco DPC2203 arbitrary code execution attempt (server-other.rules) * 3:38138 <-> ENABLED <-> SERVER-OTHER Cisco DPQ3925 denial of service attempt (server-other.rules) * 3:38139 <-> ENABLED <-> SERVER-OTHER Cisco DPQ3939 denial of service attempt (server-other.rules) * 3:38244 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Flash exploit file download (exploit-kit.rules) * 3:38245 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Flash exploit file download (exploit-kit.rules) * 3:38285 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Flash exploit file download attempt (exploit-kit.rules) * 3:38302 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCPv6 relay denial of service attempt (server-other.rules) * 3:38346 <-> ENABLED <-> OS-LINUX Linux kernel SCTP INIT null pointer dereference attempt (os-linux.rules) * 3:38347 <-> ENABLED <-> FILE-EXECUTABLE PHP libmagic PE out of bounds memory access attempt (file-executable.rules) * 3:38397 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure API authentication bypass attempt (server-webapp.rules) * 3:38399 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence Server denial of service attempt (server-webapp.rules) * 3:38400 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure API credentials enumeration attempt (server-webapp.rules) * 3:38543 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central Web Framework remote file include attempt (server-webapp.rules) * 3:38544 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-CAN-0121 attack attempt (server-other.rules) * 3:38590 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller mDNS denial of service attempt (server-other.rules) * 3:38591 <-> ENABLED <-> SERVER-WEBAPP Cisco WLAN Controller management interface denial of service attempt (server-webapp.rules) * 3:38671 <-> ENABLED <-> BROWSER-IE SFVRT-1021 attack attempt (browser-ie.rules) * 3:38672 <-> ENABLED <-> BROWSER-IE SFVRT-1021 attack attempt (browser-ie.rules) * 3:38735 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38736 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38737 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38738 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38739 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38740 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:38741 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence XML API authentication bypass attempt (server-webapp.rules) * 3:50037 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:50038 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0819 attack attempt (file-pdf.rules) * 3:50039 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0819 attack attempt (file-pdf.rules) * 3:50040 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0831 attack attempt (server-webapp.rules) * 3:50110 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0836 attack attempt (server-webapp.rules) * 3:50111 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0839 attack attempt (server-webapp.rules) * 3:50114 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0833 attack attempt (server-webapp.rules) * 3:50117 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50118 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:50131 <-> ENABLED <-> PROTOCOL-SNMP Cisco Small Business Series Switches SNMP denial of service attempt (protocol-snmp.rules) * 3:50132 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50133 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50134 <-> ENABLED <-> SERVER-WEBAPP Cisco Video Surveillance Manager directory traversal attempt (server-webapp.rules) * 3:50135 <-> ENABLED <-> SERVER-WEBAPP Cisco Video Surveillance Manager directory traversal attempt (server-webapp.rules) * 3:50136 <-> ENABLED <-> SERVER-WEBAPP Cisco Video Surveillance Manager directory traversal attempt (server-webapp.rules) * 3:50265 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0842 attack attempt (file-image.rules) * 3:50266 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0842 attack attempt (file-image.rules) * 3:50269 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0843 attack attempt (file-image.rules) * 3:50270 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0843 attack attempt (file-image.rules) * 3:50273 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0841 attack attempt (file-image.rules) * 3:50274 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0841 attack attempt (file-image.rules) * 3:50295 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0845 attack attempt (file-other.rules) * 3:50296 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0845 attack attempt (file-other.rules) * 3:50320 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager denial of service attempt (server-other.rules) * 3:50335 <-> ENABLED <-> SERVER-WEBAPP Cisco Industrial Network Director remote code execution attempt (server-webapp.rules) * 3:50427 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI cross site request forgery attempt (server-webapp.rules) * 3:50469 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers denial of service attempt (server-webapp.rules) * 3:50470 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers denial of service attempt (server-webapp.rules) * 3:50471 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers denial of service attempt (server-webapp.rules) * 3:50472 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers denial of service attempt (server-webapp.rules) * 3:50485 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site scripting attempt (server-webapp.rules) * 3:50486 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site scripting attempt (server-webapp.rules) * 3:50487 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site scripting attempt (server-webapp.rules) * 3:50488 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site scripting attempt (server-webapp.rules) * 3:50489 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Service Catalog cross site request forgery attempt (server-webapp.rules) * 3:50492 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN Solution command injection attempt (server-webapp.rules) * 3:50502 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0848 attack attempt (file-other.rules) * 3:50503 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0848 attack attempt (file-other.rules) * 3:50512 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager authentication bypass attempt (server-webapp.rules) * 3:50513 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager arbitrary WAR file upload attempt (server-webapp.rules) * 3:50514 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager arbitrary file download attempt (server-webapp.rules) * 3:50515 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager information disclosure attempt (server-webapp.rules) * 3:50516 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0849 attack attempt (protocol-other.rules) * 3:50622 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance denial of service attempt (server-webapp.rules) * 3:50623 <-> ENABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules) * 3:50624 <-> ENABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules) * 3:50637 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:50650 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50651 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50652 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50653 <-> ENABLED <-> SERVER-WEBAPP Cisco Enterprise NFV command injection attempt (server-webapp.rules) * 3:50730 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0856 attack attempt (file-pdf.rules) * 3:50731 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0856 attack attempt (file-pdf.rules) * 3:50738 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0855 attack attempt (file-pdf.rules) * 3:50739 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0855 attack attempt (file-pdf.rules) * 3:50745 <-> ENABLED <-> SERVER-WEBAPP Cisco Vision Dynamic Signage Director authentication bypass attempt (server-webapp.rules) * 3:50746 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0859 attack attempt (server-webapp.rules) * 3:50747 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2019-0851 attack attempt (protocol-tftp.rules) * 3:50755 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50756 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50757 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50758 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50759 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50760 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0858 attack attempt (server-webapp.rules) * 3:50770 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0854 attack attempt (protocol-other.rules) * 3:50774 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0852 attack attempt (file-other.rules) * 3:50775 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0852 attack attempt (file-other.rules) * 3:50782 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50783 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50784 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50785 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0861 attack attempt (server-webapp.rules) * 3:50786 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0872 attack attempt (protocol-scada.rules) * 3:50787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0869 attack attempt (protocol-scada.rules) * 3:50788 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50789 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0862 attack attempt (protocol-scada.rules) * 3:50790 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0863 attack attempt (protocol-scada.rules) * 3:50791 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0873 attack attempt (protocol-scada.rules) * 3:50792 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0874 attack attempt (protocol-scada.rules) * 3:50793 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0871 attack attempt (protocol-scada.rules) * 3:50797 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0870 attack attempt (protocol-scada.rules) * 3:50803 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0866 attack attempt (protocol-scada.rules) * 3:50804 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0866 attack attempt (policy-other.rules) * 3:50805 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0868 attack attempt (policy-other.rules) * 3:50806 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0875 attack attempt (file-image.rules) * 3:50807 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0875 attack attempt (file-image.rules) * 3:50824 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0876 attack attempt (file-image.rules) * 3:50825 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0876 attack attempt (file-image.rules) * 3:50826 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0876 attack attempt (file-image.rules) * 3:50827 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0876 attack attempt (file-image.rules) * 3:50842 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50843 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50844 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50845 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0878 attack attempt (file-image.rules) * 3:50857 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0877 attack attempt (server-other.rules) * 3:50864 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50865 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50866 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50867 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0880 attack attempt (file-image.rules) * 3:50868 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50869 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0881 attack attempt (file-image.rules) * 3:50897 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0884 attack attempt (file-image.rules) * 3:50898 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0884 attack attempt (file-image.rules) * 3:50899 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0882 attack attempt (server-other.rules) * 3:50902 <-> ENABLED <-> POLICY-OTHER Cisco ASA running configuration download request detected (policy-other.rules) * 3:50903 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director command injection attempt (server-webapp.rules) * 3:50904 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50905 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50906 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50907 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:50908 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0885 attack attempt (server-other.rules) * 3:50909 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0883 attack attempt (server-other.rules) * 3:51111 <-> ENABLED <-> OS-OTHER VxWorks TCP URG memory corruption attempt (os-other.rules) * 3:51123 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51124 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0886 attack attempt (file-office.rules) * 3:51164 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller Redfish API command injection attempt (server-webapp.rules) * 3:51173 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules) * 3:51180 <-> ENABLED <-> SERVER-OTHER Cisco Integrated Management Controller IPMI command injection attempt (server-other.rules) * 3:51187 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller buffer overflow attempt (server-webapp.rules) * 3:51188 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51189 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51193 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51194 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51195 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:51198 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules) * 3:51199 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller denial of service attempt (server-webapp.rules) * 3:51200 <-> ENABLED <-> POLICY-OTHER Cisco UCS Director Intersight API unauthenticated request detected (policy-other.rules) * 3:51201 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller authentication bypass attempt (server-webapp.rules) * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51355 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE REST API information disclosure attempt (server-webapp.rules) * 3:51365 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS Software NX-API denial of service attempt (server-webapp.rules) * 3:51366 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS Software NX-API denial of service attempt (server-webapp.rules) * 3:51367 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS Software NX-API denial of service attempt (server-webapp.rules) * 3:51369 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RDP DecompressUnchopper integer overflow attempt (os-windows.rules) * 3:51414 <-> ENABLED <-> POLICY-OTHER Cisco Industrial Network Director unauthenticated configuration request detected (policy-other.rules) * 3:51447 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0891 attack attempt (file-image.rules) * 3:51448 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0891 attack attempt (file-image.rules) * 3:51461 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0890 attack attempt (file-other.rules) * 3:51462 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0890 attack attempt (file-other.rules) * 3:51530 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51531 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0892 attack attempt (file-image.rules) * 3:51587 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51588 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51589 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0911 attack attempt (server-webapp.rules) * 3:51590 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51591 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51592 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0910 attack attempt (server-webapp.rules) * 3:51597 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51598 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51599 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0908 attack attempt (server-webapp.rules) * 3:51600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51601 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51602 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0907 attack attempt (server-webapp.rules) * 3:51605 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0906 attack attempt (server-webapp.rules) * 3:51608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51609 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51610 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0905 attack attempt (server-webapp.rules) * 3:51611 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51612 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51613 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0904 attack attempt (server-webapp.rules) * 3:51614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0903 attack attempt (server-webapp.rules) * 3:51617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51618 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0902 attack attempt (server-webapp.rules) * 3:51622 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:51623 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:51624 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:51625 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:51626 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP denial of service attempt (protocol-voip.rules) * 3:51627 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP denial of service attempt (protocol-voip.rules) * 3:51628 <-> ENABLED <-> POLICY-OTHER Cisco IOS Layer 2 Traceroute vlan enumeration detected (policy-other.rules) * 3:51645 <-> ENABLED <-> SERVER-OTHER Cisco IOx invalid TLS handshake type denial of service attempt (server-other.rules) * 3:51646 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE FTP Application Layer Gateway denial of service attempt (server-other.rules) * 3:51650 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0898 attack attempt (policy-other.rules) * 3:51651 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0896 attack attempt (policy-other.rules) * 3:51652 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0894 attack attempt (server-webapp.rules) * 3:51665 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0913 attack attempt (file-other.rules) * 3:51673 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51674 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51675 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51676 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51677 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51678 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51679 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51680 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:51684 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0914 attack attempt (server-webapp.rules) * 3:51687 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51688 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51689 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51690 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51691 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51692 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51693 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51694 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51695 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51696 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51697 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51698 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51699 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51932 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51933 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51934 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51935 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51936 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51937 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51938 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:51948 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0918 attack attempt (policy-other.rules) * 3:51949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0935 attack attempt (file-pdf.rules) * 3:51950 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0935 attack attempt (file-pdf.rules) * 3:51951 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0920 attack attempt (file-pdf.rules) * 3:51952 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0920 attack attempt (file-pdf.rules) * 3:52008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0936 attack attempt (file-other.rules) * 3:52009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0936 attack attempt (file-other.rules) * 3:52010 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0930 attack attempt (server-webapp.rules) * 3:52011 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0930 attack attempt (server-webapp.rules) * 3:52012 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0927 attack attempt (policy-other.rules) * 3:52013 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0929 attack attempt (server-webapp.rules) * 3:52014 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0929 attack attempt (server-webapp.rules) * 3:52015 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0931 attack attempt (server-webapp.rules) * 3:52016 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0931 attack attempt (server-webapp.rules) * 3:52017 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0931 attack attempt (server-webapp.rules) * 3:52018 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0931 attack attempt (server-webapp.rules) * 3:52020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0933 attack attempt (file-image.rules) * 3:52021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0933 attack attempt (file-image.rules) * 3:52023 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0923 attack attempt (server-webapp.rules) * 3:52024 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0932 attack attempt (server-other.rules) * 3:52025 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0932 attack attempt (server-other.rules) * 3:52046 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0934 attack attempt (file-pdf.rules) * 3:52047 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0934 attack attempt (file-pdf.rules) * 3:52048 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2019-0943 attack attempt (browser-webkit.rules) * 3:52049 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2019-0943 attack attempt (browser-webkit.rules) * 3:52050 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0937 attack attempt (file-other.rules) * 3:52051 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0937 attack attempt (file-other.rules) * 3:52053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52054 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0921 attack attempt (file-image.rules) * 3:52058 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules) * 3:52082 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52083 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0945 attack attempt (file-image.rules) * 3:52086 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0944 attack attempt (policy-other.rules) * 3:52095 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:52096 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0946 attack attempt (file-multimedia.rules) * 3:13511 <-> ENABLED <-> SERVER-OTHER Novell eDirectory EventsRequest invalid event count exploit attempt (server-other.rules) * 3:13582 <-> ENABLED <-> FILE-OFFICE Microsoft Excel sst record arbitrary code execution attempt (file-office.rules) * 3:13666 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI integer overflow attempt (os-windows.rules) * 3:13667 <-> ENABLED <-> PROTOCOL-DNS dns cache poisoning attempt (protocol-dns.rules) * 3:13676 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:13718 <-> ENABLED <-> SERVER-MAIL BDAT buffer overflow attempt (server-mail.rules) * 3:13773 <-> ENABLED <-> OS-LINUX linux kernel snmp nat netfilter memory corruption attempt (os-linux.rules) * 3:13790 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed css remote code execution attempt (file-office.rules) * 3:13798 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13802 <-> ENABLED <-> OS-WINDOWS Microsoft malware protection engine denial of service attempt (os-windows.rules) * 3:13803 <-> ENABLED <-> FILE-OFFICE RTF control word overflow attempt (file-office.rules) * 3:13825 <-> ENABLED <-> OS-WINDOWS Microsoft PGM fragment denial of service attempt (os-windows.rules) * 3:13826 <-> ENABLED <-> OS-WINDOWS Microsoft WINS arbitrary memory modification attempt (os-windows.rules) * 3:13835 <-> ENABLED <-> OS-WINDOWS Microsoft Active Directory LDAP cookie denial of service attempt (os-windows.rules) * 3:13879 <-> ENABLED <-> OS-WINDOWS Windows BMP image conversion arbitrary code execution attempt (os-windows.rules) * 3:13887 <-> ENABLED <-> PROTOCOL-DNS dns root nameserver poisoning attempt (protocol-dns.rules) * 3:13897 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime crgn atom parsing stack buffer overflow attempt (file-multimedia.rules) * 3:13921 <-> ENABLED <-> SERVER-MAIL Altrium Software MERCUR IMAPD NTLMSSP command handling memory corruption attempt (server-mail.rules) * 3:13946 <-> ENABLED <-> FILE-IMAGE Apple PICT/Quickdraw image converter packType 4 buffer overflow exploit attempt (file-image.rules) * 3:13947 <-> ENABLED <-> FILE-IMAGE Apple PICT/Quickdraw image converter packType 3 buffer overflow exploit attempt (file-image.rules) * 3:13954 <-> ENABLED <-> OS-WINDOWS Microsoft Color Management System EMF file processing overflow attempt (os-windows.rules) * 3:13958 <-> ENABLED <-> FILE-OFFICE WordPerfect Graphics file invalid RLE buffer overflow attempt (file-office.rules) * 3:13969 <-> ENABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 3:14251 <-> ENABLED <-> OS-WINDOWS Microsoft GDI malformed metarecord buffer overflow attempt (os-windows.rules) * 3:14252 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14253 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14254 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player malicious playlist buffer overflow attempt (file-multimedia.rules) * 3:14260 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI+ GIF image invalid number of extension blocks buffer overflow attempt (os-windows.rules) * 3:14263 <-> ENABLED <-> POLICY-SOCIAL Pidgin MSN MSNP2P message integer overflow attempt (policy-social.rules) * 3:14646 <-> ENABLED <-> OS-WINDOWS Active Directory malformed baseObject denial of service attempt (os-windows.rules) * 3:14655 <-> ENABLED <-> FILE-OFFICE Excel rept integer underflow attempt (file-office.rules) * 3:14772 <-> ENABLED <-> FILE-IMAGE libpng malformed chunk denial of service attempt (file-image.rules) * 3:15009 <-> ENABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 3:15117 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed OBJ record arbitrary code execution attempt (file-office.rules) * 3:15124 <-> ENABLED <-> OS-WINDOWS Web-based NTLM replay attack attempt (os-windows.rules) * 3:15125 <-> ENABLED <-> FILE-OFFICE Microsoft Word rich text file unpaired dpendgroup exploit attempt (file-office.rules) * 3:15148 <-> ENABLED <-> SERVER-OTHER Microsoft SMS remote control client message length denial of service attempt (server-other.rules) * 3:15149 <-> ENABLED <-> SERVER-ORACLE Oracle Internet Directory pre-auth ldap denial of service attempt (server-oracle.rules) * 3:15298 <-> ENABLED <-> FILE-OFFICE Microsoft Visio could allow remote code execution (file-office.rules) * 3:15300 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EMF polyline overflow attempt (browser-ie.rules) * 3:15301 <-> ENABLED <-> SERVER-MAIL Exchange compressed RTF remote code execution attempt (server-mail.rules) * 3:15327 <-> ENABLED <-> PROTOCOL-DNS libspf2 DNS TXT record parsing buffer overflow attempt (protocol-dns.rules) * 3:15328 <-> ENABLED <-> FILE-JAVA Sun JDK image parsing library ICC buffer overflow attempt (file-java.rules) * 3:15329 <-> ENABLED <-> SERVER-MAIL Microsoft Exchange MODPROPS memory corruption attempt (server-mail.rules) * 3:15365 <-> ENABLED <-> FILE-OFFICE Microsoft Excel extrst record arbitrary code excecution attempt (file-office.rules) * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules) * 3:15449 <-> ENABLED <-> MALWARE-OTHER Conficker A/B DNS traffic detected (malware-other.rules) * 3:15450 <-> ENABLED <-> MALWARE-OTHER Conficker C/D DNS traffic detected (malware-other.rules) * 3:15453 <-> ENABLED <-> OS-WINDOWS SMB replay attempt via NTLMSSP - overlapping encryption keys detected (os-windows.rules) * 3:15454 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (file-office.rules) * 3:15465 <-> ENABLED <-> FILE-OFFICE Microsoft Excel malformed object record remote code execution attempt (file-office.rules) * 3:15474 <-> ENABLED <-> SERVER-OTHER Microsoft ISA Server and Forefront Threat Management Gateway invalid RST denial of service attempt (server-other.rules) * 3:15519 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules) * 3:15521 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ExternSheet record remote code execution attempt (file-office.rules) * 3:15734 <-> ENABLED <-> PROTOCOL-DNS BIND named 9 dynamic update message remote dos attempt (protocol-dns.rules) * 3:15847 <-> ENABLED <-> OS-WINDOWS Telnet-based NTLM replay attack attempt (os-windows.rules) * 3:15848 <-> ENABLED <-> OS-WINDOWS WINS replication request memory corruption attempt (os-windows.rules) * 3:15857 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file invalid header length (file-multimedia.rules) * 3:15912 <-> ENABLED <-> OS-WINDOWS TCP window closed before receiving data (os-windows.rules) * 3:15920 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft mp3 malformed APIC header RCE attempt (file-multimedia.rules) * 3:15959 <-> ENABLED <-> SERVER-IIS Microsoft ASP.NET viewstate DoS attempt (server-iis.rules) * 3:15968 <-> ENABLED <-> SERVER-OTHER LANDesk Management Suite QIP service heal packet buffer overflow attempt (server-other.rules) * 3:15973 <-> ENABLED <-> SERVER-OTHER Novell eDirectory LDAP null search parameter buffer overflow attempt (server-other.rules) * 3:15975 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in little endian format parsing integer overflow attempt (file-image.rules) * 3:15976 <-> ENABLED <-> FILE-IMAGE OpenOffice TIFF file in big endian format parsing integer overflow attempt (file-image.rules) * 3:16222 <-> ENABLED <-> FILE-IMAGE Malformed BMP dimensions arbitrary code execution attempt (file-image.rules) * 3:16230 <-> ENABLED <-> FILE-OFFICE Microsoft Excel oversized ib memory corruption attempt (file-office.rules) * 3:16232 <-> ENABLED <-> OS-WINDOWS Windows TrueType font file parsing integer overflow attempt (os-windows.rules) * 3:16343 <-> ENABLED <-> FILE-PDF obfuscated header in PDF (file-pdf.rules) * 3:16370 <-> ENABLED <-> FILE-PDF Adobe Reader JP2C Region Atom CompNum memory corruption attempt (file-pdf.rules) * 3:16375 <-> ENABLED <-> SERVER-OTHER LDAP object parameter name buffer overflow attempt (server-other.rules) * 3:16394 <-> ENABLED <-> OS-WINDOWS Active Directory Kerberos referral TGT renewal DoS attempt (os-windows.rules) * 3:16396 <-> ENABLED <-> NETBIOS SMB server srvnet.sys driver race condition attempt (netbios.rules) * 3:16408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TCP SACK invalid range denial of service attempt (os-windows.rules) * 3:16530 <-> ENABLED <-> OS-WINDOWS CAB SIP authenticode alteration attempt (os-windows.rules) * 3:16531 <-> ENABLED <-> NETBIOS SMB client TRANS response ring0 remote code execution attempt (netbios.rules) * 3:16532 <-> ENABLED <-> NETBIOS SMB client TRANS response ring0 remote code execution attempt (netbios.rules) * 3:16533 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ISATAP-addressed IPv6 traffic spoofing attempt (os-windows.rules) * 3:16649 <-> ENABLED <-> FILE-OFFICE Microsoft Excel HFPicture record stack buffer overflow attempt (file-office.rules) * 3:16662 <-> ENABLED <-> FILE-OFFICE Microsoft Excel SxView heap overflow attempt (file-office.rules) * 3:16728 <-> ENABLED <-> NETBIOS Samba SMB1 chain_reply function memory corruption attempt (netbios.rules) * 3:17242 <-> ENABLED <-> FILE-MULTIMEDIA Windows Media Player ASF file arbitrary code execution attempt (file-multimedia.rules) * 3:17251 <-> ENABLED <-> FILE-OFFICE Outlook RTF remote code execution attempt (file-office.rules) * 3:17300 <-> ENABLED <-> FILE-MULTIMEDIA MPlayer demux_open_vqf TwinVQ file handling buffer overflow attempt (file-multimedia.rules) * 3:17608 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime color table atom movie file handling heap corruption attempt (file-multimedia.rules) * 3:17632 <-> ENABLED <-> PROTOCOL-SNMP Castle Rock Computing SNMPc Network Manager community string attempted stack overflow (protocol-snmp.rules) * 3:17647 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 3:17665 <-> ENABLED <-> FILE-OFFICE OpenOffice Word document table parsing multiple heap based buffer overflow attempt (file-office.rules) * 3:17693 <-> ENABLED <-> SERVER-MAIL MailEnable NTLM Authentication buffer overflow attempt (server-mail.rules) * 3:17697 <-> ENABLED <-> POLICY-SOCIAL GnuPG Message Packet Length overflow attempt (policy-social.rules) * 3:17699 <-> ENABLED <-> PROTOCOL-SNMP Multiple vendor SNMPv3 HMAC handling authentication bypass attempt (protocol-snmp.rules) * 3:17700 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer wav chunk string overflow attempt (file-multimedia.rules) * 3:17741 <-> ENABLED <-> SERVER-OTHER MIT Kerberos ASN.1 asn1_decode_generaltime uninitialized pointer reference attempt (server-other.rules) * 3:17762 <-> ENABLED <-> FILE-OFFICE Microsoft Excel corrupted TABLE record clean up exploit attempt (file-office.rules) * 3:17765 <-> ENABLED <-> OS-WINDOWS OpenType Font file parsing buffer overflow attempt (os-windows.rules) * 3:17775 <-> ENABLED <-> INDICATOR-SHELLCODE Shikata Ga Nai x86 polymorphic shellcode decoder detected (indicator-shellcode.rules) * 3:18063 <-> ENABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 3:18101 <-> ENABLED <-> SERVER-OTHER Sun Directory Server LDAP denial of service attempt (server-other.rules) * 3:18673 <-> ENABLED <-> OS-WINDOWS Microsoft Fax Cover Page Editor heap corruption attempt (os-windows.rules) * 3:18676 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules) * 3:18949 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules) * 3:19187 <-> ENABLED <-> PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt (protocol-dns.rules) * 3:19350 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Shockwave Player Director file FFFFFF88 record integer overflow attempt (file-multimedia.rules) * 3:20135 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 3:20275 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt (netbios.rules) * 3:20825 <-> ENABLED <-> SERVER-WEBAPP generic web server hashing collision attack (server-webapp.rules) * 3:21352 <-> ENABLED <-> OS-WINDOWS Microsoft Fax Cover Page Editor heap corruption attempt (os-windows.rules) * 3:21354 <-> ENABLED <-> PROTOCOL-DNS dns query - storing query and txid (protocol-dns.rules) * 3:21355 <-> ENABLED <-> PROTOCOL-DNS potential dns cache poisoning attempt - mismatched txid (protocol-dns.rules) * 3:21619 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop connect-initial pdu remote code execution attempt (os-windows.rules) * 3:22089 <-> ENABLED <-> FILE-OFFICE Microsoft RTF improper listoverride nesting attempt (file-office.rules) * 3:23039 <-> ENABLED <-> PROTOCOL-DNS Multiple vendor DNS message decompression denial of service attempt (protocol-dns.rules) * 3:23040 <-> ENABLED <-> PROTOCOL-DNS Multiple vendor DNS message decompression denial of service attempt (protocol-dns.rules) * 3:23180 <-> ENABLED <-> FILE-PDF obfuscated header in PDF attachment (file-pdf.rules) * 3:23608 <-> ENABLED <-> PROTOCOL-DNS dns zone transfer with zero-length rdata attempt (protocol-dns.rules) * 3:23847 <-> ENABLED <-> NETBIOS MS-RAP NetServerEnum2 read access violation attempt (netbios.rules) * 3:24595 <-> ENABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules) * 3:24596 <-> ENABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 3:24597 <-> ENABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 3:24666 <-> ENABLED <-> FILE-OFFICE Excel invalid data item buffer overflow attempt (file-office.rules) * 3:24671 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Explorer briefcase database memory corruption attempt (os-windows.rules) * 3:24971 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 3:24973 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 response file name length overflow attempt (netbios.rules) * 3:26213 <-> ENABLED <-> EXPLOIT-KIT g01 exploit kit dns request - doesntexist.com (exploit-kit.rules) * 3:26214 <-> ENABLED <-> EXPLOIT-KIT g01 exploit kit dns request - dnsalias.com (exploit-kit.rules) * 3:26215 <-> ENABLED <-> EXPLOIT-KIT g01 exploit kit dns request - dynalias.com (exploit-kit.rules) * 3:10127 <-> ENABLED <-> OS-WINDOWS Microsoft IP Options denial of service (os-windows.rules) * 3:10161 <-> ENABLED <-> NETBIOS SMB write_andx overflow attempt (netbios.rules) * 3:10480 <-> ENABLED <-> SERVER-OTHER imail ldap buffer overflow exploit attempt (server-other.rules) * 3:11619 <-> ENABLED <-> SERVER-MYSQL MySQL COM_TABLE_DUMP Function Stack Overflow attempt (server-mysql.rules) * 3:11672 <-> ENABLED <-> BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt (browser-other.rules) * 3:12028 <-> ENABLED <-> SERVER-MAIL Microsoft Exchange Server MIME base64 decoding code execution attempt (server-mail.rules) * 3:12636 <-> ENABLED <-> PROTOCOL-NNTP XHDR buffer overflow attempt (protocol-nntp.rules) * 3:13308 <-> ENABLED <-> SERVER-APACHE Apache HTTP server auth_ldap logging function format string vulnerability (server-apache.rules) * 3:13417 <-> ENABLED <-> SERVER-OTHER Citrix MetaFrame IMA authentication processing buffer overflow attempt (server-other.rules) * 3:13418 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Director LDAP server invalid DN message buffer overflow attempt (server-other.rules) * 3:13425 <-> ENABLED <-> SERVER-OTHER openldap server bind request denial of service attempt (server-other.rules) * 3:13469 <-> ENABLED <-> FILE-OFFICE Microsoft Word ole stream memory corruption attempt (file-office.rules) * 3:13475 <-> ENABLED <-> OS-WINDOWS Microsoft Active Directory LDAP denial of service attempt (os-windows.rules) * 3:13510 <-> ENABLED <-> SERVER-OTHER Novell eDirectory EventsRequest heap overflow attempt (server-other.rules) * 3:38745 <-> ENABLED <-> MALWARE-OTHER known phishing x-mailer attempt (malware-other.rules) * 3:38746 <-> ENABLED <-> MALWARE-CNC CTFMONv4 beacon attempt (malware-cnc.rules) * 3:38747 <-> ENABLED <-> MALWARE-CNC FF-RAT outbound connection attempt (malware-cnc.rules) * 3:38748 <-> ENABLED <-> MALWARE-CNC FF-RAT outbound connection attempt (malware-cnc.rules) * 3:38749 <-> ENABLED <-> MALWARE-CNC FF-RAT outbound connection attempt (malware-cnc.rules) * 3:38750 <-> ENABLED <-> MALWARE-CNC FF-RAT outbound connection attempt (malware-cnc.rules) * 3:38751 <-> ENABLED <-> MALWARE-CNC Jimini outbound connection attempt (malware-cnc.rules) * 3:38752 <-> ENABLED <-> MALWARE-CNC HILIGHT outbound connection attempt (malware-cnc.rules) * 3:38753 <-> ENABLED <-> MALWARE-CNC 1.php outbound connection attempt (malware-cnc.rules) * 3:38754 <-> ENABLED <-> MALWARE-CNC XDOT outbound connection attempt (malware-cnc.rules) * 3:38755 <-> ENABLED <-> MALWARE-CNC PlugX outbound connection attempt (malware-cnc.rules) * 3:38756 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:38757 <-> ENABLED <-> MALWARE-CNC PlugX outbound communication attempt (malware-cnc.rules) * 3:38758 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 3:38834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules) * 3:38958 <-> ENABLED <-> SERVER-OTHER Cisco Web Security Appliance socket exhaustion denial of service attempt (server-other.rules) * 3:39065 <-> ENABLED <-> SERVER-OTHER Cisco IOS NX invalid ICMPv6 neighbor discovery hop limit denial of service attempt (server-other.rules) * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules) * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules) * 3:39118 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39119 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39120 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39121 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39122 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39123 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39124 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39125 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39126 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39127 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis Module command injection attempt (server-webapp.rules) * 3:39303 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:39370 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure API authentication bypass attempt (server-webapp.rules) * 3:39371 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure API default credentials authentication attempt (server-webapp.rules) * 3:39379 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules) * 3:39678 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Performance Manager command injection attempt (server-webapp.rules) * 3:39679 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Performance Manager command injection attempt (server-webapp.rules) * 3:39775 <-> ENABLED <-> EXPLOIT-KIT malicious script detected via RBF classifier (exploit-kit.rules) * 3:39790 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi command injection attempt (server-webapp.rules) * 3:39791 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi command injection attempt (server-webapp.rules) * 3:39792 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi command injection attempt (server-webapp.rules) * 3:39793 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi directory traversal attempt (server-webapp.rules) * 3:39794 <-> ENABLED <-> SERVER-WEBAPP Cisco RV180 VPN Router platform.cgi directory traversal attempt (server-webapp.rules) * 3:39795 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers insecure guest account login attempt (server-webapp.rules) * 3:39796 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Communications Manager null pointer dereference attempt (protocol-voip.rules) * 3:39797 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Communications Manager null pointer dereference attempt (protocol-voip.rules) * 3:39878 <-> ENABLED <-> SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (server-other.rules) * 3:39885 <-> ENABLED <-> PROTOCOL-SNMP Cisco ASA SNMP OID parsing stack buffer overflow attempt (protocol-snmp.rules) * 3:39897 <-> ENABLED <-> SERVER-WEBAPP Cisco FirePOWER Management Center sajaxintf.cgi command injection attempt (server-webapp.rules) * 3:39898 <-> ENABLED <-> SERVER-WEBAPP Cisco FirePOWER Management Center pjb.cgi privilege escalation attempt (server-webapp.rules) * 3:39937 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0194 attack attempt (file-pdf.rules) * 3:39938 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0194 attack attempt (file-pdf.rules) * 3:39994 <-> ENABLED <-> PROTOCOL-SNMP Cisco SG200 Series SNMP request via undocumented community string attempt (protocol-snmp.rules) * 3:40006 <-> ENABLED <-> SERVER-OTHER Cisco Small Business SPA3x/5x series denial of service attempt (server-other.rules) * 3:40013 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules) * 3:40014 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules) * 3:40049 <-> ENABLED <-> SERVER-OTHER Cisco IOS PPTP control message response information disclosure detected (server-other.rules) * 3:40072 <-> ENABLED <-> MALWARE-CNC Cisco ASA backdoor installer inbound connection attempt (malware-cnc.rules) * 3:40130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf filename buffer overflow attempt (os-windows.rules) * 3:40131 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration Assurance session ID privilege escalation attempt (policy-other.rules) * 3:40239 <-> ENABLED <-> SERVER-OTHER Cisco WebEx meetings server denial of service attempt (server-other.rules) * 3:40240 <-> ENABLED <-> SERVER-WEBAPP Cisco WebEx Meetings Server config_dmz remote code execution attempt (server-webapp.rules) * 3:40257 <-> ENABLED <-> SERVER-WEBAPP Cisco Cloud Services Platform dnslookup command injection attempt (server-webapp.rules) * 3:40275 <-> ENABLED <-> SERVER-WEBAPP Cisco ESA internal testing interface access attempt (server-webapp.rules) * 3:40287 <-> ENABLED <-> SERVER-OTHER Cisco prime collaboration provisioning web framework access control bypass attempt (server-other.rules) * 3:40298 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS malformed H.450 PER data out of bounds read attempt (protocol-voip.rules) * 3:40299 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0195 attack attempt (file-other.rules) * 3:40300 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0195 attack attempt (file-other.rules) * 3:40303 <-> ENABLED <-> PROTOCOL-SCADA Cisco IOS CIP request parser out of bounds array access attempt (protocol-scada.rules) * 3:40304 <-> ENABLED <-> PROTOCOL-SCADA Cisco IOS CIP request parser out of bounds array access attempt (protocol-scada.rules) * 3:40343 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS malformed BGP UPDATE denial of service attempt (server-other.rules) * 3:40498 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA Crypto CA Server out of bounds read attempt (server-webapp.rules) * 3:40499 <-> ENABLED <-> SERVER-OTHER Cisco ASA NBSTAT response stack buffer overflow attempt (server-other.rules) * 3:40504 <-> ENABLED <-> SERVER-OTHER Cisco Snort HTTP chunked transfer encoding processing denial of service attempt (server-other.rules) * 3:40552 <-> ENABLED <-> SERVER-OTHER Cisco ESA lzw attachment parsing denial of service attempt (server-other.rules) * 3:40553 <-> ENABLED <-> SERVER-OTHER Cisco ESA uuencode attachment processing exception denial of service attempt (server-other.rules) * 3:40554 <-> ENABLED <-> SERVER-OTHER Cisco ESA uuencode attachment processing exception denial of service attempt (server-other.rules) * 3:40580 <-> ENABLED <-> POLICY-OTHER Cisco Universal Media Services potentially unauthorized API access detected (policy-other.rules) * 3:40636 <-> ENABLED <-> POLICY-OTHER Cisco Prime Home API insecure SSO authentication detected (policy-other.rules) * 3:40637 <-> ENABLED <-> POLICY-OTHER TL1 ACT-USER login detected (policy-other.rules) * 3:40638 <-> ENABLED <-> PROTOCOL-VOIP Cisco Meeting Server SIP SDP media description buffer overflow attempt (protocol-voip.rules) * 3:40767 <-> ENABLED <-> FILE-OTHER Cisco IOS-XE update directory traversal attempt (file-other.rules) * 3:40768 <-> ENABLED <-> FILE-OTHER Cisco IOS-XE update directory traversal attempt (file-other.rules) * 3:40769 <-> ENABLED <-> FILE-OTHER Cisco IOS-XE update directory traversal attempt (file-other.rules) * 3:40770 <-> ENABLED <-> FILE-OTHER Cisco IOS-XE update directory traversal attempt (file-other.rules) * 3:40877 <-> ENABLED <-> SERVER-OTHER Cisco Application Control Engine SSL handshake parsing denial of service attempt (server-other.rules) * 3:40878 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0188 attack attempt (file-executable.rules) * 3:40879 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-CAN-0188 attack attempt (file-executable.rules) * 3:41093 <-> ENABLED <-> POLICY-OTHER Docker management traffic detected (policy-other.rules) * 3:41137 <-> ENABLED <-> SERVER-OTHER Cisco IOS XR command line interface privilege escalation attempt (server-other.rules) * 3:41195 <-> ENABLED <-> PROTOCOL-SNMP Cisco IP routing configuration manipulation via SNMP attempt (protocol-snmp.rules) * 3:41360 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules) * 3:41361 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules) * 3:41362 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules) * 3:41363 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0270 attack attempt (file-pdf.rules) * 3:41368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41369 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0273 attack attempt (file-other.rules) * 3:41372 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41373 <-> ENABLED <-> FILE-IMAGE Oracle Outside In libvs_gif out of bounds write attempt (file-image.rules) * 3:41415 <-> ENABLED <-> PROTOCOL-VOIP Cisco Expressway and TelePresence VCS denial of service attempt (protocol-voip.rules) * 3:41466 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0278 attack attempt (server-other.rules) * 3:41468 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules) * 3:41469 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0272 attack attempt (file-office.rules) * 3:41487 <-> ENABLED <-> POLICY-OTHER Cisco Prime Home portlet API access detected (policy-other.rules) * 3:41538 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN memory corruption attempt (server-webapp.rules) * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules) * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules) * 3:41786 <-> ENABLED <-> SERVER-OTHER Cisco NetFlow Generation Appliance SCTP denial of service attempt (server-other.rules) * 3:41909 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:41910 <-> ENABLED <-> SERVER-OTHER Cisco Software Cluster Management Protocol remote code execution attempt (server-other.rules) * 3:42001 <-> ENABLED <-> SERVER-WEBAPP Cisco CWA and TES Client Manager Server directory traversal attempt (server-webapp.rules) * 3:42002 <-> ENABLED <-> SERVER-WEBAPP Cisco CWA and TES Client Manager Server directory traversal attempt (server-webapp.rules) * 3:42003 <-> ENABLED <-> POLICY-OTHER Cisco Mobility Express Access Point radio.cgi access detected (policy-other.rules) * 3:42004 <-> ENABLED <-> POLICY-OTHER Cisco Mobility Express Access Point radio.html access detected (policy-other.rules) * 3:42008 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules) * 3:42009 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0295 attack attempt (file-office.rules) * 3:42051 <-> ENABLED <-> SERVER-OTHER Cisco IOS autonomic networking discovery denial of service attempt (server-other.rules) * 3:42060 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP client dummy XID denial of service attempt (server-other.rules) * 3:42061 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui software upgrade command injection attempt (server-webapp.rules) * 3:42069 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE DHCP vendor class identifier format string exploit attempt (server-other.rules) * 3:42070 <-> ENABLED <-> SERVER-OTHER Cisco IOS L2TP invalid message digest AVP denial of service attempt (server-other.rules) * 3:42071 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui denial of service attempt (server-webapp.rules) * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules) * 3:42112 <-> ENABLED <-> BROWSER-OTHER multiple browsers content security policy bypass attempt (browser-other.rules) * 3:42139 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules) * 3:42142 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules) * 3:42143 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0303 attack attempt (file-other.rules) * 3:42144 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules) * 3:42145 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0301 attack attempt (file-office.rules) * 3:42146 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules) * 3:42147 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0304 attack attempt (file-other.rules) * 3:42179 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-2811 attack attempt (file-image.rules) * 3:42180 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-2811 attack attempt (file-image.rules) * 3:42191 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0309 attack attempt (file-image.rules) * 3:42192 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0309 attack attempt (file-image.rules) * 3:42193 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0309 attack attempt (file-image.rules) * 3:42194 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0309 attack attempt (file-image.rules) * 3:42277 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0317 attack attempt (file-other.rules) * 3:42278 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0317 attack attempt (file-other.rules) * 3:42293 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Communications Manager SIP NOTIFY denial of service attempt (protocol-voip.rules) * 3:42313 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0322 attack attempt (file-pdf.rules) * 3:42314 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0322 attack attempt (file-pdf.rules) * 3:42399 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0323 attack attempt (file-pdf.rules) * 3:42400 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0323 attack attempt (file-pdf.rules) * 3:42438 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP parsing integer overflow attempt (server-mail.rules) * 3:42489 <-> ENABLED <-> SERVER-OTHER Cisco Aironet Mobility Express PnP agent directory traversal attempt (server-other.rules) * 3:42493 <-> ENABLED <-> SERVER-OTHER Cisco RV Series Routers SSDP uuid stack buffer overflow attempt (server-other.rules) * 3:42923 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration ScriptMgr authentication bypass attempt (server-webapp.rules) * 3:42924 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration potentially unauthorized log file access detected (policy-other.rules) * 3:43000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0342 attack attempt (file-other.rules) * 3:43001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0342 attack attempt (file-other.rules) * 3:43060 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0355 attack attempt (server-other.rules) * 3:43076 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0354 attack attempt (server-other.rules) * 3:43081 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2017-0357 attack attempt (browser-other.rules) * 3:43082 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2017-0360 attack attempt (browser-other.rules) * 3:43120 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0356 attack attempt (file-pdf.rules) * 3:43121 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0356 attack attempt (file-pdf.rules) * 3:43135 <-> ENABLED <-> POLICY-OTHER JBoss Management console access detected (policy-other.rules) * 3:43148 <-> ENABLED <-> PROTOCOL-SCADA Rockwell Automation CIP challenge-response buffer overflow attempt (protocol-scada.rules) * 3:43149 <-> ENABLED <-> PROTOCOL-SCADA Rockwell Automation CIP certificate request unknown certificate detected (protocol-scada.rules) * 3:43150 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0362 attack attempt (server-other.rules) * 3:43167 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0361 attack attempt (file-pdf.rules) * 3:43168 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0361 attack attempt (file-pdf.rules) * 3:43192 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0364 attack attempt (server-other.rules) * 3:43211 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0365 attack attempt (server-other.rules) * 3:43214 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0366 attack attempt (file-image.rules) * 3:43215 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0366 attack attempt (file-image.rules) * 3:43271 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure XML external entity injection attempt (server-webapp.rules) * 3:43449 <-> ENABLED <-> POLICY-OTHER log file access detected (policy-other.rules) * 3:43452 <-> ENABLED <-> POLICY-OTHER Cisco Ultra Services Framework unauthenticated ZAB connect request detected (policy-other.rules) * 3:43456 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt (server-webapp.rules) * 3:43483 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0369 attack attempt (server-other.rules) * 3:43484 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0369 attack attempt (server-other.rules) * 3:43485 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0369 attack attempt (server-other.rules) * 3:43486 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0368 attack attempt (server-other.rules) * 3:43487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0370 attack attempt (server-webapp.rules) * 3:43488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0372 attack attempt (server-webapp.rules) * 3:43489 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0374 attack attempt (server-other.rules) * 3:43518 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0373 attack attempt (server-other.rules) * 3:43555 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0381 attack attempt (policy-other.rules) * 3:43556 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0382 attack attempt (server-other.rules) * 3:43557 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0384 attack attempt (server-other.rules) * 3:43558 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0379 attack attempt (server-other.rules) * 3:43559 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0378 attack attempt (server-other.rules) * 3:43628 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance https_proxy command injection attempt (server-webapp.rules) * 3:43629 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance https_proxy command injection attempt (server-webapp.rules) * 3:43630 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance https_proxy command injection attempt (server-webapp.rules) * 3:43631 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance https_proxy command injection attempt (server-webapp.rules) * 3:43712 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0389 attack attempt (policy-other.rules) * 3:43713 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0385 attack attempt (server-webapp.rules) * 3:43714 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0389 attack attempt (policy-other.rules) * 3:43715 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0390 attack attempt (policy-other.rules) * 3:43716 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0391 attack attempt (policy-other.rules) * 3:43717 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0386 attack attempt (server-other.rules) * 3:43725 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0387 attack attempt (file-image.rules) * 3:43726 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0387 attack attempt (file-image.rules) * 3:43855 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0394 attack attempt (file-image.rules) * 3:43856 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0394 attack attempt (file-image.rules) * 3:43857 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0395 attack attempt (file-image.rules) * 3:43858 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0395 attack attempt (file-image.rules) * 3:43859 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0395 attack attempt (file-image.rules) * 3:43860 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0395 attack attempt (file-image.rules) * 3:43861 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0397 attack attempt (server-webapp.rules) * 3:43862 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0393 attack attempt (file-image.rules) * 3:43863 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0393 attack attempt (file-image.rules) * 3:43864 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0371 attack attempt (policy-other.rules) * 3:44012 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0411 attack attempt (policy-other.rules) * 3:44063 <-> ENABLED <-> SERVER-WEBAPP Cisco Ultra Services Framework AutoVNF directory traversal attempt (server-webapp.rules) * 3:44070 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0418 attack attempt (server-other.rules) * 3:44071 <-> ENABLED <-> SERVER-OTHER Objectivity DB lock server buffer overflow attempt (server-other.rules) * 3:44082 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0420 attack attempt (server-other.rules) * 3:44092 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0404 attack attempt (file-office.rules) * 3:44093 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0404 attack attempt (file-office.rules) * 3:44101 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0403 attack attempt (file-office.rules) * 3:44102 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0403 attack attempt (file-office.rules) * 3:44106 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0417 attack attempt (file-office.rules) * 3:44107 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0417 attack attempt (file-office.rules) * 3:44125 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration logconfigtracer directory traversal attempt (server-webapp.rules) * 3:44126 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration logconfigtracer directory traversal attempt (server-webapp.rules) * 3:44127 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration logconfigtracer directory traversal attempt (server-webapp.rules) * 3:44142 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0424 attack attempt (policy-other.rules) * 3:44162 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0422 attack attempt (policy-other.rules) * 3:44163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0426 attack attempt (file-office.rules) * 3:44164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0426 attack attempt (file-office.rules) * 3:44166 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0428 attack attempt (server-webapp.rules) * 3:44167 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0412 attack attempt (file-image.rules) * 3:44168 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0412 attack attempt (file-image.rules) * 3:44178 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0427 attack attempt (file-image.rules) * 3:44179 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0427 attack attempt (file-image.rules) * 3:44186 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0425 attack attempt (file-other.rules) * 3:44187 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0425 attack attempt (file-other.rules) * 3:44189 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0421 attack attempt (server-other.rules) * 3:44223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44226 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44227 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44228 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44229 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44230 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0406 attack attempt (file-image.rules) * 3:44237 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44238 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44239 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44240 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44241 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44242 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44243 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44244 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0410 attack attempt (file-image.rules) * 3:44245 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0409 attack attempt (file-image.rules) * 3:44246 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0409 attack attempt (file-image.rules) * 3:44247 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0409 attack attempt (file-image.rules) * 3:44248 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0409 attack attempt (file-image.rules) * 3:44249 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0411 attack attempt (file-image.rules) * 3:44250 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0411 attack attempt (file-image.rules) * 3:44251 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0408 attack attempt (file-image.rules) * 3:44252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0408 attack attempt (file-image.rules) * 3:44253 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44254 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44255 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44256 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44257 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44258 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44259 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44260 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0415 attack attempt (file-other.rules) * 3:44261 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0414 attack attempt (file-multimedia.rules) * 3:44262 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0414 attack attempt (file-multimedia.rules) * 3:44263 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0414 attack attempt (file-multimedia.rules) * 3:44264 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0414 attack attempt (file-multimedia.rules) * 3:44265 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0413 attack attempt (file-multimedia.rules) * 3:44266 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2017-0413 attack attempt (file-multimedia.rules) * 3:44267 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0436 attack attempt (policy-other.rules) * 3:44268 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0437 attack attempt (policy-other.rules) * 3:44269 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0434 attack attempt (file-other.rules) * 3:44270 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0434 attack attempt (file-other.rules) * 3:44271 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0430 attack attempt (file-office.rules) * 3:44272 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0430 attack attempt (file-office.rules) * 3:44273 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0431 attack attempt (file-office.rules) * 3:44274 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0431 attack attempt (file-office.rules) * 3:44287 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0433 attack attempt (file-other.rules) * 3:44288 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0433 attack attempt (file-other.rules) * 3:44294 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0432 attack attempt (file-pdf.rules) * 3:44295 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0432 attack attempt (file-pdf.rules) * 3:44297 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0435 attack attempt (server-webapp.rules) * 3:44318 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0438 attack attempt (file-other.rules) * 3:44319 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0438 attack attempt (file-other.rules) * 3:44344 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0439 attack attempt (server-other.rules) * 3:44376 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0452 attack attempt (file-other.rules) * 3:44377 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0452 attack attempt (file-other.rules) * 3:44379 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS ipnat_dns_shift_data integer underflow attempt (protocol-dns.rules) * 3:44380 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0450 attack attempt (server-webapp.rules) * 3:44381 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0449 attack attempt (server-webapp.rules) * 3:44397 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0453 attack attempt (file-other.rules) * 3:44398 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0453 attack attempt (file-other.rules) * 3:44417 <-> ENABLED <-> SERVER-WEBAPP Cisco Customer Voice Portal MyAccountEditAction.do privilege escalation attempt (server-webapp.rules) * 3:44419 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0445 attack attempt (protocol-scada.rules) * 3:44420 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2017-0440 attack attempt (protocol-scada.rules) * 3:44421 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0441 attack attempt (policy-other.rules) * 3:44422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0441 attack attempt (policy-other.rules) * 3:44423 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0444 attack attempt (policy-other.rules) * 3:44424 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44425 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44426 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44427 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44428 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44429 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0443 attack attempt (policy-other.rules) * 3:44444 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0455 attack attempt (file-other.rules) * 3:44445 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0455 attack attempt (file-other.rules) * 3:44446 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0454 attack attempt (file-other.rules) * 3:44447 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0454 attack attempt (file-other.rules) * 3:44448 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0456 attack attempt (file-other.rules) * 3:44449 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0456 attack attempt (file-other.rules) * 3:44451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt (file-image.rules) * 3:44452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0458 attack attempt (file-image.rules) * 3:44457 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE Web UI user administration page access detected (policy-other.rules) * 3:44458 <-> ENABLED <-> PROTOCOL-SCADA Cisco IE2000 CIP get attributes all packet processing memory leak attempt (protocol-scada.rules) * 3:44459 <-> ENABLED <-> PROTOCOL-SCADA Cisco IE2000 CIP forward open packet processing null pointer dereference attempt (protocol-scada.rules) * 3:44460 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI resource path authentication bypass attempt (server-webapp.rules) * 3:44461 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI resource path authentication bypass attempt (server-webapp.rules) * 3:44462 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI rest path authentication bypass attempt (server-webapp.rules) * 3:44463 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI rest path authentication bypass attempt (server-webapp.rules) * 3:44464 <-> ENABLED <-> SERVER-OTHER Cisco IOS IKEv2 session initialization denial of service attempt (server-other.rules) * 3:44498 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44499 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44500 <-> ENABLED <-> SERVER-WEBAPP Cisco License Manager ReportCSV directory traversal attempt (server-webapp.rules) * 3:44503 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance direct authentication denial of service attempt (server-webapp.rules) * 3:44520 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0461 attack attempt (file-office.rules) * 3:44521 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0461 attack attempt (file-office.rules) * 3:44522 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0460 attack attempt (file-office.rules) * 3:44523 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0460 attack attempt (file-office.rules) * 3:44524 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0459 attack attempt (file-image.rules) * 3:44525 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0459 attack attempt (file-image.rules) * 3:44537 <-> ENABLED <-> SERVER-WEBAPP NEC ExpressCluster UploadFile.js arbitrary file upload attempt (server-webapp.rules) * 3:44538 <-> ENABLED <-> SERVER-WEBAPP NEC ExpressCluster LogCollect.js command injection attempt (server-webapp.rules) * 3:44539 <-> ENABLED <-> SERVER-WEBAPP NEC ExpressCluster LogCollect.js command injection attempt (server-webapp.rules) * 3:44540 <-> ENABLED <-> SERVER-OTHER Jiangmin Anti-Virus Network Edition information disclosure attempt (server-other.rules) * 3:44541 <-> ENABLED <-> SERVER-OTHER Jiangmin Anti-Virus Network Edition configuration change attempt (server-other.rules) * 3:44542 <-> ENABLED <-> SERVER-OTHER Jiangmin Anti-Virus Network Edition remote code execution attempt (server-other.rules) * 3:44543 <-> ENABLED <-> SERVER-OTHER Jiangmin Anti-Virus Network Edition information disclosure attempt (server-other.rules) * 3:44544 <-> ENABLED <-> FILE-PDF Nitro Pro PDF document field dereference use after free attempt (file-pdf.rules) * 3:44545 <-> ENABLED <-> FILE-PDF Nitro Pro PDF document field dereference use after free attempt (file-pdf.rules) * 3:44546 <-> ENABLED <-> FILE-PDF Nitro Pro use after free remote code execution attempt (file-pdf.rules) * 3:44547 <-> ENABLED <-> FILE-PDF Nitro Pro use after free remote code execution attempt (file-pdf.rules) * 3:44555 <-> ENABLED <-> SERVER-WEBAPP Cisco FirePower Management Center cross site scripting attempt (server-webapp.rules) * 3:44556 <-> ENABLED <-> SERVER-WEBAPP Cisco Unity Connection edit-nuance.do cross site scripting attempt (server-webapp.rules) * 3:44557 <-> ENABLED <-> SERVER-WEBAPP Cisco Unity Connection nick-name.do cross site scripting attempt (server-webapp.rules) * 3:44558 <-> ENABLED <-> SERVER-WEBAPP Cisco Unity Connection serviceParamEdit.do cross site scripting attempt (server-webapp.rules) * 3:44589 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0463 attack attempt (file-office.rules) * 3:44590 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0463 attack attempt (file-office.rules) * 3:44593 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0462 attack attempt (file-office.rules) * 3:44594 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0462 attack attempt (file-office.rules) * 3:44605 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:44606 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:44614 <-> ENABLED <-> SERVER-WEBAPP D-Link soap.cgi service command injection attempt (server-webapp.rules) * 3:44624 <-> ENABLED <-> SERVER-WEBAPP TP-Link syslog.filter.json command injection attempt (server-webapp.rules) * 3:44625 <-> ENABLED <-> SERVER-WEBAPP TP-Link syslog.filter.json command injection attempt (server-webapp.rules) * 3:44626 <-> ENABLED <-> SERVER-WEBAPP TP-Link syslog.filter.json command injection attempt (server-webapp.rules) * 3:44627 <-> ENABLED <-> SERVER-WEBAPP TP-Link syslog.filter.json command injection attempt (server-webapp.rules) * 3:44707 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44708 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44709 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44710 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44711 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44712 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0471 attack attempt (server-webapp.rules) * 3:44713 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0464 attack attempt (policy-other.rules) * 3:44714 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0464 attack attempt (policy-other.rules) * 3:44722 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning pmclasschooser.xml SQL injection attempt (server-webapp.rules) * 3:44723 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning pmclasschooser.xml SQL injection attempt (server-webapp.rules) * 3:44724 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Smart Licensing command injection attempt (server-webapp.rules) * 3:44725 <-> ENABLED <-> PROTOCOL-SNMP Cisco Wireless LAN Controller clExtApDot11IfTable OID memory leak attempt (protocol-snmp.rules) * 3:44750 <-> ENABLED <-> SERVER-WEBAPP ASUS RP-AC52 login.cgi stack buffer overflow attempt (server-webapp.rules) * 3:44835 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0472 attack attempt (server-webapp.rules) * 3:44836 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0472 attack attempt (server-webapp.rules) * 3:44837 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0472 attack attempt (server-webapp.rules) * 3:44840 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0473 attack attempt (server-webapp.rules) * 3:44841 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0473 attack attempt (server-webapp.rules) * 3:44842 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0473 attack attempt (server-webapp.rules) * 3:44847 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0482 attack attempt (server-webapp.rules) * 3:44848 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0482 attack attempt (server-webapp.rules) * 3:44849 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0482 attack attempt (server-webapp.rules) * 3:44850 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0477 attack attempt (server-webapp.rules) * 3:44851 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0477 attack attempt (server-webapp.rules) * 3:44852 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0477 attack attempt (server-webapp.rules) * 3:44855 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2017-0480 attack attempt (policy-other.rules) * 3:44858 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0474 attack attempt (server-webapp.rules) * 3:44863 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0483 attack attempt (server-webapp.rules) * 3:44908 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44909 <-> ENABLED <-> FILE-OTHER KeyView SDK WordPerfect parsing stack buffer overflow attempt (file-other.rules) * 3:44910 <-> ENABLED <-> SERVER-OTHER Altiris Express Server Engine stack buffer overflow attempt (server-other.rules) * 3:44986 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0486 attack attempt (server-other.rules) * 3:45017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules) * 3:45018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules) * 3:45019 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules) * 3:45020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules) * 3:45021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules) * 3:45022 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules) * 3:45025 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules) * 3:45026 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules) * 3:45033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules) * 3:45034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules) * 3:45047 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules) * 3:45048 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules) * 3:45049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0493 attack attempt (server-webapp.rules) * 3:45086 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0494 attack attempt (server-webapp.rules) * 3:45087 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0495 attack attempt (server-webapp.rules) * 3:45088 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0502 attack attempt (server-webapp.rules) * 3:45089 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0501 attack attempt (server-other.rules) * 3:45102 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0505 attack attempt (file-pdf.rules) * 3:45103 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0505 attack attempt (file-pdf.rules) * 3:45105 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0504 attack attempt (file-pdf.rules) * 3:45106 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0504 attack attempt (file-pdf.rules) * 3:45120 <-> ENABLED <-> SERVER-OTHER Cisco Application Control Engine padding oracle attack attempt (server-other.rules) * 3:45158 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0506 attack attempt (file-pdf.rules) * 3:45159 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2017-0506 attack attempt (file-pdf.rules) * 3:45216 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2017-0509 attack attempt (file-executable.rules) * 3:45217 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2017-0509 attack attempt (file-executable.rules) * 3:45220 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0507 attack attempt (server-other.rules) * 3:45222 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:45223 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0508 attack attempt (server-webapp.rules) * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules) * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules) * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules) * 3:45464 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Customer Voice Portal denial of service attempt (protocol-voip.rules) * 3:45465 <-> ENABLED <-> SERVER-WEBAPP Splunk daemon default admin credentials login attempt (server-webapp.rules) * 3:45502 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0515 attack attempt (file-other.rules) * 3:45503 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0515 attack attempt (file-other.rules) * 3:45504 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0514 attack attempt (file-other.rules) * 3:45505 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0514 attack attempt (file-other.rules) * 3:45506 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0517 attack attempt (file-pdf.rules) * 3:45507 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0517 attack attempt (file-pdf.rules) * 3:45521 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0518 attack attempt (file-pdf.rules) * 3:45522 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0518 attack attempt (file-pdf.rules) * 3:45524 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player for ARF files dll-load exploit attempt (file-other.rules) * 3:45525 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player for ARF files dll-load exploit attempt (file-other.rules) * 3:45575 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules) * 3:45596 <-> ENABLED <-> SERVER-OTHER Cisco ASA VPN aggregateAuthDataHandler double free attempt (server-other.rules) * 3:45597 <-> ENABLED <-> INDICATOR-SHELLCODE Cisco ASA alloc_ch connection string (indicator-shellcode.rules) * 3:45599 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0520 attack attempt (file-image.rules) * 3:45600 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0520 attack attempt (file-image.rules) * 3:45602 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0522 attack attempt (file-other.rules) * 3:45603 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0522 attack attempt (file-other.rules) * 3:45604 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0524 attack attempt (server-other.rules) * 3:45605 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0519 attack attempt (file-other.rules) * 3:45606 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0519 attack attempt (file-other.rules) * 3:45608 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0525 attack attempt (file-pdf.rules) * 3:45609 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0525 attack attempt (file-pdf.rules) * 3:45610 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0523 attack attempt (server-other.rules) * 3:45621 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central recvbackup.cgi command injection attempt (server-webapp.rules) * 3:45622 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central recvbackup.cgi command injection attempt (server-webapp.rules) * 3:45623 <-> ENABLED <-> SERVER-WEBAPP Cisco RV132W and RV134W routers command injection attempt (server-webapp.rules) * 3:45652 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0526 attack attempt (file-pdf.rules) * 3:45653 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0526 attack attempt (file-pdf.rules) * 3:45689 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0527 attack attempt (file-office.rules) * 3:45690 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0527 attack attempt (file-office.rules) * 3:45697 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45698 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45699 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45700 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0530 attack attempt (file-other.rules) * 3:45701 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45702 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45703 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45704 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45705 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45706 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45707 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45708 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45709 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45710 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45711 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45712 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45713 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45714 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0529 attack attempt (file-other.rules) * 3:45715 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45716 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0532 attack attempt (file-pdf.rules) * 3:45717 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45718 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0528 attack attempt (file-office.rules) * 3:45729 <-> ENABLED <-> POLICY-OTHER Cisco Unified Communications Manager appuserFindList.do access detected (policy-other.rules) * 3:45730 <-> ENABLED <-> SERVER-OTHER Cisco TelePresence TC and TE software authentication bypass attempt (server-other.rules) * 3:45731 <-> ENABLED <-> SERVER-WEBAPP Cisco Elastic Services Controller authentication bypass attempt (server-webapp.rules) * 3:45750 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0534 attack attempt (file-office.rules) * 3:45751 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0534 attack attempt (file-office.rules) * 3:45752 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0533 attack attempt (file-other.rules) * 3:45753 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0533 attack attempt (file-other.rules) * 3:45813 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager information disclosure attempt (server-webapp.rules) * 3:45823 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0536 attack attempt (file-pdf.rules) * 3:45824 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0536 attack attempt (file-pdf.rules) * 3:45829 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0535 attack attempt (server-other.rules) * 3:45832 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager appuserFindList.do SQL injection attempt (server-webapp.rules) * 3:45833 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager appuserFindList.do SQL injection attempt (server-webapp.rules) * 3:45870 <-> ENABLED <-> SERVER-WEBAPP Cisco ACS unsafe Java object deserialization attempt (server-webapp.rules) * 3:45891 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0539 attack attempt (server-webapp.rules) * 3:45896 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0538 attack attempt (file-office.rules) * 3:45897 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0538 attack attempt (file-office.rules) * 3:45981 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0540 attack attempt (file-other.rules) * 3:45982 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0540 attack attempt (file-other.rules) * 3:45985 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0544 attack attempt (file-image.rules) * 3:45986 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0544 attack attempt (file-image.rules) * 3:45987 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0544 attack attempt (file-image.rules) * 3:45988 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0544 attack attempt (file-image.rules) * 3:45991 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0543 attack attempt (file-image.rules) * 3:45992 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0543 attack attempt (file-image.rules) * 3:45993 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0543 attack attempt (file-image.rules) * 3:45994 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0543 attack attempt (file-image.rules) * 3:45997 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0542 attack attempt (file-image.rules) * 3:45998 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0542 attack attempt (file-image.rules) * 3:45999 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0542 attack attempt (file-image.rules) * 3:46000 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0542 attack attempt (file-image.rules) * 3:46001 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0541 attack attempt (file-image.rules) * 3:46002 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0541 attack attempt (file-image.rules) * 3:46079 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0548 attack attempt (server-webapp.rules) * 3:46090 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0549 attack attempt (server-webapp.rules) * 3:46093 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0550 attack attempt (file-image.rules) * 3:46094 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0550 attack attempt (file-image.rules) * 3:46095 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE default one-time password login detected (policy-other.rules) * 3:46101 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP ciscoFlashFileEntry OID denial of service attempt (protocol-snmp.rules) * 3:46102 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46103 <-> ENABLED <-> POLICY-OTHER Flash file external url request attempt (policy-other.rules) * 3:46104 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay agent information memory corruption attempt (server-other.rules) * 3:46105 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS SNMP natPoolRange OID denial of service attempt (protocol-snmp.rules) * 3:46108 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46109 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning writable file privilege escalation attempt (server-webapp.rules) * 3:46110 <-> ENABLED <-> SERVER-OTHER Cisco ASR1001 IKEv2 memory leak attempt (server-other.rules) * 3:46111 <-> ENABLED <-> SERVER-OTHER Cisco IOS Adaptive QoS message parsing stack buffer overflow attempt (server-other.rules) * 3:46119 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay reply integer underflow attempt (server-other.rules) * 3:46120 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP relay integer underflow attempt (server-other.rules) * 3:46125 <-> ENABLED <-> SERVER-OTHER Cisco IOS invalid IKEv1 payload denial of service attempt (server-other.rules) * 3:46126 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46127 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46128 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE IGMP denial of service attempt (server-other.rules) * 3:46142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0551 attack attempt (server-webapp.rules) * 3:46143 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0553 attack attempt (file-image.rules) * 3:46144 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0553 attack attempt (file-image.rules) * 3:46145 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0553 attack attempt (file-image.rules) * 3:46146 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0553 attack attempt (file-image.rules) * 3:46147 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0552 attack attempt (file-image.rules) * 3:46148 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0552 attack attempt (file-image.rules) * 3:46149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0554 attack attempt (server-webapp.rules) * 3:46150 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46151 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46154 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46155 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0555 attack attempt (server-webapp.rules) * 3:46165 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46166 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46167 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46168 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46169 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46170 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46171 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46172 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0560 attack attempt (server-webapp.rules) * 3:46173 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0568 attack attempt (file-other.rules) * 3:46174 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0568 attack attempt (file-other.rules) * 3:46175 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0559 attack attempt (server-webapp.rules) * 3:46190 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0567 attack attempt (server-webapp.rules) * 3:46191 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0567 attack attempt (server-webapp.rules) * 3:46211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0556 attack attempt (server-webapp.rules) * 3:46217 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0557 attack attempt (policy-other.rules) * 3:46222 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0561 attack attempt (file-image.rules) * 3:46223 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0561 attack attempt (file-image.rules) * 3:46224 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0562 attack attempt (file-image.rules) * 3:46225 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0562 attack attempt (file-image.rules) * 3:46241 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0564 attack attempt (file-image.rules) * 3:46242 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0564 attack attempt (file-image.rules) * 3:46292 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules) * 3:46293 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules) * 3:46294 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules) * 3:46295 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules) * 3:46296 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0570 attack attempt (server-webapp.rules) * 3:46319 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0573 attack attempt (server-webapp.rules) * 3:46320 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0576 attack attempt (policy-other.rules) * 3:46321 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0574 attack attempt (server-webapp.rules) * 3:46343 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Analysis graph.php directory traversal attempt (server-webapp.rules) * 3:46386 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI arbitrary file write attempt (server-webapp.rules) * 3:46388 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0579 attack attempt (file-other.rules) * 3:46389 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0579 attack attempt (file-other.rules) * 3:46390 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0577 attack attempt (server-webapp.rules) * 3:46391 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0577 attack attempt (server-webapp.rules) * 3:46392 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0577 attack attempt (server-webapp.rules) * 3:46395 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0578 attack attempt (server-webapp.rules) * 3:46452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0586 attack attempt (file-image.rules) * 3:46453 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0586 attack attempt (file-image.rules) * 3:46455 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0587 attack attempt (file-image.rules) * 3:46456 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0587 attack attempt (file-image.rules) * 3:46457 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0588 attack attempt (file-pdf.rules) * 3:46458 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0588 attack attempt (file-pdf.rules) * 3:46459 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0585 attack attempt (file-image.rules) * 3:46460 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0585 attack attempt (file-image.rules) * 3:46492 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure directory traversal attempt (server-webapp.rules) * 3:46493 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure directory traversal attempt (server-webapp.rules) * 3:46494 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure directory traversal attempt (server-webapp.rules) * 3:46496 <-> ENABLED <-> FILE-OTHER Cisco WebEx Recording Player memory corruption attempt (file-other.rules) * 3:46497 <-> ENABLED <-> FILE-OTHER Cisco WebEx Recording Player memory corruption attempt (file-other.rules) * 3:46498 <-> ENABLED <-> FILE-OTHER Cisco WebEx Recording Player memory corruption attempt (file-other.rules) * 3:46499 <-> ENABLED <-> FILE-OTHER Cisco WebEx Recording Player memory corruption attempt (file-other.rules) * 3:46500 <-> ENABLED <-> POLICY-OTHER Docker API ContainerCreate request detected (policy-other.rules) * 3:46523 <-> ENABLED <-> SERVER-OTHER malicious HTML file transfer attempt (server-other.rules) * 3:46541 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0589 attack attempt (file-other.rules) * 3:46542 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0589 attack attempt (file-other.rules) * 3:46543 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0591 attack attempt (server-webapp.rules) * 3:46550 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0590 attack attempt (file-pdf.rules) * 3:46551 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0590 attack attempt (file-pdf.rules) * 3:46634 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0592 attack attempt (file-pdf.rules) * 3:46635 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0592 attack attempt (file-pdf.rules) * 3:46661 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0594 attack attempt (policy-other.rules) * 3:46738 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center API directory traversal attempt (server-webapp.rules) * 3:46739 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center API default login attempt (server-webapp.rules) * 3:46740 <-> ENABLED <-> SERVER-WEBAPP Kubernetes Kubelet arbitrary command execution attempt (server-webapp.rules) * 3:46741 <-> ENABLED <-> SERVER-WEBAPP Kubernetes Kubelet arbitrary command execution attempt (server-webapp.rules) * 3:46749 <-> ENABLED <-> SERVER-OTHER Cisco Meeting Server configuration download attempt (server-other.rules) * 3:46750 <-> ENABLED <-> SERVER-OTHER Cisco Meeting Server user configuration download attempt (server-other.rules) * 3:46756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0596 attack attempt (file-office.rules) * 3:46761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0597 attack attempt (file-office.rules) * 3:46768 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46769 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0598 attack attempt (file-office.rules) * 3:46780 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0595 attack attempt (server-other.rules) * 3:46843 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:46844 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0599 attack attempt (file-office.rules) * 3:46845 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0600 attack attempt (file-office.rules) * 3:46846 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0600 attack attempt (file-office.rules) * 3:46858 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2018-0614 attack attempt (os-other.rules) * 3:46859 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2018-0614 attack attempt (os-other.rules) * 3:46864 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules) * 3:46865 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0606 attack attempt (file-pdf.rules) * 3:46867 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0604 attack attempt (server-webapp.rules) * 3:46868 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0604 attack attempt (server-webapp.rules) * 3:46869 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0604 attack attempt (server-webapp.rules) * 3:46870 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0602 attack attempt (server-other.rules) * 3:46877 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0605 attack attempt (server-webapp.rules) * 3:46882 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0603 attack attempt (file-office.rules) * 3:46883 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0603 attack attempt (file-office.rules) * 3:46887 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46888 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46889 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46890 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46891 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46892 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46893 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning Java remote method invocation attempt (server-other.rules) * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules) * 3:46899 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration Provisioning access control group modification request detected (policy-other.rules) * 3:46900 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46901 <-> ENABLED <-> BROWSER-OTHER http chunked transfer encoding flowbit attempt (browser-other.rules) * 3:46902 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46911 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning potentially unauthenticated administrator password change attempt (server-webapp.rules) * 3:46914 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning password recovery field reuse attempt (server-webapp.rules) * 3:46992 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS NX-API privilege escalation attempt (server-webapp.rules) * 3:46993 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol denial of service attempt (server-other.rules) * 3:46994 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol denial of service attempt (server-other.rules) * 3:46995 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol heap buffer overflow attempt (server-other.rules) * 3:46996 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol heap buffer overflow attempt (server-other.rules) * 3:47003 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt (server-other.rules) * 3:47004 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt (server-other.rules) * 3:47008 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS NX-API ins_api command injection attempt (server-webapp.rules) * 3:47009 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS NX-API cli_ascii command injection attempt (server-webapp.rules) * 3:47010 <-> ENABLED <-> SERVER-WEBAPP Cisco FX-OS mod_nuova stack buffer overflow attempt (server-webapp.rules) * 3:47011 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol TLV out of bounds read attempt (server-other.rules) * 3:47012 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol TLV out of bounds read attempt (server-other.rules) * 3:47013 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol TLV integer overflow attempt (server-other.rules) * 3:47014 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol TLV integer overflow attempt (server-other.rules) * 3:47028 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0621 attack attempt (browser-other.rules) * 3:47029 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0621 attack attempt (browser-other.rules) * 3:47035 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0622 attack attempt (policy-other.rules) * 3:47036 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0622 attack attempt (policy-other.rules) * 3:47037 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0619 attack attempt (server-webapp.rules) * 3:47039 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0618 attack attempt (server-webapp.rules) * 3:47040 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0618 attack attempt (server-webapp.rules) * 3:47062 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0620 attack attempt (server-webapp.rules) * 3:47074 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0623 attack attempt (file-pdf.rules) * 3:47075 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0623 attack attempt (file-pdf.rules) * 3:47133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0625 attack attempt (server-webapp.rules) * 3:47134 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Series Routers ozkerz command injection attempt (server-webapp.rules) * 3:47135 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Series Routers ozkerz command injection attempt (server-webapp.rules) * 3:47166 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director launcher.jsp cross site scripting attempt (server-webapp.rules) * 3:47234 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0627 attack attempt (server-other.rules) * 3:47272 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47273 <-> ENABLED <-> OS-OTHER DHCPv6 flood denial of service attempt (os-other.rules) * 3:47281 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47282 <-> ENABLED <-> SERVER-OTHER Cisco SD-WAN Solution default login attempt (server-other.rules) * 3:47285 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47286 <-> ENABLED <-> SERVER-OTHER Cisco Policy Suite interface unauthenticated access attempt (server-other.rules) * 3:47295 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0635 attack attempt (file-executable.rules) * 3:47296 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0635 attack attempt (file-executable.rules) * 3:47336 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0638 attack attempt (file-image.rules) * 3:47337 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0638 attack attempt (file-image.rules) * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules) * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47394 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47395 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47403 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47404 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47405 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47406 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47407 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47408 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47409 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47410 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47411 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47412 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0641 attack attempt (file-office.rules) * 3:47426 <-> ENABLED <-> PROTOCOL-VOIP Cisco SPA514G SDP field processing denial of service attempt (protocol-voip.rules) * 3:47428 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules) * 3:47429 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules) * 3:47430 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules) * 3:47431 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules) * 3:47432 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules) * 3:47433 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules) * 3:47442 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules) * 3:47443 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules) * 3:47456 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules) * 3:47457 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules) * 3:47521 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0652 attack attempt (file-office.rules) * 3:47522 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0652 attack attempt (file-office.rules) * 3:47523 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0651 attack attempt (file-office.rules) * 3:47524 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0651 attack attempt (file-office.rules) * 3:47527 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0650 attack attempt (file-office.rules) * 3:47528 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0650 attack attempt (file-office.rules) * 3:47571 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance proxy denial of service attempt (server-webapp.rules) * 3:47572 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance proxy denial of service attempt (server-webapp.rules) * 3:47573 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance proxy denial of service attempt (server-webapp.rules) * 3:47595 <-> ENABLED <-> OS-OTHER Intel x86 L1 data cache side-channel analysis information leak attempt (os-other.rules) * 3:47596 <-> ENABLED <-> OS-OTHER Intel x86 L1 data cache side-channel analysis information leak attempt (os-other.rules) * 3:47597 <-> ENABLED <-> OS-OTHER Intel x86 L1 data cache side-channel analysis information leak attempt (os-other.rules) * 3:47598 <-> ENABLED <-> OS-OTHER Intel x86 L1 data cache side-channel analysis information leak attempt (os-other.rules) * 3:47632 <-> ENABLED <-> SERVER-WEBAPP Cogent DataHub arbitrary command execution attempt (server-webapp.rules) * 3:47633 <-> ENABLED <-> POLICY-OTHER Accelerite Endpoint Management default credentials login attempt (policy-other.rules) * 3:47663 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0653 attack attempt (server-other.rules) * 3:47665 <-> ENABLED <-> SERVER-WEBAPP ASUS RP-AC52 SetAVTransportURI SOAP action command injection attempt (server-webapp.rules) * 3:47677 <-> ENABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer hidden webmin credentials login attempt (server-webapp.rules) * 3:47679 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence command injection attempt (server-webapp.rules) * 3:47680 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence command injection attempt (server-webapp.rules) * 3:47681 <-> ENABLED <-> SERVER-WEBAPP Cisco TelePresence command injection attempt (server-webapp.rules) * 3:47684 <-> ENABLED <-> SERVER-OTHER Mikrotik RouterOS directory traversal attempt (server-other.rules) * 3:47698 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller command injection attempt (server-webapp.rules) * 3:47704 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:47705 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:47706 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:47707 <-> ENABLED <-> SERVER-OTHER Cisco RV Series Router information disclosure attempt (server-other.rules) * 3:47709 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers arbitrary file read attempt (server-webapp.rules) * 3:47710 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Router buffer overflow attempt (server-webapp.rules) * 3:47711 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Router buffer overflow attempt (server-webapp.rules) * 3:47713 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager command injection attempt (server-webapp.rules) * 3:47714 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager command injection attempt (server-webapp.rules) * 3:47715 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager command injection attempt (server-webapp.rules) * 3:47716 <-> ENABLED <-> SERVER-WEBAPP HP Client Automation Server directory traversal attempt (server-webapp.rules) * 3:47721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0670 attack attempt (file-other.rules) * 3:47727 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0662 attack attempt (file-pdf.rules) * 3:47728 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0662 attack attempt (file-pdf.rules) * 3:47729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0659 attack attempt (server-other.rules) * 3:47750 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0657 attack attempt (file-other.rules) * 3:47751 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0657 attack attempt (file-other.rules) * 3:47753 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0669 attack attempt (file-office.rules) * 3:47754 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0669 attack attempt (file-office.rules) * 3:47755 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0667 attack attempt (file-office.rules) * 3:47756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0667 attack attempt (file-office.rules) * 3:47757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0666 attack attempt (file-office.rules) * 3:47758 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0666 attack attempt (file-office.rules) * 3:47759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0666 attack attempt (file-office.rules) * 3:47760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0666 attack attempt (file-office.rules) * 3:47762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0668 attack attempt (file-office.rules) * 3:47763 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0668 attack attempt (file-office.rules) * 3:47801 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0673 attack attempt (file-other.rules) * 3:47802 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0673 attack attempt (file-other.rules) * 3:47803 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0675 attack attempt (file-other.rules) * 3:47804 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0675 attack attempt (file-other.rules) * 3:47809 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0672 attack attempt (protocol-dns.rules) * 3:47811 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0671 attack attempt (protocol-dns.rules) * 3:47840 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules) * 3:47841 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules) * 3:47842 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0681 attack attempt (protocol-dns.rules) * 3:47878 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player stack buffer overflow attempt (file-other.rules) * 3:47879 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player stack buffer overflow attempt (file-other.rules) * 3:47880 <-> ENABLED <-> POLICY-OTHER Cisco Video Surveillance Operations Manager default password use attempt (policy-other.rules) * 3:47893 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI denial of service attempt (server-webapp.rules) * 3:47894 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI denial of service attempt (server-webapp.rules) * 3:47916 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE denial of service attempt (server-webapp.rules) * 3:47917 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0682 attack attempt (file-other.rules) * 3:47918 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0682 attack attempt (file-other.rules) * 3:47919 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS XE NAT SIP application layer gateway denial of service attempt (protocol-voip.rules) * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules) * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules) * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules) * 3:48066 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0685 attack attempt (server-webapp.rules) * 3:48067 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0684 attack attempt (server-webapp.rules) * 3:48068 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0684 attack attempt (server-webapp.rules) * 3:48069 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0689 attack attempt (server-webapp.rules) * 3:48178 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0690 attack attempt (server-webapp.rules) * 3:48201 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:48204 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP information disclosure attempt (server-other.rules) * 3:48209 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0693 attack attempt (file-other.rules) * 3:48210 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0693 attack attempt (file-other.rules) * 3:48213 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2018-0694 attack attempt (file-multimedia.rules) * 3:48214 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2018-0694 attack attempt (file-multimedia.rules) * 3:48239 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS precision time protocol denial of service attempt (server-other.rules) * 3:48240 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS precision time protocol denial of service attempt (server-other.rules) * 3:48250 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0697 attack attempt (server-webapp.rules) * 3:48251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0699 attack attempt (server-webapp.rules) * 3:48253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0698 attack attempt (server-webapp.rules) * 3:48254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0696 attack attempt (server-webapp.rules) * 3:48255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0695 attack attempt (server-webapp.rules) * 3:48261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0703 attack attempt (server-webapp.rules) * 3:48262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0703 attack attempt (server-webapp.rules) * 3:48297 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48298 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0705 attack attempt (file-other.rules) * 3:48357 <-> ENABLED <-> SERVER-WEBAPP Cisco Energy Management Suite external executeScript attempt (server-webapp.rules) * 3:48358 <-> ENABLED <-> SERVER-WEBAPP Cisco Stealthwatch Management Console authentication bypass attempt (server-webapp.rules) * 3:48385 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0713 attack attempt (file-office.rules) * 3:48386 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0713 attack attempt (file-office.rules) * 3:48389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0711 attack attempt (file-office.rules) * 3:48390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0711 attack attempt (file-office.rules) * 3:48391 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0712 attack attempt (file-office.rules) * 3:48392 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0712 attack attempt (file-office.rules) * 3:48418 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48419 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0714 attack attempt (file-pdf.rules) * 3:48433 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0724 attack attempt (file-other.rules) * 3:48434 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0724 attack attempt (file-other.rules) * 3:48450 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0729 attack attempt (file-executable.rules) * 3:48451 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0729 attack attempt (file-executable.rules) * 3:48452 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0728 attack attempt (file-executable.rules) * 3:48453 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2018-0728 attack attempt (file-executable.rules) * 3:48454 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime License Manager SQL injection attempt (server-webapp.rules) * 3:48455 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime License Manager SQL injection attempt (server-webapp.rules) * 3:48456 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0730 attack attempt (server-webapp.rules) * 3:48457 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0730 attack attempt (server-webapp.rules) * 3:48458 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0733 attack attempt (server-other.rules) * 3:48459 <-> ENABLED <-> BROWSER-IE TRUFFLEHUNTER TALOS-2018-0734 attack attempt (browser-ie.rules) * 3:48460 <-> ENABLED <-> BROWSER-IE TRUFFLEHUNTER TALOS-2018-0734 attack attempt (browser-ie.rules) * 3:48521 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0739 attack attempt (protocol-scada.rules) * 3:48522 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0738 attack attempt (protocol-scada.rules) * 3:48523 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0738 attack attempt (protocol-scada.rules) * 3:48524 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0735 attack attempt (protocol-scada.rules) * 3:48525 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0741 attack attempt (protocol-scada.rules) * 3:48526 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0740 attack attempt (protocol-scada.rules) * 3:48527 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0737 attack attempt (protocol-scada.rules) * 3:48528 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2018-0736 attack attempt (protocol-scada.rules) * 3:48529 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0744 attack attempt (browser-other.rules) * 3:48530 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0744 attack attempt (browser-other.rules) * 3:48600 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0755 attack attempt (server-webapp.rules) * 3:48603 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0756 attack attempt (server-webapp.rules) * 3:48614 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0752 attack attempt (server-webapp.rules) * 3:48615 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48616 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0748 attack attempt (server-webapp.rules) * 3:48617 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0746 attack attempt (server-webapp.rules) * 3:48618 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0747 attack attempt (policy-other.rules) * 3:48619 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0750 attack attempt (server-webapp.rules) * 3:48620 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0754 attack attempt (policy-other.rules) * 3:48621 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0749 attack attempt (server-webapp.rules) * 3:48635 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0753 attack attempt (server-webapp.rules) * 3:48638 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Series Routers photobak command injection attempt (server-webapp.rules) * 3:48639 <-> ENABLED <-> SERVER-WEBAPP ZyXEL Armor Series Routers photobak command injection attempt (server-webapp.rules) * 3:48644 <-> ENABLED <-> POLICY-OTHER Cisco Adaptive Security Appliance admin REST API access attempt (policy-other.rules) * 3:48747 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0751 attack attempt (server-webapp.rules) * 3:48850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0760 attack attempt (file-other.rules) * 3:48852 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48853 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0757 attack attempt (file-other.rules) * 3:48854 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48855 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0758 attack attempt (protocol-other.rules) * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:48950 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48951 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48952 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48953 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48954 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48955 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48956 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48957 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48958 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48959 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player memory corruption attempt (file-other.rules) * 3:48960 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48961 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Teams command line injection attempt (browser-other.rules) * 3:48962 <-> ENABLED <-> SERVER-OTHER Cisco IoT Field Network Director UDP flood attempt (server-other.rules) * 3:48975 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0767 attack attempt (protocol-scada.rules) * 3:48976 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0769 attack attempt (protocol-scada.rules) * 3:48977 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0770 attack attempt (protocol-scada.rules) * 3:48978 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0768 attack attempt (protocol-scada.rules) * 3:48979 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0764 attack attempt (protocol-scada.rules) * 3:48980 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0766 attack attempt (protocol-scada.rules) * 3:48981 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0765 attack attempt (protocol-scada.rules) * 3:49045 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0762 attack attempt (file-other.rules) * 3:49046 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0762 attack attempt (file-other.rules) * 3:49047 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0763 attack attempt (protocol-scada.rules) * 3:49087 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0775 attack attempt (policy-other.rules) * 3:49088 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0773 attack attempt (file-other.rules) * 3:49089 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0773 attack attempt (file-other.rules) * 3:49189 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0778 attack attempt (file-pdf.rules) * 3:49190 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0778 attack attempt (file-pdf.rules) * 3:49198 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0783 attack attempt (server-webapp.rules) * 3:49205 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0779 attack attempt (file-other.rules) * 3:49206 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0779 attack attempt (file-other.rules) * 3:49209 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0780 attack attempt (file-office.rules) * 3:49210 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0780 attack attempt (file-office.rules) * 3:49237 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0781 attack attempt (file-other.rules) * 3:49238 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0781 attack attempt (file-other.rules) * 3:49239 <-> ENABLED <-> SERVER-WEBAPP Exhibitor for ZooKeeper javaEnvironment command injection attempt (server-webapp.rules) * 3:49240 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Assurance unauthorized access attempt (server-webapp.rules) * 3:49241 <-> ENABLED <-> PROTOCOL-TFTP Read Request directory traversal attempt (protocol-tftp.rules) * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules) * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:49334 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt (server-other.rules) * 3:49335 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt (server-other.rules) * 3:49336 <-> ENABLED <-> SERVER-OTHER Cisco FXOS and NX-OS LDAP denial of service attempt (server-other.rules) * 3:49339 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49340 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49341 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49342 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49343 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49344 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49345 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49346 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49347 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49348 <-> ENABLED <-> SERVER-WEBAPP Cisco Identity Services Engine cross site scripting attempt (server-webapp.rules) * 3:49349 <-> ENABLED <-> SERVER-WEBAPP Cisco WebEx Meeting Server cross site scripting attempt (server-webapp.rules) * 3:49350 <-> ENABLED <-> SERVER-WEBAPP Cisco NX-OS System Software NX-API command injection attempt (server-webapp.rules) * 3:49362 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0787 attack attempt (server-webapp.rules) * 3:49363 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0786 attack attempt (server-webapp.rules) * 3:49370 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0788 attack attempt (policy-other.rules) * 3:49373 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0789 attack attempt (policy-other.rules) * 3:49442 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2019-0791 attack attempt (browser-chrome.rules) * 3:49443 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2019-0791 attack attempt (browser-chrome.rules) * 3:49509 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface authorization bypass attempt (server-webapp.rules) * 3:49510 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface directory traversal attempt (server-webapp.rules) * 3:49511 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone web interface stack buffer overflow attempt (server-webapp.rules) * 3:49588 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui debugBundle command injection attempt (server-webapp.rules) * 3:49589 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui debugBundle command injection attempt (server-webapp.rules) * 3:49590 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui debugBundle command injection attempt (server-webapp.rules) * 3:49591 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui directory traversal attempt (server-webapp.rules) * 3:49606 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP calling display name denial of service attempt (protocol-voip.rules) * 3:49607 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS SIP calling display name denial of service attempt (protocol-voip.rules) * 3:49608 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui execPython access attempt (server-webapp.rules) * 3:49609 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui cdp resource command injection attempt (server-webapp.rules) * 3:49610 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui dhcp resource command injection attempt (server-webapp.rules) * 3:49611 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui information disclosure attempt (server-webapp.rules) * 3:49612 <-> ENABLED <-> POLICY-OTHER Cisco Virtual Switching System standby interested message detected (policy-other.rules) * 3:49613 <-> ENABLED <-> POLICY-OTHER Cisco Virtual Switching System master request message detected (policy-other.rules) * 3:49614 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui rathrottler command injection attempt (server-webapp.rules) * 3:49615 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui rathrottler command injection attempt (server-webapp.rules) * 3:49616 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE webui rathrottler command injection attempt (server-webapp.rules) * 3:49619 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:49648 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules) * 3:49649 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules) * 3:49684 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0796 attack attempt (file-pdf.rules) * 3:49685 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0796 attack attempt (file-pdf.rules) * 3:49756 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0794 attack attempt (file-office.rules) * 3:49757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0794 attack attempt (file-office.rules) * 3:49760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0795 attack attempt (file-office.rules) * 3:49761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0795 attack attempt (file-office.rules) * 3:49780 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0806 attack attempt (protocol-scada.rules) * 3:49787 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2019-0807 attack attempt (protocol-scada.rules) * 3:49797 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0798 attack attempt (protocol-other.rules) * 3:49798 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0798 attack attempt (protocol-other.rules) * 3:49801 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49802 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0800 attack attempt (protocol-other.rules) * 3:49803 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49804 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0799 attack attempt (protocol-other.rules) * 3:49813 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49814 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49815 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49816 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0802 attack attempt (file-other.rules) * 3:49843 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49844 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0797 attack attempt (protocol-other.rules) * 3:49850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0804 attack attempt (file-other.rules) * 3:49852 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0805 attack attempt (file-office.rules) * 3:49853 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0805 attack attempt (file-office.rules) * 3:49854 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0803 attack attempt (protocol-other.rules) * 3:49855 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0803 attack attempt (protocol-other.rules) * 3:49856 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0801 attack attempt (file-other.rules) * 3:49857 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0801 attack attempt (file-other.rules) * 3:49858 <-> ENABLED <-> PROTOCOL-VOIP Cisco VCS exponential XML entity expansion attack attempt (protocol-voip.rules) * 3:49859 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller cross site request forgery attempt (server-webapp.rules) * 3:49866 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules) * 3:49867 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules) * 3:49879 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller IAPP message denial of service attempt (server-other.rules) * 3:49894 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0812 attack attempt (file-other.rules) * 3:49895 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0812 attack attempt (file-other.rules) * 3:49896 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0813 attack attempt (file-other.rules) * 3:49897 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0813 attack attempt (file-other.rules) * 3:49906 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules) * 3:49907 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0814 attack attempt (file-pdf.rules) * 3:49908 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules) * 3:49909 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0815 attack attempt (file-pdf.rules) * 3:49910 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules) * 3:49911 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0816 attack attempt (file-pdf.rules) * 3:49912 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2019-0811 attack attempt (protocol-other.rules) * 3:49939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed RecolorInfoAtom out of bounds read attempt (file-office.rules) * 3:49948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0817 attack attempt (file-pdf.rules) * 3:49949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0817 attack attempt (file-pdf.rules) * 3:49978 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0818 attack attempt (file-other.rules) * 3:49979 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0818 attack attempt (file-other.rules) * 3:49982 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0822 attack attempt (policy-other.rules) * 3:49983 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0827 attack attempt (policy-other.rules) * 3:49984 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 3:49985 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 3:49986 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules) * 3:49987 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary file upload to tftpRoot attempt (server-webapp.rules) * 3:49990 <-> ENABLED <-> PROTOCOL-VOIP Cisco IP Phone malformed SIP presence information data denial of service attempt (protocol-voip.rules) * 3:49992 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules) * 3:49993 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules) * 3:49994 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules) * 3:49995 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance command injection attempt (server-webapp.rules) * 3:49996 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA secure desktop login denial of service attempt (server-webapp.rules) * 3:49997 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers session hijack attempt (server-webapp.rules) * 3:49998 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance admin command interface access attempt (server-webapp.rules) * 3:49999 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance admin command interface access attempt (server-webapp.rules) * 3:50006 <-> ENABLED <-> SERVER-WEBAPP Cisco Web Security Appliance proxy service buffer overflow attempt (server-webapp.rules) * 3:50007 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN expired session page direct access denial of service attempt (server-webapp.rules) * 3:50035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0821 attack attempt (file-image.rules) * 3:50036 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0821 attack attempt (file-image.rules) * 3:52097 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52098 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0947 attack attempt (file-pdf.rules) * 3:52102 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52103 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52104 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52105 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52106 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52107 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52108 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52109 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52110 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52111 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:52119 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:52120 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:52121 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:52122 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:52126 <-> ENABLED <-> SERVER-WEBAPP Cisco Wireless LAN Controller denial of service attempt (server-webapp.rules) * 3:52127 <-> ENABLED <-> POLICY-OTHER Cisco Web Security Appliance system setup wizard access detected (policy-other.rules) * 3:52128 <-> ENABLED <-> POLICY-OTHER Cisco Web Security Appliance system setup wizard access detected (policy-other.rules) * 3:52129 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure directory traversal attempt (server-webapp.rules) * 3:52131 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2019-0948 attack attempt (server-other.rules) * 3:52237 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0953 attack attempt (server-webapp.rules) * 3:52238 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0954 attack attempt (policy-other.rules) * 3:52241 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0955 attack attempt (server-webapp.rules) * 3:52247 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules) * 3:52269 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0957 attack attempt (file-other.rules) * 3:52270 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0957 attack attempt (file-other.rules) * 3:52274 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0951 attack attempt (policy-other.rules) * 3:52275 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0951 attack attempt (policy-other.rules) * 3:52331 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0959 attack attempt (file-pdf.rules) * 3:52332 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0959 attack attempt (file-pdf.rules) * 3:52345 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0960 attack attempt (server-webapp.rules) * 3:52346 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2019-0960 attack attempt (protocol-snmp.rules) * 3:52367 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules) * 3:52368 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0964 attack attempt (file-other.rules) * 3:52407 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2019-0961 attack attempt (policy-other.rules) * 3:52408 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0962 attack attempt (file-other.rules) * 3:52409 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0962 attack attempt (file-other.rules) * 3:52412 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0963 attack attempt (file-other.rules) * 3:52413 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0966 attack attempt (file-other.rules) * 3:52414 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0965 attack attempt (file-other.rules) * 3:52415 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2019-0967 attack attempt (browser-webkit.rules) * 3:52416 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2019-0967 attack attempt (browser-webkit.rules) * 3:52417 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0968 attack attempt (file-office.rules) * 3:52418 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2019-0968 attack attempt (file-office.rules) * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules) * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules) * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules) * 3:52490 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0972 attack attempt (file-image.rules) * 3:52491 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0972 attack attempt (file-image.rules) * 3:52492 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0972 attack attempt (file-image.rules) * 3:52493 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0972 attack attempt (file-image.rules) * 3:52495 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0971 attack attempt (file-other.rules) * 3:52496 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0971 attack attempt (file-other.rules) * 3:52525 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52526 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52527 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager XML external entity injection attempt (server-webapp.rules) * 3:52528 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52529 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52530 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52531 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52532 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52533 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52534 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52535 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52536 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52537 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52541 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52542 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager displayServerInfos information disclosure attempt (server-webapp.rules) * 3:52543 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52544 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:52545 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52546 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager LanFabricImpl createLanFabric command injection attempt (server-webapp.rules) * 3:52547 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SanWS importTS arbitrary file upload attempt (server-webapp.rules) * 3:52555 <-> ENABLED <-> SERVER-WEBAPP Cisco Webex Video Mesh Node command injection attempt (server-webapp.rules) * 3:52559 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS Web UI cross site request forgery attempt (server-webapp.rules) * 3:52560 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS Web UI cross site request forgery attempt (server-webapp.rules) * 3:52570 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0973 attack attempt (file-other.rules) * 3:52571 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2019-0973 attack attempt (file-other.rules) * 3:52627 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52628 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52629 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52630 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52631 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52632 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center LDAP authentication bypass attempt (server-webapp.rules) * 3:52633 <-> ENABLED <-> SERVER-OTHER Cisco IOS EVPN NLRI parsing denial of service attempt (server-other.rules) * 3:52641 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52642 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager unauthorized password change attempt (server-webapp.rules) * 3:52643 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52644 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager denial of service attempt (server-webapp.rules) * 3:52645 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52646 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52647 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52648 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52649 <-> ENABLED <-> PROTOCOL-SNMP Cisco IOS IS-IS SNMP denial of service attempt (protocol-snmp.rules) * 3:52666 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0981 attack attempt (file-other.rules) * 3:52667 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0981 attack attempt (file-other.rules) * 3:52668 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0982 attack attempt (file-other.rules) * 3:52669 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0982 attack attempt (file-other.rules) * 3:52818 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0979 attack attempt (file-other.rules) * 3:52819 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0979 attack attempt (file-other.rules) * 3:52836 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0976 attack attempt (protocol-snmp.rules) * 3:52837 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0976 attack attempt (protocol-snmp.rules) * 3:52838 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0975 attack attempt (protocol-snmp.rules) * 3:52839 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0975 attack attempt (protocol-snmp.rules) * 3:52840 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0975 attack attempt (protocol-snmp.rules) * 3:52841 <-> ENABLED <-> PROTOCOL-SNMP TRUFFLEHUNTER TALOS-2020-0975 attack attempt (protocol-snmp.rules) * 3:52842 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0978 attack attempt (file-other.rules) * 3:52843 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0978 attack attempt (file-other.rules) * 3:52850 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0980 attack attempt (file-other.rules) * 3:52851 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0980 attack attempt (file-other.rules) * 3:52993 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches admin settings page access detected (policy-other.rules) * 3:52994 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52995 <-> ENABLED <-> POLICY-OTHER Cisco Small Business Series Switches device configuration page access detected (policy-other.rules) * 3:52996 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches information disclosure attempt (server-webapp.rules) * 3:52997 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches cross site scripting attempt (server-webapp.rules) * 3:52998 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Series Switches denial of service attempt (server-webapp.rules) * 3:53000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0983 attack attempt (file-other.rules) * 3:53002 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0993 attack attempt (file-image.rules) * 3:53003 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0993 attack attempt (file-image.rules) * 3:53004 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0988 attack attempt (file-other.rules) * 3:53005 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0988 attack attempt (file-other.rules) * 3:53006 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0998 attack attempt (file-image.rules) * 3:53007 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0998 attack attempt (file-image.rules) * 3:53008 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0989 attack attempt (file-other.rules) * 3:53009 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-0989 attack attempt (file-other.rules) * 3:53010 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1003 attack attempt (policy-other.rules) * 3:53011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0991 attack attempt (file-image.rules) * 3:53012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0991 attack attempt (file-image.rules) * 3:53013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0991 attack attempt (file-image.rules) * 3:53014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0991 attack attempt (file-image.rules) * 3:53015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0987 attack attempt (file-image.rules) * 3:53016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0987 attack attempt (file-image.rules) * 3:53032 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules) * 3:53033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules) * 3:53034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules) * 3:53035 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0986 attack attempt (file-image.rules) * 3:53036 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules) * 3:53037 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-0997 attack attempt (file-pdf.rules) * 3:53038 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53039 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53040 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53041 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53042 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53043 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0990 attack attempt (file-image.rules) * 3:53044 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0984 attack attempt (server-webapp.rules) * 3:53045 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-0985 attack attempt (server-webapp.rules) * 3:53046 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2020-1001 attack attempt (protocol-dns.rules) * 3:53049 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1006 attack attempt (protocol-scada.rules) * 3:53065 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1004 attack attempt (file-image.rules) * 3:53066 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1004 attack attempt (file-image.rules) * 3:53067 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0999 attack attempt (file-image.rules) * 3:53068 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-0999 attack attempt (file-image.rules) * 3:53069 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1011 attack attempt (policy-other.rules) * 3:53070 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1011 attack attempt (policy-other.rules) * 3:53071 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-0996 attack attempt (server-other.rules) * 3:53081 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1010 attack attempt (policy-other.rules) * 3:53093 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53094 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1012 attack attempt (file-multimedia.rules) * 3:53097 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53098 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1009 attack attempt (file-image.rules) * 3:53099 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1000 attack attempt (server-other.rules) * 3:53102 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53103 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1002 attack attempt (server-other.rules) * 3:53114 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules) * 3:53115 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1013 attack attempt (file-pdf.rules) * 3:53125 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1005 attack attempt (protocol-scada.rules) * 3:53126 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1008 attack attempt (protocol-scada.rules) * 3:53127 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules) * 3:53128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1007 attack attempt (protocol-scada.rules) * 3:53168 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified Contact Center Express arbitrary JSP file upload attempt (server-webapp.rules) * 3:53169 <-> ENABLED <-> POLICY-OTHER PostgreSQL default credential login detected (policy-other.rules) * 3:53170 <-> ENABLED <-> SERVER-OTHER Cisco Email Security Appliance mail log parsing denial of service attempt (server-other.rules) * 3:53171 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager password change detected (policy-other.rules) * 3:53172 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager user add detected (policy-other.rules) * 3:53173 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager server properties update detected (policy-other.rules) * 3:53174 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager saveDefaultCredentials detected (policy-other.rules) * 3:53175 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53176 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager cross site request forgery attempt (server-webapp.rules) * 3:53252 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules) * 3:53253 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules) * 3:53254 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules) * 3:53255 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1017 attack attempt (file-image.rules) * 3:53257 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules) * 3:53258 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1016 attack attempt (os-windows.rules) * 3:53265 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules) * 3:53266 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1014 attack attempt (file-pdf.rules) * 3:53268 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules) * 3:53269 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1015 attack attempt (file-office.rules) * 3:53384 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53385 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53386 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53387 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53388 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Registrar cross site request forgery attempt (server-webapp.rules) * 3:53389 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Registrar cross site request forgery attempt (server-webapp.rules) * 3:53390 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Registrar cross site request forgery attempt (server-webapp.rules) * 3:53391 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Network Registrar cross site request forgery attempt (server-webapp.rules) * 3:53392 <-> ENABLED <-> POLICY-OTHER Cisco Prime Network Registrar AddObject request detected (policy-other.rules) * 3:53393 <-> ENABLED <-> POLICY-OTHER Cisco Prime Network Registrar EditAdmin request detected (policy-other.rules) * 3:53418 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1018 attack attempt (server-other.rules) * 3:53441 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1020 attack attempt (protocol-scada.rules) * 3:53442 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1021 attack attempt (protocol-scada.rules) * 3:53443 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1022 attack attempt (protocol-scada.rules) * 3:53444 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1023 attack attempt (protocol-scada.rules) * 3:53445 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1024 attack attempt (protocol-scada.rules) * 3:53470 <-> ENABLED <-> SERVER-OTHER Cisco IOS EnergyWise heap buffer overflow attempt (server-other.rules) * 3:53471 <-> ENABLED <-> SERVER-OTHER Cisco IOS EnergyWise integer underflow attempt (server-other.rules) * 3:53472 <-> ENABLED <-> SERVER-OTHER Cisco IOS EnergyWise out of bounds read attempt (server-other.rules) * 3:53480 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage SQL injection attempt (server-webapp.rules) * 3:53481 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage SQL injection attempt (server-webapp.rules) * 3:53482 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage cross site scripting attempt (server-webapp.rules) * 3:53483 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage cross site scripting attempt (server-webapp.rules) * 3:53484 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1025 attack attempt (protocol-scada.rules) * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules) * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules) * 3:53487 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1027 attack attempt (file-office.rules) * 3:53488 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1027 attack attempt (file-office.rules) * 3:53497 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:53498 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI file upload directory traversal attempt (server-webapp.rules) * 3:53499 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI file upload remote code execution attempt (server-webapp.rules) * 3:53500 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI file upload remote code execution attempt (server-webapp.rules) * 3:53501 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:53502 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:53503 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:53504 <-> ENABLED <-> FILE-OTHER TAR file directory traversal attempt (file-other.rules) * 3:53517 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1037 attack attempt (file-other.rules) * 3:53518 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1037 attack attempt (file-other.rules) * 3:53519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1038 attack attempt (file-other.rules) * 3:53520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1038 attack attempt (file-other.rules) * 3:53521 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1039 attack attempt (file-other.rules) * 3:53522 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1039 attack attempt (file-other.rules) * 3:53523 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1034 attack attempt (file-other.rules) * 3:53524 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1034 attack attempt (file-other.rules) * 3:53531 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1033 attack attempt (os-windows.rules) * 3:53532 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1033 attack attempt (os-windows.rules) * 3:53535 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1035 attack attempt (file-other.rules) * 3:53536 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1035 attack attempt (file-other.rules) * 3:53537 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1036 attack attempt (file-other.rules) * 3:53538 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1036 attack attempt (file-other.rules) * 3:53545 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1040 attack attempt (file-other.rules) * 3:53546 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1040 attack attempt (file-other.rules) * 3:53549 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1043 attack attempt (file-other.rules) * 3:53550 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1043 attack attempt (file-other.rules) * 3:53553 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1042 attack attempt (file-other.rules) * 3:53554 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1042 attack attempt (file-other.rules) * 3:53562 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1030 attack attempt (server-other.rules) * 3:53563 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53564 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1031 attack attempt (file-pdf.rules) * 3:53565 <-> ENABLED <-> PROTOCOL-TFTP TRUFFLEHUNTER TALOS-2020-1029 attack attempt (protocol-tftp.rules) * 3:53571 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53572 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53573 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53574 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53575 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53576 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53577 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53578 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2020-1032 attack attempt (file-multimedia.rules) * 3:53599 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1044 attack attempt (file-pdf.rules) * 3:53600 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1044 attack attempt (file-pdf.rules) * 3:53650 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1045 attack attempt (file-office.rules) * 3:53651 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1045 attack attempt (file-office.rules) * 3:53660 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53661 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player memory corruption attempt (file-other.rules) * 3:53666 <-> ENABLED <-> SERVER-OTHER Cisco Wireless Lan Controller CAPWAP out of bounds access attempt (server-other.rules) * 3:53667 <-> ENABLED <-> POLICY-OTHER Cisco Unified Communications Manager TAPS RMI method lookup detected (policy-other.rules) * 3:53668 <-> ENABLED <-> SERVER-OTHER Cisco Unified Communications Manager TAPS RMI directory traversal attempt (server-other.rules) * 3:53669 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone libHTTPService.so stack buffer overflow attempt (server-webapp.rules) * 3:53670 <-> ENABLED <-> SERVER-WEBAPP Cisco IP Phone libHTTPService.so stack buffer overflow attempt (server-webapp.rules) * 3:53671 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director authentication bypass attempt (server-webapp.rules) * 3:53672 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director REST API directory traversal attempt (server-webapp.rules) * 3:53673 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director REST API directory traversal attempt (server-webapp.rules) * 3:53674 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director REST API directory traversal attempt (server-webapp.rules) * 3:53675 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director LargeFileUploadServlet directory traversal attempt (server-webapp.rules) * 3:53676 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director LargeFileUploadServlet directory traversal attempt (server-webapp.rules) * 3:53677 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director ClientServlet directory traversal attempt (server-webapp.rules) * 3:53678 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director ClientServlet directory traversal attempt (server-webapp.rules) * 3:53679 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director ClientServlet directory traversal attempt (server-webapp.rules) * 3:53680 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director filename directory traversal attempt (server-webapp.rules) * 3:53681 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Director arbitrary JSP file upload attempt (server-webapp.rules) * 3:53682 <-> ENABLED <-> SERVER-WEBAPP Cisco Mobility Express cross site request forgery attempt (server-webapp.rules) * 3:53683 <-> ENABLED <-> SERVER-WEBAPP Cisco Mobility Express cross site request forgery attempt (server-webapp.rules) * 3:53684 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53685 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1047 attack attempt (file-other.rules) * 3:53686 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1055 attack attempt (browser-other.rules) * 3:53729 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules) * 3:53730 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1050 attack attempt (file-other.rules) * 3:53731 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules) * 3:53732 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1046 attack attempt (file-other.rules) * 3:53742 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53743 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1048 attack attempt (file-other.rules) * 3:53755 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53756 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1051 attack attempt (server-other.rules) * 3:53759 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53760 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1053 attack attempt (browser-other.rules) * 3:53761 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53762 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1054 attack attempt (browser-other.rules) * 3:53839 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1059 attack attempt (policy-other.rules) * 3:53840 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1060 attack attempt (policy-other.rules) * 3:53847 <-> ENABLED <-> PROTOCOL-OTHER Cisco ASA and FTD malformed OSPF denial of service attempt (protocol-other.rules) * 3:53850 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD memory disclosure attempt (server-webapp.rules) * 3:53851 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD directory traversal attempt (server-webapp.rules) * 3:53864 <-> ENABLED <-> POLICY-OTHER Cisco Firepower User Agent Service default MySQL credentials detected (policy-other.rules) * 3:53867 <-> ENABLED <-> PROTOCOL-DNS Cisco ASA and FTD IPv6 DNS request stack buffer overflow attempt (protocol-dns.rules) * 3:53868 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD MGCP denial of service attempt (server-other.rules) * 3:53869 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD MGCP denial of service attempt (server-other.rules) * 3:53870 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD MGCP denial of service attempt (server-other.rules) * 3:53871 <-> ENABLED <-> SERVER-OTHER Cisco ASA and FTD MGCP denial of service attempt (server-other.rules) * 3:53944 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules) * 3:53945 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1067 attack attempt (server-webapp.rules) * 3:53948 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules) * 3:53949 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1063 attack attempt (file-pdf.rules) * 3:53959 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1065 attack attempt (server-other.rules) * 3:53990 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1062 attack attempt (file-pdf.rules) * 3:53991 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1062 attack attempt (file-pdf.rules) * 3:53992 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1068 attack attempt (file-pdf.rules) * 3:53993 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1068 attack attempt (file-pdf.rules) * 3:54009 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1071 attack attempt (policy-other.rules) * 3:54010 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1070 attack attempt (file-pdf.rules) * 3:54011 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1070 attack attempt (file-pdf.rules) * 3:54024 <-> ENABLED <-> POLICY-OTHER Cisco Unified Contact Center Express vulnerable Java RMI class access detected (policy-other.rules) * 3:54025 <-> ENABLED <-> POLICY-OTHER Cisco Unified Contact Center Express vulnerable Java RMI class access detected (policy-other.rules) * 3:54026 <-> ENABLED <-> POLICY-OTHER Cisco Unified Contact Center Express vulnerable Java RMI class access detected (policy-other.rules) * 3:54027 <-> ENABLED <-> POLICY-OTHER Cisco Unified Contact Center Express vulnerable Java RMI class access detected (policy-other.rules) * 3:54028 <-> ENABLED <-> INDICATOR-SHELLCODE Java RMI deserialization exploit attempt (indicator-shellcode.rules) * 3:54034 <-> ENABLED <-> SERVER-OTHER Cisco Prime Network Registrar denial of service attempt (server-other.rules) * 3:54047 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1084 attack attempt (file-pdf.rules) * 3:54048 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1084 attack attempt (file-pdf.rules) * 3:54049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1087 attack attempt (server-webapp.rules) * 3:54050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1087 attack attempt (server-webapp.rules) * 3:54051 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1085 attack attempt (browser-chrome.rules) * 3:54052 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1085 attack attempt (browser-chrome.rules) * 3:54120 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54121 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-2019-0912 attack attempt (file-multimedia.rules) * 3:54123 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54124 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54125 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54126 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54127 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54128 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54129 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54130 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54131 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1077 attack attempt (server-webapp.rules) * 3:54132 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54133 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54134 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1072 attack attempt (server-webapp.rules) * 3:54135 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54136 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54137 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1073 attack attempt (server-webapp.rules) * 3:54138 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1074 attack attempt (server-webapp.rules) * 3:54139 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54140 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54141 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1075 attack attempt (server-webapp.rules) * 3:54142 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1076 attack attempt (server-webapp.rules) * 3:54155 <-> ENABLED <-> SERVER-OTHER Cisco IOx Application Environment external VDS control message attempt (server-other.rules) * 3:54158 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE NetFlow packet parsing denial of service attempt (protocol-other.rules) * 3:54159 <-> ENABLED <-> SERVER-OTHER Cisco IOS IKE2 invalid port denial of service attempt (server-other.rules) * 3:54160 <-> ENABLED <-> SERVER-OTHER Cisco IOS IKE2 invalid port denial of service attempt (server-other.rules) * 3:54161 <-> ENABLED <-> POLICY-OTHER Cisco IOx token service access detected (policy-other.rules) * 3:54163 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS malformed SIP Via header denial of service attempt (protocol-voip.rules) * 3:54164 <-> ENABLED <-> PROTOCOL-VOIP Cisco IOS malformed SIP Via header denial of service attempt (protocol-voip.rules) * 3:54251 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules) * 3:54252 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules) * 3:54253 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1080 attack attempt (server-webapp.rules) * 3:54254 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules) * 3:54255 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules) * 3:54256 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1082 attack attempt (server-webapp.rules) * 3:54257 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules) * 3:54258 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1083 attack attempt (server-webapp.rules) * 3:54259 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules) * 3:54260 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules) * 3:54261 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1078 attack attempt (server-webapp.rules) * 3:54262 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules) * 3:54263 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules) * 3:54264 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1079 attack attempt (server-webapp.rules) * 3:54265 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules) * 3:51700 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51701 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51702 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51703 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51704 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center SQL injection attempt (server-webapp.rules) * 3:51705 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules) * 3:51706 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules) * 3:51707 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center directory traversal attempt (server-webapp.rules) * 3:51708 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51709 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51710 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51711 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51713 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN denial of service attempt (server-webapp.rules) * 3:51716 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51717 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51718 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51719 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Center command injection attempt (server-webapp.rules) * 3:51728 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules) * 3:51729 <-> ENABLED <-> SERVER-WEBAPP Cisco WebVPN cross site scripting attempt (server-webapp.rules) * 3:51737 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0915 attack attempt (file-pdf.rules) * 3:51738 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0915 attack attempt (file-pdf.rules) * 3:51890 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51891 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51892 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51893 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51894 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51895 <-> ENABLED <-> SERVER-WEBAPP Cisco SPA100 Series analog telephone adapters buffer overflow attempt (server-webapp.rules) * 3:51900 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51901 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches denial of service attempt (server-webapp.rules) * 3:51902 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51903 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51904 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51905 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51906 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51907 <-> ENABLED <-> SERVER-WEBAPP Cisco Small Business Switches cross site scripting attempt (server-webapp.rules) * 3:51924 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51925 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51926 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51927 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51928 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (server-webapp.rules) * 3:51929 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0919 attack attempt (server-webapp.rules) * 3:51931 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2019-0916 attack attempt (file-image.rules) * 3:54266 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2020-1088 attack attempt (browser-other.rules) * 3:54267 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules) * 3:54268 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules) * 3:54269 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (server-webapp.rules) * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules) * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules) * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules) * 3:54308 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54309 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54310 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54311 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54312 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54313 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54314 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54315 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54320 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54321 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54322 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54323 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54324 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54325 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54326 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54327 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54328 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54329 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54330 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54331 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54332 <-> ENABLED <-> POLICY-OTHER Cisco TelePresence API SoftwareUpgrade SystemUnit command detected (policy-other.rules) * 3:54333 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54334 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54335 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54336 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54337 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54338 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54339 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54340 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54341 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54342 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54343 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54344 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54345 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54346 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54347 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54348 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54349 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54350 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54351 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54352 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54353 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54354 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54355 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54356 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54358 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54359 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54360 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54361 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54362 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54363 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54364 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54365 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54366 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54367 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54368 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54369 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54370 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54371 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54372 <-> ENABLED <-> BROWSER-OTHER Cisco Webex Meetings Desktop App arbitrary program execution attempt (browser-other.rules) * 3:54390 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1096 attack attempt (file-image.rules) * 3:54391 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1096 attack attempt (file-image.rules) * 3:54392 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1098 attack attempt (os-windows.rules) * 3:54393 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2020-1098 attack attempt (os-windows.rules) * 3:54411 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1095 attack attempt (file-image.rules) * 3:54412 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1095 attack attempt (file-image.rules) * 3:54413 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1095 attack attempt (file-image.rules) * 3:54414 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1095 attack attempt (file-image.rules) * 3:54415 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1101 attack attempt (file-other.rules) * 3:54416 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1101 attack attempt (file-other.rules) * 3:54430 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54431 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54432 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54433 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1094 attack attempt (file-other.rules) * 3:54440 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54441 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54442 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54443 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54444 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54445 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1110 attack attempt (file-other.rules) * 3:54446 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54447 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54448 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54449 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54450 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54451 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1111 attack attempt (file-other.rules) * 3:54452 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1112 attack attempt (file-other.rules) * 3:54453 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1112 attack attempt (file-other.rules) * 3:54454 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1113 attack attempt (file-other.rules) * 3:54455 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1113 attack attempt (file-other.rules) * 3:54456 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1114 attack attempt (file-other.rules) * 3:54457 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1114 attack attempt (file-other.rules) * 3:54458 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1115 attack attempt (file-other.rules) * 3:54459 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1115 attack attempt (file-other.rules) * 3:54460 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1116 attack attempt (file-other.rules) * 3:54461 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1116 attack attempt (file-other.rules) * 3:54465 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1102 attack attempt (file-other.rules) * 3:54466 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1102 attack attempt (file-other.rules) * 3:54467 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54468 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54469 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54470 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54471 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54472 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1105 attack attempt (file-other.rules) * 3:54477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1097 attack attempt (server-webapp.rules) * 3:54478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1106 attack attempt (server-webapp.rules) * 3:54479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1107 attack attempt (server-webapp.rules) * 3:54480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1108 attack attempt (server-webapp.rules) * 3:54481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1109 attack attempt (server-webapp.rules) * 3:54488 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1104 attack attempt (file-other.rules) * 3:54489 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1104 attack attempt (file-other.rules) * 3:54490 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1104 attack attempt (file-other.rules) * 3:54491 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1104 attack attempt (file-other.rules) * 3:54492 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1103 attack attempt (file-other.rules) * 3:54493 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1103 attack attempt (file-other.rules) * 3:54494 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1100 attack attempt (server-other.rules) * 3:54501 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules) * 3:54502 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1118 attack attempt (os-other.rules) * 3:54503 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules) * 3:54504 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1117 attack attempt (os-other.rules) * 3:54519 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules) * 3:54520 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1120 attack attempt (file-other.rules) * 3:54538 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54539 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54540 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54541 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:54542 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers heap buffer overflow attempt (server-webapp.rules) * 3:54543 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers heap buffer overflow attempt (server-webapp.rules) * 3:54544 <-> ENABLED <-> POLICY-OTHER Cisco RV110W Router default credential login detected (policy-other.rules) * 3:54545 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage arbitrary Java object deserialization attempt (server-webapp.rules) * 3:54546 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage cypher query language injection attempt (server-webapp.rules) * 3:54547 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage cypher query language injection attempt (server-webapp.rules) * 3:54548 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54549 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54550 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54551 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54552 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers null pointer dereference attempt (server-webapp.rules) * 3:54553 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage file upload detected (policy-other.rules) * 3:54557 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers authentication bypass attempt (server-webapp.rules) * 3:54560 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54561 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54562 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54563 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:54564 <-> ENABLED <-> POLICY-OTHER Cisco RV Series Routers configuration download detected (policy-other.rules) * 3:54568 <-> ENABLED <-> POLICY-OTHER Cisco Prime License Manager password reset detected (policy-other.rules) * 3:54579 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1122 attack attempt (file-other.rules) * 3:54580 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1122 attack attempt (file-other.rules) * 3:54581 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1121 attack attempt (file-other.rules) * 3:54582 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1121 attack attempt (file-other.rules) * 3:54584 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1123 attack attempt (browser-chrome.rules) * 3:54585 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1123 attack attempt (browser-chrome.rules) * 3:54586 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1124 attack attempt (browser-webkit.rules) * 3:54587 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1124 attack attempt (browser-webkit.rules) * 3:54588 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1125 attack attempt (file-other.rules) * 3:54589 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1125 attack attempt (file-other.rules) * 3:54598 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules) * 3:54599 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules) * 3:54600 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules) * 3:54601 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA directory traversal attempt (server-webapp.rules) * 3:54606 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules) * 3:54607 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules) * 3:54608 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1126 attack attempt (server-webapp.rules) * 3:54638 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1127 attack attempt (browser-chrome.rules) * 3:54639 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1127 attack attempt (browser-chrome.rules) * 3:54645 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1128 attack attempt (os-other.rules) * 3:54646 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1128 attack attempt (os-other.rules) * 3:54647 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1129 attack attempt (os-other.rules) * 3:54648 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1129 attack attempt (os-other.rules) * 3:54655 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager command injection attempt (server-webapp.rules) * 3:54656 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager device manager access detected (policy-other.rules) * 3:54667 <-> ENABLED <-> FILE-OTHER TAR file directory traversal attempt (file-other.rules) * 3:54668 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:54680 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1131 attack attempt (os-other.rules) * 3:54681 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1131 attack attempt (os-other.rules) * 3:54682 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1130 attack attempt (os-other.rules) * 3:54683 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1130 attack attempt (os-other.rules) * 3:54694 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect Secure Mobility Client dll-load exploit attempt (file-other.rules) * 3:54695 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect Secure Mobility Client dll-load exploit attempt (file-other.rules) * 3:54696 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54697 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54698 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54699 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54700 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager privileged API access detected (policy-other.rules) * 3:54701 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1133 attack attempt (os-other.rules) * 3:54702 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1133 attack attempt (os-other.rules) * 3:54729 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1138 attack attempt (os-other.rules) * 3:54730 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1138 attack attempt (os-other.rules) * 3:54731 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1134 attack attempt (os-other.rules) * 3:54732 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1134 attack attempt (os-other.rules) * 3:54762 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1135 attack attempt (policy-other.rules) * 3:54763 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1135 attack attempt (policy-other.rules) * 3:54764 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1135 attack attempt (policy-other.rules) * 3:54798 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1135 attack attempt (server-webapp.rules) * 3:54799 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1135 attack attempt (server-webapp.rules) * 3:54800 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1135 attack attempt (server-webapp.rules) * 3:54829 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1139 attack attempt (os-other.rules) * 3:54830 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1139 attack attempt (os-other.rules) * 3:54831 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1142 attack attempt (policy-other.rules) * 3:54832 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1143 attack attempt (server-other.rules) * 3:54866 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules) * 3:54867 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1141 attack attempt (os-other.rules) * 3:54894 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:54895 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:54896 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS malformed BGP UPDATE denial of service attempt (server-other.rules) * 3:54899 <-> ENABLED <-> PROTOCOL-OTHER Cisco NX-OS protocol independent multicast denial of service attempt (protocol-other.rules) * 3:54902 <-> ENABLED <-> PROTOCOL-OTHER IGMP DVMRP scan attempt (protocol-other.rules) * 3:54922 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:54923 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1145 attack attempt (file-other.rules) * 3:55016 <-> ENABLED <-> SERVER-OTHER Cisco Jabber for Windows protocol handler command injection attempt (server-other.rules) * 3:55017 <-> ENABLED <-> SERVER-OTHER Cisco Jabber for Windows protocol handler command injection attempt (server-other.rules) * 3:55018 <-> ENABLED <-> SERVER-OTHER Cisco Jabber for Windows protocol handler command injection attempt (server-other.rules) * 3:55035 <-> ENABLED <-> SERVER-OTHER Cisco Jabber client remote code execution attempt (server-other.rules) * 3:55036 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55037 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2020-1152 attack attempt (browser-chrome.rules) * 3:55641 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55642 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55643 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55644 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55645 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55646 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1151 attack attempt (file-other.rules) * 3:55748 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1153 attack attempt (file-office.rules) * 3:55749 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1153 attack attempt (file-office.rules) * 3:55806 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55807 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55808 <-> ENABLED <-> POLICY-OTHER Cisco IOS Software VLPWA file read detected (policy-other.rules) * 3:55815 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55816 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55817 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55818 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI administrative access detected (policy-other.rules) * 3:55819 <-> ENABLED <-> SERVER-OTHER Cisco IOS Common Open Policy Service denial of service attempt (server-other.rules) * 3:55820 <-> ENABLED <-> PROTOCOL-OTHER Cisco IOS XE Flexible NetFlow denial of service attempt (protocol-other.rules) * 3:55822 <-> ENABLED <-> PROTOCOL-DNS Cisco IOS XE Umbrella Connector denial of service attempt (protocol-dns.rules) * 3:55830 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55831 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55832 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE mDNS denial of service attempt (server-other.rules) * 3:55833 <-> ENABLED <-> POLICY-OTHER Cisco IOS XE WebUI restricted character in authentication detected (policy-other.rules) * 3:55842 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1156 attack attempt (file-pdf.rules) * 3:55843 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1156 attack attempt (file-pdf.rules) * 3:55844 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1155 attack attempt (file-other.rules) * 3:55845 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1155 attack attempt (file-other.rules) * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules) * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules) * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules) * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules) * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules) * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules) * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules) * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56122 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules) * 3:56123 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1175 attack attempt (file-pdf.rules) * 3:56126 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1172 attack attempt (browser-webkit.rules) * 3:56127 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1172 attack attempt (browser-webkit.rules) * 3:56128 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1174 attack attempt (protocol-scada.rules) * 3:56129 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1174 attack attempt (protocol-scada.rules) * 3:56137 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2020-1173 attack attempt (policy-other.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56199 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1193 attack attempt (server-webapp.rules) * 3:56208 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2020-1184 attack attempt (protocol-scada.rules) * 3:56209 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1192 attack attempt (file-office.rules) * 3:56210 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1192 attack attempt (file-office.rules) * 3:56211 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1185 attack attempt (server-webapp.rules) * 3:56212 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1191 attack attempt (file-office.rules) * 3:56213 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1191 attack attempt (file-office.rules) * 3:56216 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player out of bounds write attempt (file-other.rules) * 3:56217 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player out of bounds write attempt (file-other.rules) * 3:56218 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player buffer overflow attempt (file-other.rules) * 3:56219 <-> ENABLED <-> FILE-OTHER Cisco Webex Network Recording Player buffer overflow attempt (file-other.rules) * 3:56220 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:56221 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect Secure Mobility Client arbitrary code execution attempt (file-other.rules) * 3:56222 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect Secure Mobility Client arbitrary code execution attempt (file-other.rules) * 3:56225 <-> ENABLED <-> SERVER-OTHER Cisco Webex Meetings virtual channel remote code execution attempt (server-other.rules) * 3:56226 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1190 attack attempt (file-office.rules) * 3:56227 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1190 attack attempt (file-office.rules) * 3:56228 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1190 attack attempt (file-office.rules) * 3:56229 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1190 attack attempt (file-office.rules) * 3:56275 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1185 attack attempt (server-other.rules) * 3:56297 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1189 attack attempt (server-webapp.rules) * 3:56298 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1189 attack attempt (server-other.rules) * 3:56306 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager arbitrary file download attempt (server-webapp.rules) * 3:56307 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1188 attack attempt (server-webapp.rules) * 3:56308 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1188 attack attempt (server-other.rules) * 3:56365 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56366 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1183 attack attempt (file-image.rules) * 3:56379 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56380 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56381 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56382 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1195 attack attempt (browser-webkit.rules) * 3:56389 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56390 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1197 attack attempt (file-office.rules) * 3:56424 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Spaces Connector command injection attempt (server-webapp.rules) * 3:56431 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules) * 3:56440 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56441 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56442 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56443 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56444 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller stack buffer overflow attempt (server-webapp.rules) * 3:56447 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules) * 3:56448 <-> ENABLED <-> POLICY-OTHER Cisco IoT Field Network Director access detected (policy-other.rules) * 3:56451 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules) * 3:56452 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1196 attack attempt (file-image.rules) * 3:56475 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules) * 3:56476 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules) * 3:56477 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1205 attack attempt (server-webapp.rules) * 3:56478 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules) * 3:56479 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules) * 3:56480 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1207 attack attempt (server-webapp.rules) * 3:56481 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules) * 3:56482 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules) * 3:56483 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1206 attack attempt (server-webapp.rules) * 3:56486 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules) * 3:56487 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules) * 3:56488 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1202 attack attempt (server-webapp.rules) * 3:56489 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1203 attack attempt (server-webapp.rules) * 3:56496 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1198 attack attempt (server-webapp.rules) * 3:56500 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules) * 3:56501 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules) * 3:56502 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1200 attack attempt (server-webapp.rules) * 3:56503 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1201 attack attempt (server-webapp.rules) * 3:56504 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules) * 3:56505 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules) * 3:56506 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1199 attack attempt (server-webapp.rules) * 3:56507 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-webapp.rules) * 3:56508 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1186 attack attempt (server-other.rules) * 3:56509 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-webapp.rules) * 3:56510 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1187 attack attempt (server-other.rules) * 3:56526 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1210 attack attempt (file-office.rules) * 3:56527 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2020-1210 attack attempt (file-office.rules) * 3:56539 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules) * 3:56540 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1212 attack attempt (file-other.rules) * 3:56548 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1209 attack attempt (os-other.rules) * 3:56549 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2020-1209 attack attempt (os-other.rules) * 3:56572 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol handler command line argument injection attempt (browser-other.rules) * 3:56573 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol handler command line argument injection attempt (browser-other.rules) * 3:56575 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol handler command line argument injection attempt (browser-other.rules) * 3:56576 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol handler command line argument injection attempt (browser-other.rules) * 3:56588 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:56589 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:56590 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:56591 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:56658 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules) * 3:56659 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2020-1214 attack attempt (browser-webkit.rules) * 3:56721 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules) * 3:56722 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1213 attack attempt (file-other.rules) * 3:56723 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules) * 3:56724 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1215 attack attempt (file-other.rules) * 3:56725 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules) * 3:56726 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1218 attack attempt (file-other.rules) * 3:56727 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules) * 3:56728 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1219 attack attempt (file-other.rules) * 3:56729 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2020-1217 attack attempt (server-other.rules) * 3:56832 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1221 attack attempt (server-webapp.rules) * 3:56838 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:56839 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56840 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56841 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56842 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56843 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56844 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56847 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1222 attack attempt (file-other.rules) * 3:56848 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1222 attack attempt (file-other.rules) * 3:56861 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56866 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56867 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56868 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56869 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56870 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56871 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56872 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56873 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56874 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56875 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56876 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56881 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect information disclosure attempt (file-other.rules) * 3:56882 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect information disclosure attempt (file-other.rules) * 3:56883 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect information disclosure attempt (file-other.rules) * 3:56884 <-> ENABLED <-> FILE-OTHER Cisco AnyConnect information disclosure attempt (file-other.rules) * 3:56885 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:56893 <-> ENABLED <-> FILE-OTHER OpenSSL configuration arbitrary DLL load attempt (file-other.rules) * 3:56894 <-> ENABLED <-> FILE-OTHER OpenSSL configuration arbitrary DLL load attempt (file-other.rules) * 3:56938 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56939 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56940 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56941 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56942 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:56943 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:56944 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN vManage directory traversal attempt (server-webapp.rules) * 3:56945 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56946 <-> ENABLED <-> SERVER-WEBAPP Cisco SD-WAN WebUI command injection attempt (server-webapp.rules) * 3:56947 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:56950 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center command injection attempt (server-webapp.rules) * 3:56953 <-> ENABLED <-> SERVER-WEBAPP Cisco Smart Software Manager Satellite Web UI command injection attempt (server-webapp.rules) * 3:56954 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager SQL injection attempt (server-webapp.rules) * 3:56955 <-> ENABLED <-> POLICY-OTHER Cisco Smart Software Manager Satellite Web UI user creation detected (policy-other.rules) * 3:56956 <-> ENABLED <-> POLICY-OTHER Cisco Data Center Network Manager session validation request detected (policy-other.rules) * 3:56957 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage terminal request detected (policy-other.rules) * 3:56958 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage terminal request detected (policy-other.rules) * 3:56959 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage enumeration request detected (policy-other.rules) * 3:56960 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage enumeration request detected (policy-other.rules) * 3:56961 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage enumeration request detected (policy-other.rules) * 3:56962 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage configuration request detected (policy-other.rules) * 3:56963 <-> ENABLED <-> POLICY-OTHER Cisco SD-WAN vManage request detected (policy-other.rules) * 3:56994 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules) * 3:56995 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1226 attack attempt (file-other.rules) * 3:57000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules) * 3:57001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1224 attack attempt (file-other.rules) * 3:57011 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57012 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57013 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57014 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57015 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57016 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1227 attack attempt (file-image.rules) * 3:57045 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57046 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1229 attack attempt (browser-webkit.rules) * 3:57052 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules) * 3:57053 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1232 attack attempt (file-image.rules) * 3:57056 <-> ENABLED <-> PROTOCOL-SCADA TRUFFLEHUNTER TALOS-2021-1234 attack attempt (protocol-scada.rules) * 3:57057 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules) * 3:57058 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2021-1235 attack attempt (browser-chrome.rules) * 3:57059 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules) * 3:57060 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1233 attack attempt (file-pdf.rules) * 3:57115 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules) * 3:57116 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules) * 3:57117 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules) * 3:57118 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2021-1237 attack attempt (server-other.rules) * 3:57119 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules) * 3:57120 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1231 attack attempt (file-other.rules) * 3:57121 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules) * 3:57122 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1230 attack attempt (file-other.rules) * 3:57124 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules) * 3:57125 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1244 attack attempt (file-image.rules) * 3:57134 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57135 <-> ENABLED <-> BROWSER-WEBKIT TRUFFLEHUNTER TALOS-2021-1238 attack attempt (browser-webkit.rules) * 3:57136 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1246 attack attempt (netbios.rules) * 3:57139 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57140 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1247 attack attempt (os-other.rules) * 3:57162 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1248 attack attempt (file-image.rules) * 3:57163 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1248 attack attempt (file-image.rules) * 3:57164 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1248 attack attempt (file-image.rules) * 3:57165 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1248 attack attempt (file-image.rules) * 3:57166 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1249 attack attempt (os-other.rules) * 3:57167 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1249 attack attempt (os-other.rules) * 3:57186 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57187 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1250 attack attempt (os-other.rules) * 3:57189 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57190 <-> ENABLED <-> FILE-EXECUTABLE TRUFFLEHUNTER TALOS-2021-1255 attack attempt (file-executable.rules) * 3:57222 <-> ENABLED <-> SERVER-OTHER Cisco NX-OS arbitrary file write attempt (server-other.rules) * 3:57223 <-> ENABLED <-> POLICY-OTHER Cisco Application Services Engine API access detected (policy-other.rules) * 3:57227 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1225 attack attempt (file-other.rules) * 3:57228 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1225 attack attempt (file-other.rules) * 3:57230 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1223 attack attempt (file-other.rules) * 3:57231 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1223 attack attempt (file-other.rules) * 3:57232 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1258 attack attempt (netbios.rules) * 3:57249 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1257 attack attempt (file-image.rules) * 3:57250 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1257 attack attempt (file-image.rules) * 3:57265 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1263 attack attempt (netbios.rules) * 3:57266 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt (os-other.rules) * 3:57267 <-> ENABLED <-> OS-OTHER TRUFFLEHUNTER TALOS-2021-1262 attack attempt (os-other.rules) * 3:57270 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1261 attack attempt (file-image.rules) * 3:57271 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1261 attack attempt (file-image.rules) * 3:57272 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1261 attack attempt (file-image.rules) * 3:57273 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1261 attack attempt (file-image.rules) * 3:57282 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1260 attack attempt (netbios.rules) * 3:57290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1270 attack attempt (server-webapp.rules) * 3:57291 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1270 attack attempt (server-webapp.rules) * 3:57292 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1271 attack attempt (server-webapp.rules) * 3:57293 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1271 attack attempt (server-webapp.rules) * 3:57294 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1265 attack attempt (file-pdf.rules) * 3:57295 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1265 attack attempt (file-pdf.rules) * 3:57296 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1267 attack attempt (file-pdf.rules) * 3:57297 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1267 attack attempt (file-pdf.rules) * 3:57300 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 3:57301 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1264 attack attempt (file-image.rules) * 3:57302 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1264 attack attempt (file-image.rules) * 3:57303 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1266 attack attempt (file-pdf.rules) * 3:57304 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2021-1266 attack attempt (file-pdf.rules) * 3:57305 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (server-webapp.rules) * 3:57306 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt (server-webapp.rules) * 3:57307 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1274 attack attempt (server-webapp.rules) * 3:57308 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1274 attack attempt (server-webapp.rules) * 3:57309 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1274 attack attempt (server-webapp.rules) * 3:57310 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1268 attack attempt (netbios.rules) * 3:57338 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1273 attack attempt (server-webapp.rules) * 3:57339 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1273 attack attempt (server-webapp.rules) * 3:57340 <-> ENABLED <-> NETBIOS TRUFFLEHUNTER TALOS-2021-1269 attack attempt (netbios.rules) * 3:57343 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS and IOS-XE Application Environment directory traversal attempt (server-webapp.rules) * 3:57344 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS-XE Software Plug-and-Play command execution attempt (server-webapp.rules) * 3:57345 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Software cross site request forgery attempt (server-webapp.rules) * 3:57346 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Software cross site request forgery attempt (server-webapp.rules) * 3:57349 <-> ENABLED <-> SERVER-OTHER Cisco Virtual Switching System stack buffer overflow attempt (server-other.rules) * 3:57350 <-> ENABLED <-> SERVER-OTHER invalid multicast DNS name length response attempt (server-other.rules) * 3:57351 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP mention message denial of service attempt (browser-other.rules) * 3:57352 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:57353 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:57354 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP cross site scripting attempt (browser-other.rules) * 3:57355 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:57356 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:57357 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:57358 <-> ENABLED <-> SERVER-WEBAPP Cisco IOS XE Web UI command injection attempt (server-webapp.rules) * 3:57359 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber XMPP information disclosure attempt (browser-other.rules) * 3:57360 <-> ENABLED <-> SERVER-OTHER Cisco IOS XE Wireless Controller Software CAPWAP denial of service attempt (server-other.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:7019 <-> ENABLED <-> PUA-P2P WinNY connection attempt (pua-p2p.rules) * 3:7196 <-> ENABLED <-> OS-OTHER Multiple Operating Systems invalid DHCP option attempt (os-other.rules) * 3:8092 <-> ENABLED <-> OS-WINDOWS IGMP IP Options validation attempt (os-windows.rules) * 3:8351 <-> ENABLED <-> OS-WINDOWS PGM nak list overflow attempt (os-windows.rules)
* 1:1191 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:1192 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan access (server-webapp.rules) * 1:1193 <-> DISABLED <-> SERVER-WEBAPP oracle web arbitrary command execution attempt (server-webapp.rules) * 1:1194 <-> DISABLED <-> SERVER-WEBAPP sojourn.cgi File attempt (server-webapp.rules) * 1:11940 <-> DISABLED <-> BROWSER-PLUGINS Westbyte Internet Download Accelerator ActiveX function call access (browser-plugins.rules) * 1:11942 <-> DISABLED <-> BROWSER-PLUGINS Westbyte internet download accelerator ActiveX clsid access (browser-plugins.rules) * 1:11943 <-> DISABLED <-> BROWSER-PLUGINS HP ModemUtil ActiveX clsid access (browser-plugins.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11946 <-> DISABLED <-> NETBIOS Datagram Service NetDDE attack (netbios.rules) * 1:11947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows schannel security package (os-windows.rules) * 1:11948 <-> DISABLED <-> PUA-TOOLBARS Hijacker snap toolbar runtime detection - cookie (pua-toolbars.rules) * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules) * 1:1195 <-> DISABLED <-> SERVER-WEBAPP sojourn.cgi access (server-webapp.rules) * 1:11950 <-> DISABLED <-> MALWARE-CNC killav_gj (malware-cnc.rules) * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules) * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules) * 1:11953 <-> ENABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:1196 <-> DISABLED <-> SERVER-WEBAPP SGI InfoSearch fname attempt (server-webapp.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:13750 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 18 ActiveX clsid access (browser-plugins.rules) * 1:13752 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 19 ActiveX clsid access (browser-plugins.rules) * 1:13754 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 20 ActiveX clsid access (browser-plugins.rules) * 1:13756 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 21 ActiveX clsid access (browser-plugins.rules) * 1:13758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft HeartbeatCtl ActiveX clsid access (browser-plugins.rules) * 1:1376 <-> DISABLED <-> SERVER-WEBAPP jrun directory browse attempt (server-webapp.rules) * 1:13760 <-> DISABLED <-> BROWSER-PLUGINS Microsoft HeartbeatCtl ActiveX function call access (browser-plugins.rules) * 1:13762 <-> DISABLED <-> PUA-ADWARE Adware system defender runtime detection (pua-adware.rules) * 1:13764 <-> DISABLED <-> PUA-ADWARE Snoopware xpress remote outbound connection - init connection (pua-adware.rules) * 1:13765 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - presale request (pua-adware.rules) * 1:13766 <-> DISABLED <-> PUA-ADWARE Adware winxdefender runtime detection - auto update (pua-adware.rules) * 1:13767 <-> ENABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13768 <-> DISABLED <-> MALWARE-OTHER Keylogger cyber sitter runtime detection (malware-other.rules) * 1:13769 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:1377 <-> DISABLED <-> PROTOCOL-FTP wu-ftp bad file completion attempt (protocol-ftp.rules) * 1:13770 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchnine toolbar runtime detection - redirects search function (pua-toolbars.rules) * 1:13771 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #1 (pua-toolbars.rules) * 1:13772 <-> DISABLED <-> PUA-TOOLBARS Hijacker music of faith toolbar runtime detection - hijacks search engine traffic #2 (pua-toolbars.rules) * 1:13774 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #1 (pua-adware.rules) * 1:13775 <-> DISABLED <-> PUA-ADWARE Trickler trojan ecodec outbound connection - initial server connection #2 (pua-adware.rules) * 1:13776 <-> DISABLED <-> MALWARE-OTHER Trackware syscleaner runtime detection - presale traffic (malware-other.rules) * 1:13777 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SysCleaner (malware-cnc.rules) * 1:13778 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb employee monitor runtime detection (malware-other.rules) * 1:13779 <-> DISABLED <-> PUA-TOOLBARS Trackware proofile toolbar runtime detection (pua-toolbars.rules) * 1:1378 <-> DISABLED <-> PROTOCOL-FTP wu-ftp bad file completion attempt (protocol-ftp.rules) * 1:13780 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - automatic updates (pua-toolbars.rules) * 1:13781 <-> DISABLED <-> PUA-TOOLBARS Hijacker find.fm toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EzReward (malware-cnc.rules) * 1:13783 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Assistant ActiveX clsid access (browser-plugins.rules) * 1:13785 <-> DISABLED <-> BROWSER-PLUGINS Ourgame GLWorld ActiveX clsid access (browser-plugins.rules) * 1:13787 <-> DISABLED <-> BROWSER-PLUGINS Ourgame GLWorld ActiveX function call access (browser-plugins.rules) * 1:1379 <-> DISABLED <-> PROTOCOL-FTP STAT overflow attempt (protocol-ftp.rules) * 1:13791 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13797 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:1380 <-> DISABLED <-> SERVER-IIS Form_VBScript.asp access (server-iis.rules) * 1:13800 <-> DISABLED <-> SERVER-OTHER ARCServe LGServer service data overflow attempt (server-other.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13805 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (protocol-rpc.rules) * 1:13806 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 234 attempt (protocol-rpc.rules) * 1:13807 <-> DISABLED <-> FILE-IMAGE Microsoft Windows metafile SetPaletteEntries heap overflow attempt (file-image.rules) * 1:13808 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - presale request (pua-adware.rules) * 1:13809 <-> DISABLED <-> PUA-ADWARE Adware ie antivirus runtime detection - update request (pua-adware.rules) * 1:1381 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan attempt (server-webapp.rules) * 1:13810 <-> DISABLED <-> PUA-ADWARE Trickler Adware.Win32.Ejik runtime detection - udp payload (pua-adware.rules) * 1:13811 <-> DISABLED <-> PUA-ADWARE Adware xp antivirus runtime detection (pua-adware.rules) * 1:13812 <-> DISABLED <-> MALWARE-OTHER Keylogger refog Keylogger runtime detection (malware-other.rules) * 1:13813 <-> DISABLED <-> PUA-ADWARE Trickler mm.exe outbound connection (pua-adware.rules) * 1:13814 <-> DISABLED <-> MALWARE-CNC passhax variant outbound connection (malware-cnc.rules) * 1:13815 <-> DISABLED <-> MALWARE-CNC zombget.03 variant outbound connection (malware-cnc.rules) * 1:13816 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13817 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13818 <-> DISABLED <-> SERVER-WEBAPP PHP alternate xmlrpc.php command injection attempt (server-webapp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:1382 <-> DISABLED <-> SERVER-OTHER CHAT IRC Ettercap parse overflow attempt (server-other.rules) * 1:13820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13823 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (file-multimedia.rules) * 1:13824 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:13827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PGM denial of service attempt (os-windows.rules) * 1:13828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:13830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:13832 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer backweb ActiveX clsid access (browser-plugins.rules) * 1:13834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer request header overwrite (browser-ie.rules) * 1:13838 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:13840 <-> DISABLED <-> SERVER-OTHER Borland Interbase service attach operation buffer overflow (server-other.rules) * 1:13841 <-> DISABLED <-> SERVER-OTHER Borland Interbase create operation buffer overflow (server-other.rules) * 1:13842 <-> DISABLED <-> SERVER-OTHER Borland Interbase operation buffer overflow (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13844 <-> DISABLED <-> SERVER-MAIL BDAT size longer than contents exploit attempt (server-mail.rules) * 1:13845 <-> DISABLED <-> SERVER-MAIL BDAT size public exploit attempt (server-mail.rules) * 1:13846 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:13847 <-> DISABLED <-> PUA-ADWARE Adware phoenician casino runtime detection (pua-adware.rules) * 1:13848 <-> DISABLED <-> PUA-ADWARE Trickler zwinky runtime detection (pua-adware.rules) * 1:13849 <-> DISABLED <-> PUA-ADWARE Hijacker rcse 4.4 outbound connection - hijack ie browser (pua-adware.rules) * 1:1385 <-> DISABLED <-> SERVER-WEBAPP mod-plsql administration access (server-webapp.rules) * 1:13850 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - popup ads (pua-adware.rules) * 1:13851 <-> DISABLED <-> PUA-ADWARE Adware roogoo 2.0 runtime detection - upgrade (pua-adware.rules) * 1:13852 <-> DISABLED <-> PUA-ADWARE Hijacker bitroll 5.0 outbound connection (pua-adware.rules) * 1:13853 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - weather request (pua-toolbars.rules) * 1:13854 <-> DISABLED <-> PUA-TOOLBARS Hijacker alot toolbar runtime detection - auto update (pua-toolbars.rules) * 1:13855 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpeedRunner (malware-cnc.rules) * 1:13856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.wintrim.z variant outbound connection (malware-cnc.rules) * 1:13857 <-> DISABLED <-> BROWSER-PLUGINS HP Instant Support DataManager ActiveX clsid access (browser-plugins.rules) * 1:13859 <-> DISABLED <-> BROWSER-PLUGINS HP Instant Support DataManager ActiveX function call access (browser-plugins.rules) * 1:1386 <-> DISABLED <-> SERVER-MSSQL raiserror possible buffer overflow (server-mssql.rules) * 1:13861 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client avatar control (policy-social.rules) * 1:13862 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client item information download (policy-social.rules) * 1:13863 <-> DISABLED <-> POLICY-SOCIAL Habbo chat client successful login (policy-social.rules) * 1:13864 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Dr. Watson error reporting attempt (policy-other.rules) * 1:13865 <-> DISABLED <-> FILE-IMAGE BMP image handler buffer overflow attempt (file-image.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13868 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - start fake scanning (pua-adware.rules) * 1:13869 <-> DISABLED <-> PUA-ADWARE Adware antispywaremaster runtime detection - sale/register request (pua-adware.rules) * 1:1387 <-> DISABLED <-> SQL raiserror possible buffer overflow (sql.rules) * 1:13870 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - init conn (pua-adware.rules) * 1:13871 <-> DISABLED <-> PUA-ADWARE Adware coopen 5.0.0.87 runtime detection - ads (pua-adware.rules) * 1:13872 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - notice (pua-adware.rules) * 1:13873 <-> DISABLED <-> PUA-ADWARE Trickler fushion 1.2.4.17 outbound connection - underground traffic (pua-adware.rules) * 1:13874 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - order request (pua-adware.rules) * 1:13875 <-> DISABLED <-> PUA-ADWARE Adware malware destructor 4.5 runtime detection - auto update (pua-adware.rules) * 1:13876 <-> DISABLED <-> MALWARE-CNC zlob.acc variant outbound connection (malware-cnc.rules) * 1:13877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.uv variant outbound connection (malware-cnc.rules) * 1:13878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.uv inbound connection (malware-cnc.rules) * 1:1388 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP Location overflow attempt (os-windows.rules) * 1:13883 <-> DISABLED <-> BROWSER-PLUGINS UUSee UUUpgrade ActiveX clsid access (browser-plugins.rules) * 1:13885 <-> DISABLED <-> BROWSER-PLUGINS UUSee UUUpgrade ActiveX function call access (browser-plugins.rules) * 1:13888 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13889 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13890 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules) * 1:13891 <-> DISABLED <-> SERVER-MSSQL Memory page overwrite attempt (server-mssql.rules) * 1:13892 <-> DISABLED <-> SERVER-MSSQL Convert function style overwrite (server-mssql.rules) * 1:13893 <-> DISABLED <-> FILE-OTHER Microsoft malformed saved search heap corruption attempt (file-other.rules) * 1:13894 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access From field cross-site scripting attempt (server-mail.rules) * 1:13895 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access invalid CSS escape sequence script execution attempt (server-mail.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules) * 1:13898 <-> ENABLED <-> APP-DETECT Apple iTunes client request for server info (app-detect.rules) * 1:13899 <-> DISABLED <-> APP-DETECT Apple iTunes client login attempt (app-detect.rules) * 1:1390 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ebx NOOP (indicator-shellcode.rules) * 1:13900 <-> DISABLED <-> APP-DETECT Apple iTunes server multicast DNS response (app-detect.rules) * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:13903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:152 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Connection (malware-backdoor.rules) * 1:1520 <-> DISABLED <-> SERVER-WEBAPP server-info access (server-webapp.rules) * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules) * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules) * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules) * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules) * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules) * 1:1521 <-> DISABLED <-> SERVER-WEBAPP server-status access (server-webapp.rules) * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules) * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules) * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules) * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules) * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules) * 1:1522 <-> DISABLED <-> SERVER-WEBAPP ans.pl attempt (server-webapp.rules) * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules) * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules) * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules) * 1:15228 <-> DISABLED <-> BROWSER-PLUGINS Ciansoft PDFBuilderX ActiveX clsid access (browser-plugins.rules) * 1:1523 <-> DISABLED <-> SERVER-WEBAPP ans.pl access (server-webapp.rules) * 1:15230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer 2 ActiveX clsid access (browser-plugins.rules) * 1:15232 <-> DISABLED <-> BROWSER-PLUGINS Easy Grid ActiveX clsid access (browser-plugins.rules) * 1:15234 <-> DISABLED <-> BROWSER-PLUGINS Easy Grid ActiveX function call access (browser-plugins.rules) * 1:15236 <-> DISABLED <-> FILE-IMAGE ACD Systems ACDSee XPM file format overflow attempt (file-image.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15238 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime for Java toQTPointer function memory corruption attempt (file-multimedia.rules) * 1:15239 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:1524 <-> DISABLED <-> SERVER-WEBAPP Axis Storpoint CD attempt (server-webapp.rules) * 1:15240 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15241 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (file-multimedia.rules) * 1:15243 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX clsid access (browser-plugins.rules) * 1:15245 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX function call access (browser-plugins.rules) * 1:15247 <-> DISABLED <-> BROWSER-PLUGINS JamDTA ActiveX clsid access (browser-plugins.rules) * 1:15249 <-> DISABLED <-> BROWSER-PLUGINS SmartVMD ActiveX clsid access (browser-plugins.rules) * 1:1525 <-> DISABLED <-> SERVER-WEBAPP Axis Storpoint CD access (server-webapp.rules) * 1:15251 <-> DISABLED <-> BROWSER-PLUGINS MetaProducts MetaTreeX ActiveX clsid access (browser-plugins.rules) * 1:15253 <-> DISABLED <-> BROWSER-PLUGINS MetaProducts MetaTreeX ActiveX function call access (browser-plugins.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15256 <-> DISABLED <-> SERVER-ORACLE BPEL process manager XSS injection attempt (server-oracle.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15259 <-> DISABLED <-> PROTOCOL-DNS DNS root query traffic amplification attempt (protocol-dns.rules) * 1:1526 <-> DISABLED <-> SERVER-WEBAPP basilix sendmail.inc access (server-webapp.rules) * 1:15260 <-> DISABLED <-> PROTOCOL-DNS DNS root query response traffic amplification attempt (protocol-dns.rules) * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules) * 1:15264 <-> DISABLED <-> SERVER-WEBAPP Oracle TimesTen In-Memory Database evtdump CGI module format string exploit attempt (server-webapp.rules) * 1:15266 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:15268 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX function call access (browser-plugins.rules) * 1:1527 <-> DISABLED <-> SERVER-WEBAPP basilix mysql.class access (server-webapp.rules) * 1:15270 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies PDF417 ActiveX clsid access (browser-plugins.rules) * 1:15272 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies PDF417 ActiveX function call access (browser-plugins.rules) * 1:15274 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies DataMatrix ActiveX clsid access (browser-plugins.rules) * 1:15276 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies DataMatrix ActiveX function call access (browser-plugins.rules) * 1:15278 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:1528 <-> DISABLED <-> SERVER-WEBAPP BBoard access (server-webapp.rules) * 1:15280 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX function call access (browser-plugins.rules) * 1:15282 <-> DISABLED <-> BROWSER-PLUGINS FlexCell Grid ActiveX clsid access (browser-plugins.rules) * 1:15284 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioGrabber2 ActiveX clsid access (browser-plugins.rules) * 1:15286 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioGrabber2 ActiveX function call access (browser-plugins.rules) * 1:15288 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioInformation2 ActiveX clsid access (browser-plugins.rules) * 1:1529 <-> DISABLED <-> PROTOCOL-FTP SITE overflow attempt (protocol-ftp.rules) * 1:15290 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioInformation2 ActiveX function call access (browser-plugins.rules) * 1:15292 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2006 (policy-social.rules) * 1:15293 <-> DISABLED <-> POLICY-SOCIAL QQ protocol detected - version 2008 (policy-social.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch configuration download (malware-cnc.rules) * 1:15296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch malicious file download (malware-cnc.rules) * 1:15297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch report home (malware-cnc.rules) * 1:15299 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:15302 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange System Attendant denial of service attempt (server-mail.rules) * 1:15303 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution attempt (file-office.rules) * 1:15304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:15305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:15306 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable binary file magic detected (file-executable.rules) * 1:15307 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Animation Control ActiveX clsid access (browser-plugins.rules) * 1:15309 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Animation Control ActiveX function call access (browser-plugins.rules) * 1:1531 <-> DISABLED <-> SERVER-WEBAPP bb-hist.sh attempt (server-webapp.rules) * 1:15311 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX clsid access (browser-plugins.rules) * 1:15313 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX function call access (browser-plugins.rules) * 1:15315 <-> DISABLED <-> BROWSER-PLUGINS Akamai DownloadManager ActiveX clsid access (browser-plugins.rules) * 1:15317 <-> DISABLED <-> BROWSER-PLUGINS Akamai DownloadManager ActiveX function call access (browser-plugins.rules) * 1:15319 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:1532 <-> DISABLED <-> SERVER-WEBAPP bb-hostscv.sh attempt (server-webapp.rules) * 1:15320 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15321 <-> ENABLED <-> NETBIOS SMB /sql/query create tree attempt (netbios.rules) * 1:15322 <-> ENABLED <-> NETBIOS SMB /sql/query unicode create tree attempt (netbios.rules) * 1:15323 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15324 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:15325 <-> ENABLED <-> NETBIOS SMB /sql/query andx create tree attempt (netbios.rules) * 1:15326 <-> ENABLED <-> NETBIOS SMB /sql/query unicode andx create tree attempt (netbios.rules) * 1:1533 <-> DISABLED <-> SERVER-WEBAPP bb-hostscv.sh access (server-webapp.rules) * 1:15330 <-> DISABLED <-> BROWSER-PLUGINS Nokia Phoenix Service 1 ActiveX clsid access (browser-plugins.rules) * 1:15332 <-> DISABLED <-> BROWSER-PLUGINS Nokia Phoenix Service 2 ActiveX clsid access (browser-plugins.rules) * 1:15334 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 7000 ActiveX clsid access (browser-plugins.rules) * 1:15336 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 7000 ActiveX function call access (browser-plugins.rules) * 1:15338 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 8120 ActiveX clsid access (browser-plugins.rules) * 1:1534 <-> DISABLED <-> SERVER-WEBAPP agora.cgi attempt (server-webapp.rules) * 1:15340 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 8120 ActiveX function call access (browser-plugins.rules) * 1:15342 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 8200 ActiveX clsid access (browser-plugins.rules) * 1:15344 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveX 8200 ActiveX function call access (browser-plugins.rules) * 1:15346 <-> DISABLED <-> BROWSER-PLUGINS Synactis ALL In-The-Box ActiveX clsid access (browser-plugins.rules) * 1:15348 <-> DISABLED <-> BROWSER-PLUGINS Synactis ALL In-The-Box ActiveX function call access (browser-plugins.rules) * 1:1535 <-> DISABLED <-> SERVER-WEBAPP bizdbsearch access (server-webapp.rules) * 1:15350 <-> DISABLED <-> BROWSER-PLUGINS Web on Windows ActiveX clsid access (browser-plugins.rules) * 1:15352 <-> DISABLED <-> BROWSER-PLUGINS Web on Windows ActiveX function call access (browser-plugins.rules) * 1:15357 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:1536 <-> DISABLED <-> SERVER-WEBAPP calendar_admin.pl arbitrary command execution attempt (server-webapp.rules) * 1:15361 <-> ENABLED <-> FILE-PDF pdf file sent via email (file-pdf.rules) * 1:15362 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack (indicator-obfuscation.rules) * 1:15363 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential obfuscated javascript eval unescape attack attempt (indicator-obfuscation.rules) * 1:15364 <-> DISABLED <-> SERVER-OTHER Ganglia Meta Daemon process_path stack buffer overflow attempt (server-other.rules) * 1:15367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook web access script injection attempt (file-office.rules) * 1:15368 <-> DISABLED <-> BROWSER-PLUGINS FathFTP ActiveX clsid access (browser-plugins.rules) * 1:1537 <-> DISABLED <-> SERVER-WEBAPP calendar_admin.pl access (server-webapp.rules) * 1:15370 <-> DISABLED <-> BROWSER-PLUGINS FathFTP ActiveX function call access (browser-plugins.rules) * 1:15372 <-> DISABLED <-> BROWSER-PLUGINS iDefense COMRaider ActiveX clsid access (browser-plugins.rules) * 1:15374 <-> DISABLED <-> BROWSER-PLUGINS iDefense COMRaider ActiveX function call access (browser-plugins.rules) * 1:15376 <-> DISABLED <-> BROWSER-PLUGINS Sopcast SopCore ActiveX clsid access (browser-plugins.rules) * 1:15378 <-> DISABLED <-> BROWSER-PLUGINS Sopcast SopCore ActiveX function call access (browser-plugins.rules) * 1:1538 <-> DISABLED <-> PROTOCOL-NNTP AUTHINFO USER overflow attempt (protocol-nntp.rules) * 1:15380 <-> DISABLED <-> BROWSER-PLUGINS HP Virtual Rooms v7 ActiveX clsid access (browser-plugins.rules) * 1:15382 <-> DISABLED <-> SERVER-OTHER X.Org X Font Server QueryXBitmaps and QueryXExtents Handlers integer overflow attempt (server-other.rules) * 1:15383 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBL Event Handler Tags Removal memory corruption attempt (browser-firefox.rules) * 1:15384 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:15385 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:15387 <-> DISABLED <-> OS-WINDOWS udp WINS WPAD registration attempt (os-windows.rules) * 1:15389 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write attempt (protocol-scada.rules) * 1:1539 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/ls access (server-webapp.rules) * 1:15390 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill attempt (protocol-scada.rules) * 1:15391 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area transfer attempt (protocol-scada.rules) * 1:15392 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area write attempt (protocol-scada.rules) * 1:15393 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS parameter area clear attempt (protocol-scada.rules) * 1:15394 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect attempt (protocol-scada.rules) * 1:15395 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear attempt (protocol-scada.rules) * 1:15396 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area write attempt (protocol-scada.rules) * 1:15397 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area clear attempt (protocol-scada.rules) * 1:15398 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RUN attempt (protocol-scada.rules) * 1:15399 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS STOP attempt (protocol-scada.rules) * 1:1540 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion ?Mode=debug attempt (server-other.rules) * 1:15400 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS clock write attempt (protocol-scada.rules) * 1:15401 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right acquire attempt (protocol-scada.rules) * 1:15402 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS access right forced acquire attempt (protocol-scada.rules) * 1:15403 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS single file write attempt (protocol-scada.rules) * 1:15404 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file delete attempt (protocol-scada.rules) * 1:15405 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset attempt (protocol-scada.rules) * 1:15406 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS forced set/reset cancel attempt (protocol-scada.rules) * 1:15407 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS file memory write attempt (protocol-scada.rules) * 1:15408 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS data link table write attempt (protocol-scada.rules) * 1:15409 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS RESET attempt (protocol-scada.rules) * 1:1541 <-> DISABLED <-> PROTOCOL-FINGER version query (protocol-finger.rules) * 1:15410 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS name delete attempt (protocol-scada.rules) * 1:15411 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory card format attempt (protocol-scada.rules) * 1:15412 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area write overflow attempt (protocol-scada.rules) * 1:15413 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS memory area fill overflow attempt (protocol-scada.rules) * 1:15414 <-> DISABLED <-> PROTOCOL-SCADA OMRON-FINS program area protect clear brute force attempt (protocol-scada.rules) * 1:15415 <-> DISABLED <-> CONTENT-REPLACE AIM or ICQ deny unencrypted login connection (content-replace.rules) * 1:15416 <-> DISABLED <-> CONTENT-REPLACE ICQ deny http proxy login (content-replace.rules) * 1:15417 <-> DISABLED <-> CONTENT-REPLACE AIM deny server certificate for encrypted login (content-replace.rules) * 1:15418 <-> DISABLED <-> POLICY-SOCIAL AIM server certificate for encrypted login (policy-social.rules) * 1:1542 <-> DISABLED <-> SERVER-WEBAPP cgimail access (server-webapp.rules) * 1:15420 <-> DISABLED <-> CONTENT-REPLACE MSN deny login (content-replace.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15423 <-> DISABLED <-> MALWARE-CNC Clampi virus communication detected (malware-cnc.rules) * 1:15424 <-> DISABLED <-> SERVER-WEBAPP phpBB mod shoutbox sql injection attempt (server-webapp.rules) * 1:15425 <-> DISABLED <-> SERVER-WEBAPP phpBB mod tag board sql injection attempt (server-webapp.rules) * 1:15426 <-> ENABLED <-> FILE-IDENTIFY MAKI file download request (file-identify.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15429 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny outbound login attempt (content-replace.rules) * 1:1543 <-> DISABLED <-> SERVER-WEBAPP cgiwrap access (server-webapp.rules) * 1:15430 <-> DISABLED <-> FILE-OTHER Microsoft EMF+ GpFont.SetData buffer overflow attempt (file-other.rules) * 1:15431 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:15432 <-> DISABLED <-> SERVER-WEBAPP wordpress cat parameter arbitrary file execution attempt (server-webapp.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15435 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server consumer name handling denial of service attempt (server-other.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15438 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny udp login (content-replace.rules) * 1:15439 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:1544 <-> DISABLED <-> SERVER-WEBAPP Cisco Catalyst command execution attempt (server-webapp.rules) * 1:15440 <-> DISABLED <-> CONTENT-REPLACE QQ 2008 deny udp login (content-replace.rules) * 1:15441 <-> DISABLED <-> CONTENT-REPLACE QQ 2009 deny tcp login (content-replace.rules) * 1:15442 <-> DISABLED <-> SERVER-MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt (server-mysql.rules) * 1:15443 <-> DISABLED <-> SERVER-MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt (server-mysql.rules) * 1:15444 <-> ENABLED <-> FILE-IDENTIFY Core Audio Format file download request (file-identify.rules) * 1:15445 <-> DISABLED <-> SERVER-ORACLE Application Server BPEL module cross site scripting attempt (server-oracle.rules) * 1:15446 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory management console Accept-Language buffer overflow attempt (server-webapp.rules) * 1:15448 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt (netbios.rules) * 1:1545 <-> DISABLED <-> SERVER-OTHER Cisco denial of service attempt (server-other.rules) * 1:15451 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 1 (malware-cnc.rules) * 1:15452 <-> DISABLED <-> MALWARE-CNC possible Conficker.C HTTP traffic 2 (malware-cnc.rules) * 1:15455 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters XST parsing buffer overflow attempt (file-office.rules) * 1:15456 <-> DISABLED <-> SERVER-OTHER WinHTTP SSL/TLS impersonation attempt (server-other.rules) * 1:15457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:11966 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS tag memory corruption attempt (browser-ie.rules) * 1:11968 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:11969 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:1197 <-> DISABLED <-> SERVER-WEBAPP Phorum code access (server-webapp.rules) * 1:11970 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:11971 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:11972 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:11973 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:11975 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:11976 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:11977 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:11979 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:1198 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:11980 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:11981 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:11982 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:11983 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:11984 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:11985 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:11986 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:11987 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:11988 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:11989 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:1199 <-> DISABLED <-> SERVER-WEBAPP Compaq Insight directory traversal (server-webapp.rules) * 1:11990 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:11991 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:11992 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:11993 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:11994 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:11995 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:11996 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:11997 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:11998 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:11999 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:1200 <-> DISABLED <-> INDICATOR-COMPROMISE Invalid URL (indicator-compromise.rules) * 1:12000 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:12001 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:12002 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:12003 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:12004 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:12005 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:12006 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:12007 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:12009 <-> DISABLED <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules) * 1:1201 <-> DISABLED <-> INDICATOR-COMPROMISE 403 Forbidden (indicator-compromise.rules) * 1:12010 <-> DISABLED <-> BROWSER-PLUGINS RKD Software BarCode ActiveX clsid access (browser-plugins.rules) * 1:12012 <-> DISABLED <-> BROWSER-PLUGINS RKD Software BarCode ActiveX function call access (browser-plugins.rules) * 1:12014 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navcancl.htm url spoofing attempt (browser-ie.rules) * 1:12015 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioStudio2 NCT WavChunksEditor ActiveX clsid access (browser-plugins.rules) * 1:12017 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioStudio2 NCT WavChunksEditor ActiveX function call access (browser-plugins.rules) * 1:12019 <-> DISABLED <-> BROWSER-PLUGINS NCTsoft NCTAudioFile2 NCTWMAFile ActiveX clsid access (browser-plugins.rules) * 1:1202 <-> DISABLED <-> SERVER-WEBAPP search.vts access (server-webapp.rules) * 1:12021 <-> DISABLED <-> BROWSER-PLUGINS NCTsoft NCTAudioFile2 NCTWMAFile ActiveX function call access (browser-plugins.rules) * 1:12027 <-> ENABLED <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules) * 1:12029 <-> DISABLED <-> BROWSER-PLUGINS HP Digital Imaging hpqxml.dll ActiveX clsid access (browser-plugins.rules) * 1:12031 <-> DISABLED <-> CONTENT-REPLACE MSN deny in-bound file transfer attempts (content-replace.rules) * 1:12032 <-> DISABLED <-> CONTENT-REPLACE MSN deny out-bound file transfer attempts (content-replace.rules) * 1:12033 <-> DISABLED <-> CONTENT-REPLACE Jabber deny in-bound file transfer attempts (content-replace.rules) * 1:12034 <-> DISABLED <-> CONTENT-REPLACE Jabber deny out-bound file transfer attempts (content-replace.rules) * 1:12035 <-> DISABLED <-> CONTENT-REPLACE IRC deny in-bound file transfer attempts (content-replace.rules) * 1:12036 <-> DISABLED <-> CONTENT-REPLACE IRC deny out-bound file transfer attempts (content-replace.rules) * 1:12037 <-> DISABLED <-> CONTENT-REPLACE AIM deny in-bound file transfer attempts (content-replace.rules) * 1:12038 <-> DISABLED <-> CONTENT-REPLACE AIM deny out-bound file transfer attempts (content-replace.rules) * 1:12039 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny in-bound file transfer attempts (content-replace.rules) * 1:1204 <-> DISABLED <-> SERVER-WEBAPP ax-admin.cgi access (server-webapp.rules) * 1:12040 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger deny out-bound file transfer attempts (content-replace.rules) * 1:12041 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny in-bound file transfer attempts (content-replace.rules) * 1:12042 <-> DISABLED <-> CONTENT-REPLACE Yahoo Messenger V7 deny out-bound file transfer attempts (content-replace.rules) * 1:12043 <-> DISABLED <-> SERVER-IIS Microsoft XML parser IIS WebDAV attack attempt (server-iis.rules) * 1:12044 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12045 <-> DISABLED <-> SERVER-ORACLE Oracle Web Cache denial of service attempt (server-oracle.rules) * 1:12046 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (protocol-rpc.rules) * 1:12047 <-> DISABLED <-> PUA-ADWARE Adware yayad runtime detection (pua-adware.rules) * 1:12048 <-> DISABLED <-> MALWARE-OTHER Keylogger computer Keylogger runtime detection (malware-other.rules) * 1:12049 <-> DISABLED <-> MALWARE-OTHER Keylogger apophis spy 1.0 runtime detection (malware-other.rules) * 1:1205 <-> DISABLED <-> SERVER-WEBAPP axs.cgi access (server-webapp.rules) * 1:12050 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-greets toolbar runtime detection (pua-toolbars.rules) * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules) * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules) * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:12054 <-> ENABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules) * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules) * 1:12057 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUpGold configuration access (server-webapp.rules) * 1:12058 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:15458 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navigating between pages race condition attempt (browser-ie.rules) * 1:15459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted/unitialized object memory corruption attempt (browser-ie.rules) * 1:1546 <-> DISABLED <-> SERVER-WEBAPP Cisco HTTP double-percent DOS attempt (server-webapp.rules) * 1:15460 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX load/unload race condition attempt (browser-ie.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15466 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt (file-office.rules) * 1:15467 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (file-office.rules) * 1:15468 <-> ENABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15469 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:1547 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi arbitrary command execution attempt (server-webapp.rules) * 1:15470 <-> DISABLED <-> FILE-EXECUTABLE IIS ASP/ASP.NET potentially malicious file upload attempt (file-executable.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules) * 1:15473 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:15475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ISA Server cross-site scripting attempt (os-windows.rules) * 1:15476 <-> DISABLED <-> PUA-ADWARE Waledac spam bot HTTP POST request (pua-adware.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:1548 <-> DISABLED <-> SERVER-WEBAPP csSearch.cgi access (server-webapp.rules) * 1:15480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie record invalid version number exploit attempt (file-multimedia.rules) * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15485 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:15487 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt (file-multimedia.rules) * 1:15488 <-> DISABLED <-> SERVER-ORACLE Oracle Database Application Express Component APEX password hash disclosure attempt (server-oracle.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:1549 <-> DISABLED <-> SERVER-MAIL HELO overflow attempt (server-mail.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15491 <-> DISABLED <-> SERVER-WEBAPP Subversion 1.0.2 dated-rev-report buffer overflow over http attempt (server-webapp.rules) * 1:15492 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:15493 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:15499 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:1550 <-> DISABLED <-> SERVER-MAIL ETRN overflow attempt (server-mail.rules) * 1:15500 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules) * 1:15501 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint ParaBuildAtom memory corruption attempt (file-office.rules) * 1:15502 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint DiagramBuildContainer memory corruption attempt (file-office.rules) * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules) * 1:15504 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:15505 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:15506 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules) * 1:15509 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server CONNECT denial of service attempt (server-other.rules) * 1:1551 <-> DISABLED <-> SERVER-WEBAPP /CVS/Entries access (server-webapp.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15514 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt (server-other.rules) * 1:15515 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt (server-oracle.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15517 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:15518 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:1552 <-> DISABLED <-> SERVER-WEBAPP cvsweb version access (server-webapp.rules) * 1:15522 <-> DISABLED <-> SERVER-OTHER Active Directory invalid OID denial of service attempt (server-other.rules) * 1:15523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows srvsvc NetrShareEnum netname overflow attempt (os-windows.rules) * 1:15524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:15526 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules) * 1:15529 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain navigation cookie stealing attempt (browser-ie.rules) * 1:15531 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Unexpected method call remote code execution attempt (browser-ie.rules) * 1:15534 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XML HttpRequest race condition exploit attempt (browser-ie.rules) * 1:15535 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setCapture heap corruption exploit attempt (browser-ie.rules) * 1:15538 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt (browser-ie.rules) * 1:15539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules) * 1:1554 <-> DISABLED <-> SERVER-WEBAPP dbman db.cgi access (server-webapp.rules) * 1:15540 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout object use after free attempt (browser-ie.rules) * 1:15541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules) * 1:15542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:15543 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Communications Control v6 ActiveX clsid access (browser-plugins.rules) * 1:15545 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Communications Control v6 ActiveX function call access (browser-plugins.rules) * 1:15547 <-> DISABLED <-> BROWSER-PLUGINS eBay Picture Uploads control 1 ActiveX clsid access (browser-plugins.rules) * 1:15549 <-> DISABLED <-> BROWSER-PLUGINS eBay Picture Uploads control 1 ActiveX function call access (browser-plugins.rules) * 1:1555 <-> DISABLED <-> SERVER-WEBAPP DCShop access (server-webapp.rules) * 1:15551 <-> DISABLED <-> BROWSER-PLUGINS eBay Picture Uploads control 2 ActiveX clsid access (browser-plugins.rules) * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules) * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:15555 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System Intel Alert Originator Service buffer overflow attempt (server-other.rules) * 1:15557 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui EnjoySAP ActiveX clsid access (browser-plugins.rules) * 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:1556 <-> DISABLED <-> SERVER-WEBAPP DCShop orders.txt access (server-webapp.rules) * 1:15560 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client activity (policy-social.rules) * 1:15561 <-> DISABLED <-> POLICY-SOCIAL AOL Aimexpress web client login (policy-social.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules) * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules) * 1:15566 <-> DISABLED <-> PUA-ADWARE Gumblar HTTP GET request attempt (pua-adware.rules) * 1:15567 <-> DISABLED <-> PUA-ADWARE Martuz HTTP GET request attempt (pua-adware.rules) * 1:15568 <-> DISABLED <-> POLICY-SOCIAL AIM encrypted login attempt (policy-social.rules) * 1:15569 <-> DISABLED <-> POLICY-SOCIAL Yahoo encrypted login attempt (policy-social.rules) * 1:1557 <-> DISABLED <-> SERVER-WEBAPP DCShop auth_user_file.txt access (server-webapp.rules) * 1:15570 <-> DISABLED <-> CONTENT-REPLACE Google Talk deny login (content-replace.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15572 <-> DISABLED <-> SERVER-OTHER Curse of Silence Nokia SMS DoS attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15574 <-> DISABLED <-> SERVER-MAIL MAIL FROM command overflow attempt (server-mail.rules) * 1:15575 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:15576 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client login (policy-social.rules) * 1:15577 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web client activity (policy-social.rules) * 1:15578 <-> DISABLED <-> MALWARE-TOOLS Slowloris http DoS tool (malware-tools.rules) * 1:15579 <-> DISABLED <-> SERVER-OTHER Squid NTLM fakeauth_auth Helper denial of service attempt (server-other.rules) * 1:1558 <-> DISABLED <-> SERVER-WEBAPP Delegate whois overflow attempt (server-webapp.rules) * 1:15580 <-> DISABLED <-> SERVER-OTHER Squid oversized reply header handling exploit attempt (server-other.rules) * 1:15581 <-> DISABLED <-> SERVER-SAMBA Samba wildcard filename matching denial of service attempt (server-samba.rules) * 1:15582 <-> ENABLED <-> FILE-IDENTIFY ARJ format file download request (file-identify.rules) * 1:15583 <-> DISABLED <-> FILE-OTHER F-Secure AntiVirus library heap overflow attempt (file-other.rules) * 1:15584 <-> DISABLED <-> SQL char and sysobjects - possible sql injection recon attempt (sql.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 1 ActiveX clsid access (browser-plugins.rules) * 1:1559 <-> DISABLED <-> SERVER-WEBAPP /doc/packages access (server-webapp.rules) * 1:15590 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 10 ActiveX clsid access (browser-plugins.rules) * 1:15592 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 11 ActiveX clsid access (browser-plugins.rules) * 1:15594 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 12 ActiveX clsid access (browser-plugins.rules) * 1:15596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 13 ActiveX clsid access (browser-plugins.rules) * 1:15598 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 14 ActiveX clsid access (browser-plugins.rules) * 1:1560 <-> DISABLED <-> SERVER-WEBAPP /doc/ access (server-webapp.rules) * 1:15600 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 15 ActiveX clsid access (browser-plugins.rules) * 1:15602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 16 ActiveX clsid access (browser-plugins.rules) * 1:15604 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 17 ActiveX clsid access (browser-plugins.rules) * 1:15606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 18 ActiveX clsid access (browser-plugins.rules) * 1:15608 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 19 ActiveX clsid access (browser-plugins.rules) * 1:15610 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 2 ActiveX clsid access (browser-plugins.rules) * 1:15612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 20 ActiveX clsid access (browser-plugins.rules) * 1:15614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 21 ActiveX clsid access (browser-plugins.rules) * 1:15616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 22 ActiveX clsid access (browser-plugins.rules) * 1:15618 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 23 ActiveX clsid access (browser-plugins.rules) * 1:1562 <-> DISABLED <-> PROTOCOL-FTP SITE CHOWN overflow attempt (protocol-ftp.rules) * 1:15620 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 24 ActiveX clsid access (browser-plugins.rules) * 1:15622 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 25 ActiveX clsid access (browser-plugins.rules) * 1:15624 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 26 ActiveX clsid access (browser-plugins.rules) * 1:15626 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 27 ActiveX clsid access (browser-plugins.rules) * 1:15628 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 28 ActiveX clsid access (browser-plugins.rules) * 1:1563 <-> DISABLED <-> SERVER-WEBAPP login.htm attempt (server-webapp.rules) * 1:15630 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 29 ActiveX clsid access (browser-plugins.rules) * 1:15632 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 3 ActiveX clsid access (browser-plugins.rules) * 1:15634 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 30 ActiveX clsid access (browser-plugins.rules) * 1:15636 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 31 ActiveX clsid access (browser-plugins.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:1564 <-> DISABLED <-> SERVER-WEBAPP login.htm access (server-webapp.rules) * 1:15640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 33 ActiveX clsid access (browser-plugins.rules) * 1:15642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 34 ActiveX clsid access (browser-plugins.rules) * 1:15644 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 35 ActiveX clsid access (browser-plugins.rules) * 1:15646 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 36 ActiveX clsid access (browser-plugins.rules) * 1:15648 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 37 ActiveX clsid access (browser-plugins.rules) * 1:1565 <-> DISABLED <-> SERVER-WEBAPP eshop.pl arbitrary command execution attempt (server-webapp.rules) * 1:15650 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 38 ActiveX clsid access (browser-plugins.rules) * 1:15652 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 39 ActiveX clsid access (browser-plugins.rules) * 1:15654 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 4 ActiveX clsid access (browser-plugins.rules) * 1:15656 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 40 ActiveX clsid access (browser-plugins.rules) * 1:15658 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 41 ActiveX clsid access (browser-plugins.rules) * 1:1566 <-> DISABLED <-> SERVER-WEBAPP eshop.pl access (server-webapp.rules) * 1:15660 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 42 ActiveX clsid access (browser-plugins.rules) * 1:15662 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 43 ActiveX clsid access (browser-plugins.rules) * 1:15664 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 44 ActiveX clsid access (browser-plugins.rules) * 1:15666 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 45 ActiveX clsid access (browser-plugins.rules) * 1:15668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 5 ActiveX clsid access (browser-plugins.rules) * 1:1567 <-> DISABLED <-> SERVER-IIS /exchange/root.asp attempt (server-iis.rules) * 1:15670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX clsid access (browser-plugins.rules) * 1:15671 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX function call (browser-plugins.rules) * 1:15672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 7 ActiveX clsid access (browser-plugins.rules) * 1:15674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 8 ActiveX clsid access (browser-plugins.rules) * 1:15676 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 9 ActiveX clsid access (browser-plugins.rules) * 1:12392 <-> DISABLED <-> SERVER-MAIL GNU Mailutils request tag format string vulnerability attempt (server-mail.rules) * 1:12393 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 1 ActiveX clsid access (browser-plugins.rules) * 1:12395 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 2 ActiveX clsid access (browser-plugins.rules) * 1:12397 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 3 ActiveX clsid access (browser-plugins.rules) * 1:12399 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 4 ActiveX clsid access (browser-plugins.rules) * 1:1240 <-> DISABLED <-> SERVER-OTHER MDBMS overflow (server-other.rules) * 1:12401 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 5 ActiveX clsid access (browser-plugins.rules) * 1:12403 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 6 ActiveX clsid access (browser-plugins.rules) * 1:12405 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 7 ActiveX clsid access (browser-plugins.rules) * 1:12407 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 8 ActiveX clsid access (browser-plugins.rules) * 1:12409 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 9 ActiveX clsid access (browser-plugins.rules) * 1:1241 <-> DISABLED <-> SERVER-WEBAPP SWEditServlet directory traversal attempt (server-webapp.rules) * 1:12411 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Edition 10 ActiveX clsid access (browser-plugins.rules) * 1:12413 <-> DISABLED <-> BROWSER-PLUGINS Earth Resource Mapper NCSView ActiveX clsid access (browser-plugins.rules) * 1:12415 <-> DISABLED <-> BROWSER-PLUGINS Earth Resource Mapper NCSView ActiveX function call access (browser-plugins.rules) * 1:12417 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro ActiveX clsid access (browser-plugins.rules) * 1:12419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro ActiveX function call access (browser-plugins.rules) * 1:1242 <-> DISABLED <-> SERVER-IIS ISAPI .ida access (server-iis.rules) * 1:12421 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long transport header (server-other.rules) * 1:12422 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long describe request exploit attempt (server-other.rules) * 1:12423 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange CDO long header name (server-mail.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12425 <-> DISABLED <-> PUA-P2P Ruckus P2P client activity (pua-p2p.rules) * 1:12426 <-> DISABLED <-> PUA-P2P Ruckus P2P broadcast domain probe (pua-p2p.rules) * 1:12427 <-> DISABLED <-> PUA-P2P Ruckus P2P encrypted authentication connection (pua-p2p.rules) * 1:12428 <-> DISABLED <-> BROWSER-PLUGINS GlobalLink glitemflat.dll ActiveX clsid access (browser-plugins.rules) * 1:1243 <-> DISABLED <-> SERVER-IIS ISAPI .ida attempt (server-iis.rules) * 1:12430 <-> DISABLED <-> BROWSER-PLUGINS EDraw Office Viewer Component ActiveX clsid access (browser-plugins.rules) * 1:12432 <-> DISABLED <-> BROWSER-PLUGINS EDraw Office Viewer Component ActiveX function call access (browser-plugins.rules) * 1:12434 <-> DISABLED <-> BROWSER-PLUGINS BaoFeng Storm MPS.dll ActiveX clsid access (browser-plugins.rules) * 1:12436 <-> DISABLED <-> POLICY-MULTIMEDIA Youtube video player file request (policy-multimedia.rules) * 1:12437 <-> DISABLED <-> POLICY-MULTIMEDIA Google video player request (policy-multimedia.rules) * 1:12438 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component CryptoX.dll ActiveX clsid access (browser-plugins.rules) * 1:1244 <-> DISABLED <-> SERVER-IIS ISAPI .idq attempt (server-iis.rules) * 1:12440 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component CryptoX.dll ActiveX function call access (browser-plugins.rules) * 1:12442 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component CryptoX.dll 2 ActiveX clsid access (browser-plugins.rules) * 1:12444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX clsid access (browser-plugins.rules) * 1:12446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server Distributed Management Objects ActiveX function call access (browser-plugins.rules) * 1:12448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX clsid access (browser-plugins.rules) * 1:1245 <-> DISABLED <-> SERVER-IIS ISAPI .idq access (server-iis.rules) * 1:12450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX function call access (browser-plugins.rules) * 1:12452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent File Provider ActiveX clsid access (browser-plugins.rules) * 1:12454 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> ENABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12456 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:12457 <-> DISABLED <-> POLICY-SOCIAL Microsoft Live chat video feed initiation (policy-social.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:12461 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio 6 VBTOVSI.dll ActiveX clsid access (browser-plugins.rules) * 1:12463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Visual Studio Crystal Reports RPT file handling buffer overflow attempt (os-windows.rules) * 1:12464 <-> DISABLED <-> PROTOCOL-NNTP cancel overflow attempt (protocol-nntp.rules) * 1:12465 <-> DISABLED <-> SERVER-APACHE Apache APR memory corruption attempt (server-apache.rules) * 1:12466 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies QRCode ActiveX clsid access (browser-plugins.rules) * 1:12468 <-> DISABLED <-> BROWSER-PLUGINS COWON America JetAudio JetFlExt.dll ActiveX clsid access (browser-plugins.rules) * 1:12470 <-> DISABLED <-> BROWSER-PLUGINS COWON America JetAudio JetFlExt.dll ActiveX function call access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12476 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Messenger CYFT ActiveX clsid access (browser-plugins.rules) * 1:12478 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Messenger CYFT ActiveX function call access (browser-plugins.rules) * 1:1248 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage rad fp30reg.dll access (server-other.rules) * 1:12480 <-> ENABLED <-> MALWARE-OTHER Keylogger inside website logger 2.4 runtime detection (malware-other.rules) * 1:12481 <-> DISABLED <-> PUA-TOOLBARS Hijacker 411web toolbar runtime detection (pua-toolbars.rules) * 1:12482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZOMBIES_HTTP_GET (malware-cnc.rules) * 1:12483 <-> DISABLED <-> PUA-ADWARE Other-Technologies virusprotectpro 3.7 outbound connection (pua-adware.rules) * 1:12484 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - ads for members (pua-adware.rules) * 1:12485 <-> DISABLED <-> PUA-ADWARE Adware instant buzz runtime detection - random text ads (pua-adware.rules) * 1:12486 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - get weather information (pua-toolbars.rules) * 1:12487 <-> DISABLED <-> PUA-TOOLBARS Hijacker soso toolbar runtime detection - hijack ie auto searches / soso toolbar searches requests (pua-toolbars.rules) * 1:12489 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrWkstaGetInfo attempt (netbios.rules) * 1:1249 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage rad fp4areg.dll access (server-other.rules) * 1:1250 <-> DISABLED <-> OS-OTHER Cisco IOS HTTP configuration attempt (os-other.rules) * 1:1252 <-> DISABLED <-> PROTOCOL-TELNET bsd telnet exploit response (protocol-telnet.rules) * 1:1253 <-> DISABLED <-> PROTOCOL-TELNET bsd exploit client finishing (protocol-telnet.rules) * 1:1254 <-> DISABLED <-> SERVER-WEBAPP PHPLIB remote command attempt (server-webapp.rules) * 1:1255 <-> DISABLED <-> SERVER-WEBAPP PHPLIB remote command attempt (server-webapp.rules) * 1:1256 <-> DISABLED <-> SERVER-IIS CodeRed v2 root.exe access (server-iis.rules) * 1:1257 <-> DISABLED <-> SERVER-OTHER Winnuke attack (server-other.rules) * 1:1259 <-> DISABLED <-> SERVER-WEBAPP SWEditServlet access (server-webapp.rules) * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules) * 1:12592 <-> DISABLED <-> SERVER-MAIL Recipient arbitrary command injection attempt (server-mail.rules) * 1:12593 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Apple Quicktime chrome exploit (browser-firefox.rules) * 1:12594 <-> DISABLED <-> SERVER-OTHER Oracle TNS Service_CurLoad command (server-other.rules) * 1:12595 <-> DISABLED <-> SERVER-IIS malicious ASP file upload attempt (server-iis.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12597 <-> DISABLED <-> SERVER-OTHER utf8 filename transfer attempt (server-other.rules) * 1:12598 <-> DISABLED <-> BROWSER-PLUGINS Xunlei Web Thunder ActiveX clsid access (browser-plugins.rules) * 1:12600 <-> DISABLED <-> BROWSER-PLUGINS ebCrypt IncrementalHash ActiveX clsid access (browser-plugins.rules) * 1:12602 <-> DISABLED <-> BROWSER-PLUGINS ebCrypt IncrementalHash ActiveX function call access (browser-plugins.rules) * 1:12604 <-> DISABLED <-> BROWSER-PLUGINS ebCrypt PRNGenerator ActiveX clsid access (browser-plugins.rules) * 1:12606 <-> DISABLED <-> BROWSER-PLUGINS ebCrypt PRNGenerator ActiveX function call access (browser-plugins.rules) * 1:12608 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp request (protocol-rpc.rules) * 1:12609 <-> DISABLED <-> PROTOCOL-RPC portmap walld udp format string attack attempt (protocol-rpc.rules) * 1:1261 <-> DISABLED <-> SERVER-OTHER AIX pdnsd overflow (server-other.rules) * 1:12610 <-> DISABLED <-> SERVER-WEBAPP phpBB viewtopic double URL encoding attempt (server-webapp.rules) * 1:12611 <-> DISABLED <-> POLICY-SOCIAL ebuddy.com login attempt (policy-social.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12616 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:12618 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic VBP file reference overflow attempt (file-other.rules) * 1:12619 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange ical/vcal malformed property (server-mail.rules) * 1:1262 <-> DISABLED <-> PROTOCOL-RPC portmap admind request TCP (protocol-rpc.rules) * 1:12620 <-> DISABLED <-> PUA-ADWARE Adware drive cleaner 1.0.111 runtime detection (pua-adware.rules) * 1:12621 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection (pua-toolbars.rules) * 1:12622 <-> DISABLED <-> PUA-TOOLBARS Trackware extra toolbar 1.0 runtime detection - file download (pua-toolbars.rules) * 1:12623 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection (pua-adware.rules) * 1:12624 <-> DISABLED <-> PUA-ADWARE Hijacker onestepsearch 1.0.118 outbound connection - upgrade (pua-adware.rules) * 1:12625 <-> DISABLED <-> MALWARE-OTHER Keylogger windows family safety 2.0 runtime detection (malware-other.rules) * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules) * 1:12629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules) * 1:1263 <-> DISABLED <-> PROTOCOL-RPC portmap amountd request TCP (protocol-rpc.rules) * 1:12630 <-> DISABLED <-> INDICATOR-SHELLCODE unescape unicode encoded shellcode (indicator-shellcode.rules) * 1:12631 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging small offset malformed jpeg tables (os-windows.rules) * 1:12632 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 Kodak Imaging large offset malformed jpeg tables (os-windows.rules) * 1:12634 <-> DISABLED <-> FILE-IMAGE Microsoft Windows 2000 Kodak Imaging large offset malformed tiff 2 (file-image.rules) * 1:12635 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials attempt (os-windows.rules) * 1:12637 <-> DISABLED <-> BROWSER-PLUGINS Kaspersky Online Scanner KAVWebScan.dll ActiveX clsid access (browser-plugins.rules) * 1:12639 <-> DISABLED <-> BROWSER-PLUGINS Kaspersky Online Scanner KAVWebScan.dll ActiveX function call access (browser-plugins.rules) * 1:1264 <-> DISABLED <-> PROTOCOL-RPC portmap bootparam request TCP (protocol-rpc.rules) * 1:12641 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:12642 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials (os-windows.rules) * 1:12643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows URI External handler arbitrary command attempt (os-windows.rules) * 1:12644 <-> DISABLED <-> BROWSER-PLUGINS PBEmail7 ActiveX clsid access (browser-plugins.rules) * 1:12646 <-> DISABLED <-> BROWSER-PLUGINS PBEmail7 ActiveX function call access (browser-plugins.rules) * 1:12648 <-> DISABLED <-> BROWSER-PLUGINS DB Software Laboratory VImpX ActiveX clsid access (browser-plugins.rules) * 1:1265 <-> DISABLED <-> PROTOCOL-RPC portmap cmsd request TCP (protocol-rpc.rules) * 1:13905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:13907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:13911 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules) * 1:13912 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled attack attempt (browser-ie.rules) * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:13915 <-> ENABLED <-> FILE-IDENTIFY BAK file download request (file-identify.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules) * 1:13917 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13918 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13919 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:1392 <-> DISABLED <-> SERVER-WEBAPP lastlines.cgi access (server-webapp.rules) * 1:13920 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13923 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP HELO command denial of service attempt (server-mail.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules) * 1:13928 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:13929 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:13930 <-> DISABLED <-> PUA-ADWARE Trickler pc privacy cleaner outbound connection - order/register request (pua-adware.rules) * 1:13931 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PcPcUpdater (malware-cnc.rules) * 1:13932 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - opera (malware-cnc.rules) * 1:13933 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:13934 <-> DISABLED <-> MALWARE-CNC Hijacker mediatubecodec 1.470.0 variant outbound connection hijack ie (malware-cnc.rules) * 1:13935 <-> DISABLED <-> MALWARE-CNC Hijacker mediatubecodec 1.470.0 variant outbound connection download other malware (malware-cnc.rules) * 1:13936 <-> DISABLED <-> MALWARE-CNC Trickler dropper agent.rqg variant outbound connection call home (malware-cnc.rules) * 1:13937 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - call home (pua-adware.rules) * 1:13938 <-> ENABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant outbound connection (pua-adware.rules) * 1:13939 <-> DISABLED <-> PUA-ADWARE Hijacker adware.win32.ejik.ec variant runtime detection - auto update (pua-adware.rules) * 1:1394 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ecx NOOP (indicator-shellcode.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.nac variant outbound connection click fraud (malware-cnc.rules) * 1:13942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.nac variant outbound connection call home (malware-cnc.rules) * 1:13943 <-> ENABLED <-> PUA-ADWARE Trickler dropper agent.rqg outbound connection (pua-adware.rules) * 1:13944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.small.gy variant outbound connection get whitelist (malware-cnc.rules) * 1:13945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.small.gy variant outbound connection update (malware-cnc.rules) * 1:13948 <-> DISABLED <-> PROTOCOL-DNS large number of NXDOMAIN replies - possible DNS cache poisoning (protocol-dns.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:1395 <-> DISABLED <-> SERVER-WEBAPP zml.cgi attempt (server-webapp.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13951 <-> DISABLED <-> SERVER-WEBAPP Oracle Database Server buffer overflow attempt (server-webapp.rules) * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules) * 1:1396 <-> DISABLED <-> SERVER-WEBAPP zml.cgi access (server-webapp.rules) * 1:13960 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:13961 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer table layout access violation vulnerability (browser-ie.rules) * 1:13962 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MHTML zone control bypass attempt (browser-ie.rules) * 1:13963 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:13964 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:1397 <-> DISABLED <-> SERVER-WEBAPP wayboard attempt (server-webapp.rules) * 1:13970 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:13971 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:13972 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:13974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XHTML element memory corruption attempt (browser-ie.rules) * 1:13975 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid access (browser-plugins.rules) * 1:13976 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX clsid unicode access (browser-plugins.rules) * 1:13977 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call access (browser-plugins.rules) * 1:13978 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Event System ActiveX function call unicode access (browser-plugins.rules) * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules) * 1:1398 <-> DISABLED <-> SERVER-OTHER CDE dtspcd exploit attempt (server-other.rules) * 1:13980 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer http status response memory corruption vulnerability (browser-ie.rules) * 1:13981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules) * 1:13983 <-> ENABLED <-> FILE-IDENTIFY EPS file download request (file-identify.rules) * 1:13987 <-> DISABLED <-> INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13988 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:13989 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:1399 <-> DISABLED <-> SERVER-WEBAPP PHP-Nuke remote file include attempt (server-webapp.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:13991 <-> DISABLED <-> SQL xp_regaddmultistring attempt (sql.rules) * 1:13992 <-> DISABLED <-> SQL xp_regdeletevalue attempt (sql.rules) * 1:13993 <-> DISABLED <-> SQL xp_regenumkeys attempt (sql.rules) * 1:13994 <-> DISABLED <-> SQL xp_regenumvalues attempt (sql.rules) * 1:13995 <-> DISABLED <-> SQL xp_regremovemultistring attempt (sql.rules) * 1:13996 <-> DISABLED <-> SQL xp_servicecontrol attempt (sql.rules) * 1:13997 <-> DISABLED <-> SQL xp_loginconfig attempt (sql.rules) * 1:13998 <-> DISABLED <-> SQL xp_terminate_process attempt (sql.rules) * 1:1400 <-> DISABLED <-> SERVER-IIS /scripts/samples/ access (server-iis.rules) * 1:14008 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:1401 <-> DISABLED <-> SERVER-IIS /msadc/samples/ access (server-iis.rules) * 1:14013 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:14015 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> ENABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:1402 <-> DISABLED <-> SERVER-IIS iissamples access (server-iis.rules) * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules) * 1:14021 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:14023 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:14025 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14027 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14029 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14031 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX function call access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:14039 <-> DISABLED <-> FILE-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (file-other.rules) * 1:14040 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (server-other.rules) * 1:14041 <-> DISABLED <-> SERVER-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt - 2 (server-other.rules) * 1:14042 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer General Property Page ActiveX clsid access (browser-plugins.rules) * 1:14044 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX function call access (browser-plugins.rules) * 1:14046 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX function call access (browser-plugins.rules) * 1:14048 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX function call access (browser-plugins.rules) * 1:1405 <-> DISABLED <-> SERVER-WEBAPP AHG search.cgi access (server-webapp.rules) * 1:14050 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX function call access (browser-plugins.rules) * 1:14052 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX function call access (browser-plugins.rules) * 1:14054 <-> DISABLED <-> PUA-ADWARE Adware AdwareALERT runtime detection - auto update (pua-adware.rules) * 1:14055 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - hijack ie auto search (pua-toolbars.rules) * 1:14056 <-> DISABLED <-> PUA-TOOLBARS Hijacker rediff toolbar runtime detection - get news info (pua-toolbars.rules) * 1:14057 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DMFR (malware-cnc.rules) * 1:14058 <-> DISABLED <-> PUA-ADWARE Hijacker cpush 2 outbound connection - pass info to controlling server (pua-adware.rules) * 1:14059 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_HOMEPAGE (malware-cnc.rules) * 1:1406 <-> DISABLED <-> SERVER-WEBAPP agora.cgi access (server-webapp.rules) * 1:14060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_UPDATER (malware-cnc.rules) * 1:14061 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - order/register request (pua-adware.rules) * 1:14062 <-> DISABLED <-> PUA-ADWARE Trickler antimalware guard runtime detection - auto update (pua-adware.rules) * 1:14063 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - hijack ie searches (pua-adware.rules) * 1:14064 <-> DISABLED <-> PUA-ADWARE Hijacker cashon outbound connection - auto update (pua-adware.rules) * 1:14065 <-> DISABLED <-> MALWARE-OTHER Keylogger emptybase j runtime detection (malware-other.rules) * 1:14066 <-> DISABLED <-> PUA-ADWARE Adware winsecuredisc runtime detection (pua-adware.rules) * 1:14067 <-> DISABLED <-> PUA-ADWARE Adware swizzor runtime detection (pua-adware.rules) * 1:14068 <-> DISABLED <-> PUA-ADWARE Adware rond runtime detection (pua-adware.rules) * 1:14069 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - order request (pua-adware.rules) * 1:1407 <-> DISABLED <-> SERVER-WEBAPP smssend.php access (server-webapp.rules) * 1:14070 <-> DISABLED <-> PUA-ADWARE Adware brave sentry runtime detection - self update (pua-adware.rules) * 1:14071 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #1 (pua-adware.rules) * 1:14072 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - pop-up window traffic #2 (pua-adware.rules) * 1:14073 <-> DISABLED <-> PUA-ADWARE Hijacker Adware bho.gen runtime detection - prompt download page (pua-adware.rules) * 1:14074 <-> DISABLED <-> MALWARE-OTHER Keylogger spybosspro 4.2 runtime detection (malware-other.rules) * 1:14075 <-> DISABLED <-> MALWARE-OTHER Keylogger ultimate Keylogger pro runtime detection (malware-other.rules) * 1:14076 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - hijack search (pua-adware.rules) * 1:14077 <-> DISABLED <-> PUA-ADWARE Hijacker Adware win32 mostofate runtime detection - redirect search results (pua-adware.rules) * 1:14078 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - download malicous code (pua-adware.rules) * 1:14079 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious sites (pua-adware.rules) * 1:1408 <-> DISABLED <-> SERVER-OTHER MSDTC attempt (server-other.rules) * 1:14080 <-> DISABLED <-> PUA-ADWARE Adware winspywareprotect runtime detection - connection to malicious server (pua-adware.rules) * 1:14081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection call home (malware-cnc.rules) * 1:14082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection spread via spam (malware-cnc.rules) * 1:14083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.aarm variant outbound connection download other malware (malware-cnc.rules) * 1:14084 <-> DISABLED <-> MALWARE-CNC infostealer.banker.c variant outbound connection download cfg.bin (malware-cnc.rules) * 1:14085 <-> DISABLED <-> MALWARE-CNC infostealer.banker.c variant outbound connection collect user info (malware-cnc.rules) * 1:14086 <-> DISABLED <-> MALWARE-CNC Adware.Win32.Agent.BM variant outbound connection 1 (malware-cnc.rules) * 1:14087 <-> DISABLED <-> MALWARE-CNC Adware.Win32.Agent.BM variant outbound connection 2 (malware-cnc.rules) * 1:14088 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 1 ActiveX clsid access (browser-plugins.rules) * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules) * 1:14090 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 2 ActiveX clsid access (browser-plugins.rules) * 1:14092 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 3 ActiveX clsid access (browser-plugins.rules) * 1:14094 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 4 ActiveX clsid access (browser-plugins.rules) * 1:14096 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 5 ActiveX clsid access (browser-plugins.rules) * 1:14098 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 6 ActiveX clsid access (browser-plugins.rules) * 1:141 <-> DISABLED <-> MALWARE-BACKDOOR HackAttack 1.20 Connect (malware-backdoor.rules) * 1:1410 <-> DISABLED <-> SERVER-WEBAPP dcboard.cgi access (server-webapp.rules) * 1:14100 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 7 ActiveX clsid access (browser-plugins.rules) * 1:14102 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 8 ActiveX clsid access (browser-plugins.rules) * 1:14104 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 9 ActiveX clsid access (browser-plugins.rules) * 1:14106 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 10 ActiveX clsid access (browser-plugins.rules) * 1:14108 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 11 ActiveX clsid access (browser-plugins.rules) * 1:1411 <-> DISABLED <-> PROTOCOL-SNMP public access udp (protocol-snmp.rules) * 1:14110 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 12 ActiveX clsid access (browser-plugins.rules) * 1:14112 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 13 ActiveX clsid access (browser-plugins.rules) * 1:14114 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 14 ActiveX clsid access (browser-plugins.rules) * 1:14116 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 15 ActiveX clsid access (browser-plugins.rules) * 1:14118 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 16 ActiveX clsid access (browser-plugins.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:14120 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 17 ActiveX clsid access (browser-plugins.rules) * 1:14122 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 18 ActiveX clsid access (browser-plugins.rules) * 1:14124 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 19 ActiveX clsid access (browser-plugins.rules) * 1:14126 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 20 ActiveX clsid access (browser-plugins.rules) * 1:1206 <-> DISABLED <-> SERVER-WEBAPP cachemgr.cgi access (server-webapp.rules) * 1:12062 <-> DISABLED <-> BROWSER-PLUGINS HP Instant Support ActiveX clsid access (browser-plugins.rules) * 1:12064 <-> DISABLED <-> SERVER-IIS w3svc _vti_bin null pointer dereference attempt (server-iis.rules) * 1:12065 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12066 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12067 <-> DISABLED <-> POLICY-OTHER Outbound Teredo traffic detected (policy-other.rules) * 1:12068 <-> DISABLED <-> POLICY-OTHER Inbound Teredo traffic detected (policy-other.rules) * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:1207 <-> DISABLED <-> SERVER-WEBAPP htgrep access (server-webapp.rules) * 1:12070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed version field (file-office.rules) * 1:12073 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:12074 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:12075 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:12076 <-> DISABLED <-> SERVER-OTHER Ipswitch WS_FTP log server long unicode string (server-other.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:1208 <-> DISABLED <-> SERVER-WEBAPP responder.cgi access (server-webapp.rules) * 1:12080 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd arbitrary file deletion vulnerability (os-solaris.rules) * 1:12081 <-> DISABLED <-> SERVER-OTHER BakBone NetVault server heap overflow attempt (server-other.rules) * 1:12082 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS denial of service attempt (server-oracle.rules) * 1:12083 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar Actbar3 ActiveX clsid access (browser-plugins.rules) * 1:12085 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar Actbar3 ActiveX function call access (browser-plugins.rules) * 1:12087 <-> DISABLED <-> BROWSER-PLUGINS McAfee NeoTrace ActiveX clsid access (browser-plugins.rules) * 1:12089 <-> DISABLED <-> BROWSER-PLUGINS McAfee NeoTrace ActiveX function call access (browser-plugins.rules) * 1:1209 <-> DISABLED <-> SERVER-WEBAPP .nsconfig access (server-webapp.rules) * 1:12091 <-> DISABLED <-> BROWSER-PLUGINS EldoS SecureBlackbox PGPBBox ActiveX clsid access (browser-plugins.rules) * 1:12093 <-> DISABLED <-> BROWSER-PLUGINS EldoS SecureBlackbox PGPBBox ActiveX function call access (browser-plugins.rules) * 1:12099 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (file-office.rules) * 1:121 <-> DISABLED <-> MALWARE-BACKDOOR Infector 1.6 Client to Server Connection Request (malware-backdoor.rules) * 1:12100 <-> DISABLED <-> NETBIOS DCERPC-NCACN-IP-TCP ca alert function 16/23 overflow attempt (netbios.rules) * 1:1211 <-> DISABLED <-> SERVER-WEBAPP web-map.cgi access (server-webapp.rules) * 1:12112 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:12113 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12114 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12115 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search command buffer overflow attempt (server-mail.rules) * 1:12116 <-> DISABLED <-> BROWSER-PLUGINS Zenturi ProgramChecker SASATL ActiveX clsid access (browser-plugins.rules) * 1:12118 <-> DISABLED <-> BROWSER-PLUGINS Zenturi ProgramChecker SASATL ActiveX function call access (browser-plugins.rules) * 1:1212 <-> DISABLED <-> SERVER-WEBAPP Admin_files access (server-webapp.rules) * 1:12120 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - version check (pua-adware.rules) * 1:12121 <-> DISABLED <-> PUA-ADWARE Adware pprich runtime detection - udp info sent out (pua-adware.rules) * 1:12122 <-> DISABLED <-> PUA-TOOLBARS Trackware spynova runtime detection (pua-toolbars.rules) * 1:12123 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - hijack ie (pua-adware.rules) * 1:12124 <-> DISABLED <-> PUA-ADWARE Hijacker lookquick outbound connection - monitor and collect user info (pua-adware.rules) * 1:12125 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - hijack ie search assistant (pua-toolbars.rules) * 1:12126 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - collect user information (pua-toolbars.rules) * 1:12127 <-> DISABLED <-> PUA-TOOLBARS Trackware lookster toolbar runtime detection - ads (pua-toolbars.rules) * 1:12128 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - init connection (malware-other.rules) * 1:12129 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:1213 <-> DISABLED <-> SERVER-WEBAPP backup access (server-webapp.rules) * 1:12130 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - get sys info (malware-other.rules) * 1:12131 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12132 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - keylogging (malware-other.rules) * 1:12133 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12134 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - open url (malware-other.rules) * 1:12135 <-> ENABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12136 <-> DISABLED <-> MALWARE-OTHER Keylogger remotekeylog.b runtime detection - fun (malware-other.rules) * 1:12137 <-> DISABLED <-> MALWARE-OTHER Keylogger Keylogger king home 2.3 runtime detection (malware-other.rules) * 1:12138 <-> DISABLED <-> PUA-ADWARE Adware zamingo runtime detection (pua-adware.rules) * 1:12139 <-> DISABLED <-> MALWARE-OTHER Trackware stealth website logger 3.4 runtime detection (malware-other.rules) * 1:1214 <-> DISABLED <-> SERVER-WEBAPP intranet access (server-webapp.rules) * 1:12140 <-> DISABLED <-> PUA-ADWARE Hijacker cnnic update outbound connection (pua-adware.rules) * 1:12141 <-> DISABLED <-> MALWARE-OTHER Keylogger logit v1.0 runtime detection (malware-other.rules) * 1:12142 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules) * 1:12144 <-> ENABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules) * 1:12146 <-> ENABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules) * 1:12148 <-> ENABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules) * 1:1215 <-> DISABLED <-> SERVER-WEBAPP ministats admin access (server-webapp.rules) * 1:12150 <-> ENABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules) * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules) * 1:12153 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12154 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules) * 1:12156 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12157 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules) * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules) * 1:1216 <-> DISABLED <-> SERVER-WEBAPP filemail access (server-webapp.rules) * 1:12160 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12161 <-> ENABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules) * 1:12650 <-> DISABLED <-> BROWSER-PLUGINS DB Software Laboratory VImpX ActiveX function call access (browser-plugins.rules) * 1:12652 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - hijack browser (pua-adware.rules) * 1:12653 <-> DISABLED <-> PUA-ADWARE Hijacker new.net domain 7.2.2 outbound connection - download code (pua-adware.rules) * 1:12654 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - hijack browser (pua-adware.rules) * 1:12655 <-> DISABLED <-> PUA-ADWARE Hijacker rabio 4.2 outbound connection - download updates (pua-adware.rules) * 1:12656 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 1 (pua-adware.rules) * 1:12657 <-> DISABLED <-> PUA-ADWARE Adware icoo loader 2.5 runtime detection 2 (pua-adware.rules) * 1:12658 <-> DISABLED <-> PUA-ADWARE Adware winantivirus pro 2007 runtime detection (pua-adware.rules) * 1:12659 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - automatic updates (pua-adware.rules) * 1:12660 <-> DISABLED <-> PUA-ADWARE Trickler zlob media codec outbound connection - download redirect domains (pua-adware.rules) * 1:12661 <-> DISABLED <-> MALWARE-CNC troll.a variant outbound connection (malware-cnc.rules) * 1:12664 <-> DISABLED <-> BROWSER-IE Microsoft Windows ShellExecute and Internet Explorer 7 url handling code execution attempt (browser-ie.rules) * 1:12665 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGSever username buffer overflow attempt (server-other.rules) * 1:12666 <-> DISABLED <-> SERVER-OTHER HP OpenView OVTrace buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:1267 <-> DISABLED <-> PROTOCOL-RPC portmap nisd request TCP (protocol-rpc.rules) * 1:12672 <-> DISABLED <-> PUA-TOOLBARS Trackware searchmiracle elitebar runtime detection - get ads (pua-toolbars.rules) * 1:12674 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iebar (malware-cnc.rules) * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules) * 1:12676 <-> DISABLED <-> PUA-ADWARE Conspy Update Checking Detected (pua-adware.rules) * 1:12677 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - softwares (pua-adware.rules) * 1:12678 <-> DISABLED <-> PUA-ADWARE SpyTech Realtime Spy Detection (pua-adware.rules) * 1:12679 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar user-agent detection (pua-toolbars.rules) * 1:1268 <-> DISABLED <-> PROTOCOL-RPC portmap pcnfsd request TCP (protocol-rpc.rules) * 1:12680 <-> DISABLED <-> PROTOCOL-VOIP Via header hostname buffer overflow attempt (protocol-voip.rules) * 1:12681 <-> DISABLED <-> PROTOCOL-VOIP SIP URI overflow attempt (protocol-voip.rules) * 1:12682 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12683 <-> DISABLED <-> PROTOCOL-VOIP From header field buffer overflow attempt (protocol-voip.rules) * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:12686 <-> DISABLED <-> POLICY-SOCIAL AIM Express usage (policy-social.rules) * 1:12687 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12689 <-> DISABLED <-> BROWSER-PLUGINS GlobalLink ConnectAndEnterRoom ActiveX clsid access (browser-plugins.rules) * 1:1269 <-> DISABLED <-> PROTOCOL-RPC portmap rexd request TCP (protocol-rpc.rules) * 1:12691 <-> DISABLED <-> PUA-P2P Outbound Joltid PeerEnabler traffic detected (pua-p2p.rules) * 1:12693 <-> DISABLED <-> PUA-ADWARE Hijacker personalweb outbound connection (pua-adware.rules) * 1:12694 <-> DISABLED <-> PUA-ADWARE Adware avsystemcare runtime detection (pua-adware.rules) * 1:12695 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - initial connection (pua-adware.rules) * 1:12696 <-> DISABLED <-> PUA-ADWARE Adware coopen 3.6.1 runtime detection - automatic upgrade (pua-adware.rules) * 1:12697 <-> DISABLED <-> MALWARE-OTHER Trackware browser accelerator runtime detection - pass user information to server (malware-other.rules) * 1:12698 <-> DISABLED <-> MALWARE-OTHER Keylogger net vizo 5.2 runtime detection (malware-other.rules) * 1:12699 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:1270 <-> DISABLED <-> PROTOCOL-RPC portmap rstatd request TCP (protocol-rpc.rules) * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules) * 1:12704 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer MIFFILE comment overflow (server-mail.rules) * 1:12705 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement overflow (server-mail.rules) * 1:12706 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement data overflow (server-mail.rules) * 1:12707 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer lyrics heap overflow attempt (file-multimedia.rules) * 1:12708 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind auth buffer overflow attempt (protocol-rpc.rules) * 1:1271 <-> DISABLED <-> PROTOCOL-RPC portmap rusers request TCP (protocol-rpc.rules) * 1:12710 <-> DISABLED <-> SERVER-OTHER ASN.1 constructed bit string (server-other.rules) * 1:12711 <-> DISABLED <-> SERVER-APACHE Apache Tomcat WebDAV system tag remote file disclosure attempt (server-apache.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:12713 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:12714 <-> DISABLED <-> BROWSER-PLUGINS WebEx GPCContainer ActiveX clsid access (browser-plugins.rules) * 1:12716 <-> DISABLED <-> BROWSER-PLUGINS WebEx GPCContainer ActiveX function call access (browser-plugins.rules) * 1:12718 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - initial connection (pua-adware.rules) * 1:12719 <-> DISABLED <-> PUA-ADWARE Hijacker side find 1.0 outbound connection - hijacks search engine (pua-adware.rules) * 1:1272 <-> DISABLED <-> PROTOCOL-RPC portmap sadmind request TCP (protocol-rpc.rules) * 1:12720 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - update (pua-adware.rules) * 1:12721 <-> DISABLED <-> PUA-ADWARE Adware pestbot runtime detection - purchase (pua-adware.rules) * 1:12722 <-> DISABLED <-> PUA-ADWARE Hijacker sexyvideoscreensaver outbound connection (pua-adware.rules) * 1:12723 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - WakeSpace (malware-cnc.rules) * 1:12724 <-> ENABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules) * 1:12726 <-> ENABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules) * 1:12728 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks SMIL wallclock stack overflow attempt (file-multimedia.rules) * 1:12729 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:1273 <-> DISABLED <-> PROTOCOL-RPC portmap selection_svc request TCP (protocol-rpc.rules) * 1:12731 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX function call access (browser-plugins.rules) * 1:12733 <-> DISABLED <-> BROWSER-PLUGINS ComponentOne FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:12735 <-> DISABLED <-> BROWSER-PLUGINS ComponentOne FlexGrid ActiveX function call access (browser-plugins.rules) * 1:12737 <-> DISABLED <-> BROWSER-PLUGINS Xunlei Thunder PPLAYER.DLL ActiveX clsid access (browser-plugins.rules) * 1:12739 <-> DISABLED <-> BROWSER-PLUGINS Xunlei Thunder PPLAYER.DLL ActiveX function call access (browser-plugins.rules) * 1:1274 <-> DISABLED <-> PROTOCOL-RPC portmap ttdbserv request TCP (protocol-rpc.rules) * 1:12741 <-> DISABLED <-> SERVER-OTHER Apple Quicktime TCP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12742 <-> DISABLED <-> SERVER-OTHER Apple Quicktime UDP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12743 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture description metadata buffer overflow attempt (file-multimedia.rules) * 1:12744 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC VORBIS string buffer overflow attempt (file-multimedia.rules) * 1:12745 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture metadata buffer overflow attempt (file-multimedia.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:12747 <-> DISABLED <-> BROWSER-PLUGINS BitDefender Online Scanner ActiveX clsid access (browser-plugins.rules) * 1:12749 <-> DISABLED <-> BROWSER-PLUGINS BitDefender Online Scanner ActiveX function call access (browser-plugins.rules) * 1:1275 <-> DISABLED <-> PROTOCOL-RPC portmap yppasswd request TCP (protocol-rpc.rules) * 1:12751 <-> DISABLED <-> BROWSER-PLUGINS RichFX Basic Player ActiveX clsid access (browser-plugins.rules) * 1:12753 <-> DISABLED <-> BROWSER-PLUGINS RichFX Basic Player ActiveX function call access (browser-plugins.rules) * 1:12755 <-> DISABLED <-> BROWSER-PLUGINS PPStream PowerList ActiveX clsid access (browser-plugins.rules) * 1:12757 <-> DISABLED <-> FILE-IMAGE Apple QuickTime uncompressed PICT stack overflow attempt (file-image.rules) * 1:12758 <-> ENABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:12759 <-> DISABLED <-> MALWARE-OTHER Keylogger/RAT digi watcher 2.32 runtime detection (malware-other.rules) * 1:1276 <-> DISABLED <-> PROTOCOL-RPC portmap ypserv request TCP (protocol-rpc.rules) * 1:12760 <-> ENABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12761 <-> DISABLED <-> MALWARE-OTHER Keylogger powered Keylogger 2.2 runtime detection (malware-other.rules) * 1:12762 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar Helper Class ActiveX clsid access (browser-plugins.rules) * 1:12764 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar Helper Class ActiveX function call access (browser-plugins.rules) * 1:12766 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access (browser-plugins.rules) * 1:12767 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:12768 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules) * 1:12770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (browser-plugins.rules) * 1:12771 <-> DISABLED <-> BROWSER-PLUGINS obfuscated BaoFeng Storm MPS.dll ActiveX exploit attempt (browser-plugins.rules) * 1:12772 <-> DISABLED <-> BROWSER-PLUGINS obfuscated PPStream PowerPlayer ActiveX exploit attempt (browser-plugins.rules) * 1:12773 <-> DISABLED <-> BROWSER-PLUGINS obfuscated Xunlei Thunder PPLAYER.DLL ActiveX exploit attempt (browser-plugins.rules) * 1:12774 <-> DISABLED <-> BROWSER-PLUGINS obfuscated GlobalLink ConnectAndEnterRoom ActiveX exploit attempt (browser-plugins.rules) * 1:12775 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer obfuscated Ierpplug.dll ActiveX exploit attempt (browser-plugins.rules) * 1:12780 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX clsid access attempt (browser-plugins.rules) * 1:12782 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Vulnerable Methods ActiveX function call access attempt (browser-plugins.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12789 <-> DISABLED <-> PUA-ADWARE Adware sunshine spy 1.0 runtime detection - check update (pua-adware.rules) * 1:1279 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request UDP (protocol-rpc.rules) * 1:12790 <-> DISABLED <-> MALWARE-OTHER Trackware partypoker runtime detection (malware-other.rules) * 1:12791 <-> DISABLED <-> PUA-TOOLBARS Adware gophoria toolbar runtime detection (pua-toolbars.rules) * 1:12792 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12793 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern Keylogger pro 6.0 runtime detection (malware-other.rules) * 1:12794 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - search frauddb process (pua-adware.rules) * 1:12795 <-> DISABLED <-> PUA-ADWARE Hijacker gralicwrap outbound connection - display frauddb information (pua-adware.rules) * 1:12796 <-> DISABLED <-> PUA-TOOLBARS Trackware happytofind toolbar runtime detection (pua-toolbars.rules) * 1:12797 <-> DISABLED <-> PUA-ADWARE Adware x-con spyware destroyer eh 3.2.8 runtime detection (pua-adware.rules) * 1:12798 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12799 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:1280 <-> DISABLED <-> PROTOCOL-RPC portmap listing UDP 111 (protocol-rpc.rules) * 1:12800 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12801 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12802 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12803 <-> DISABLED <-> BROWSER-PLUGINS VideoLAN VLC ActiveX clsid access (browser-plugins.rules) * 1:12805 <-> DISABLED <-> BROWSER-PLUGINS VideoLAN VLC ActiveX function call access (browser-plugins.rules) * 1:12807 <-> ENABLED <-> FILE-IDENTIFY Lotus 123 file attachment (file-identify.rules) * 1:12808 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt (netbios.rules) * 1:1281 <-> DISABLED <-> PROTOCOL-RPC portmap listing UDP 32771 (protocol-rpc.rules) * 1:1283 <-> DISABLED <-> SERVER-IIS Microsoft Office Outlook web dos (server-iis.rules) * 1:1284 <-> DISABLED <-> SERVER-OTHER readme.eml download attempt (server-other.rules) * 1:1285 <-> DISABLED <-> SERVER-IIS msdac access (server-iis.rules) * 1:1286 <-> DISABLED <-> SERVER-IIS _mem_bin access (server-iis.rules) * 1:1288 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage /_vti_bin/ access (server-other.rules) * 1:1289 <-> DISABLED <-> PROTOCOL-TFTP GET Admin.dll (protocol-tftp.rules) * 1:1290 <-> DISABLED <-> FILE-OTHER readme.eml autoload attempt (file-other.rules) * 1:12904 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:1291 <-> DISABLED <-> SERVER-WEBAPP sml3com access (server-webapp.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:1292 <-> DISABLED <-> INDICATOR-COMPROMISE directory listing (indicator-compromise.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules) * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules) * 1:12948 <-> DISABLED <-> BROWSER-PLUGINS Vantage Linguistics 1 ActiveX clsid access (browser-plugins.rules) * 1:1295 <-> DISABLED <-> INDICATOR-COMPROMISE nimda RICHED20.DLL (indicator-compromise.rules) * 1:12950 <-> DISABLED <-> BROWSER-PLUGINS Vantage Linguistics 2 ActiveX clsid access (browser-plugins.rules) * 1:12952 <-> DISABLED <-> BROWSER-PLUGINS Vantage Linguistics 3 ActiveX clsid access (browser-plugins.rules) * 1:12954 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXLTPI.DLL ActiveX clsid access (browser-plugins.rules) * 1:12957 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSN Heartbeat 2 ActiveX clsid access (browser-plugins.rules) * 1:12959 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSN Heartbeat 3 ActiveX clsid access (browser-plugins.rules) * 1:12961 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 1 ActiveX clsid access (browser-plugins.rules) * 1:12963 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 2 ActiveX clsid access (browser-plugins.rules) * 1:12965 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 3 ActiveX clsid access (browser-plugins.rules) * 1:12967 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 4 ActiveX clsid access (browser-plugins.rules) * 1:12969 <-> DISABLED <-> BROWSER-PLUGINS Intuit QuickBooks Online Import 5 ActiveX clsid access (browser-plugins.rules) * 1:12971 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:12972 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:12977 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12978 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12983 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (file-multimedia.rules) * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:1300 <-> DISABLED <-> SERVER-WEBAPP admin.php file upload attempt (server-webapp.rules) * 1:1301 <-> DISABLED <-> SERVER-WEBAPP admin.php access (server-webapp.rules) * 1:1302 <-> DISABLED <-> SERVER-WEBAPP console.exe access (server-webapp.rules) * 1:1303 <-> DISABLED <-> SERVER-WEBAPP cs.exe access (server-webapp.rules) * 1:1304 <-> DISABLED <-> SERVER-WEBAPP txt2html.cgi access (server-webapp.rules) * 1:1305 <-> DISABLED <-> SERVER-WEBAPP txt2html.cgi directory traversal attempt (server-webapp.rules) * 1:1307 <-> DISABLED <-> SERVER-WEBAPP store.cgi access (server-webapp.rules) * 1:1308 <-> DISABLED <-> SERVER-WEBAPP sendmessage.cgi access (server-webapp.rules) * 1:1309 <-> DISABLED <-> SERVER-WEBAPP zsh access (server-webapp.rules) * 1:13158 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format interchange data integer overflow attempt (file-multimedia.rules) * 1:13159 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming format audio error masking integer overflow attempt (file-multimedia.rules) * 1:13160 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Player asf streaming audio spread error correction data length integer overflow attempt (file-multimedia.rules) * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules) * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:13210 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13211 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13219 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX clsid access (browser-plugins.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13223 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:13224 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX clsid access (browser-plugins.rules) * 1:13226 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX function call access (browser-plugins.rules) * 1:13228 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 1 ActiveX clsid access (browser-plugins.rules) * 1:1323 <-> DISABLED <-> SERVER-OTHER rwhoisd format string attempt (server-other.rules) * 1:13230 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 2 ActiveX clsid access (browser-plugins.rules) * 1:13232 <-> DISABLED <-> BROWSER-PLUGINS Persits Software XUpload ActiveX clsid access (browser-plugins.rules) * 1:13234 <-> DISABLED <-> BROWSER-PLUGINS Persits Software XUpload ActiveX function call access (browser-plugins.rules) * 1:13236 <-> ENABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13237 <-> DISABLED <-> MALWARE-OTHER Keylogger active Keylogger 3.9.2 runtime detection (malware-other.rules) * 1:13238 <-> DISABLED <-> PUA-ADWARE Adware adult p2p 1.5 runtime detection (pua-adware.rules) * 1:13239 <-> DISABLED <-> PUA-TOOLBARS Hijacker blue wave adult links toolbar runtime detection (pua-toolbars.rules) * 1:1324 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow /bin/sh (indicator-shellcode.rules) * 1:13240 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - redirects to purchase page (pua-adware.rules) * 1:13241 <-> DISABLED <-> PUA-ADWARE Adware live protection 2.1 runtime detection - application updates (pua-adware.rules) * 1:13242 <-> DISABLED <-> PUA-ADWARE Adware netpumper 1.26 runtime detection (pua-adware.rules) * 1:13243 <-> ENABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13244 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor 1.1 by lastcomfort runtime detection (malware-other.rules) * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 inbound connection (malware-backdoor.rules) * 1:13247 <-> ENABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules) * 1:13248 <-> DISABLED <-> MALWARE-CNC yuri 1.2 variant outbound connection (malware-cnc.rules) * 1:13249 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 10/8 address detected (protocol-dns.rules) * 1:1325 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow filler (indicator-shellcode.rules) * 1:13250 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp request (protocol-rpc.rules) * 1:13251 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp request (protocol-rpc.rules) * 1:13252 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 4 attempt (protocol-rpc.rules) * 1:13253 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 4 attempt (protocol-rpc.rules) * 1:13256 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 5 attempt (protocol-rpc.rules) * 1:13257 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 udp procedure 5 attempt (protocol-rpc.rules) * 1:13258 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX clsid access (browser-plugins.rules) * 1:1326 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow NOOP (indicator-shellcode.rules) * 1:13260 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX function call access (browser-plugins.rules) * 1:13262 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX clsid access (browser-plugins.rules) * 1:13264 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX function call access (browser-plugins.rules) * 1:13266 <-> DISABLED <-> BROWSER-PLUGINS SkyFex Client ActiveX clsid access (browser-plugins.rules) * 1:13269 <-> DISABLED <-> OS-WINDOWS Multiple product nntp uri handling code execution attempt (os-windows.rules) * 1:1327 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow (indicator-shellcode.rules) * 1:13270 <-> DISABLED <-> OS-WINDOWS Multiple product news uri handling code execution attempt (os-windows.rules) * 1:13271 <-> DISABLED <-> OS-WINDOWS Multiple product telnet uri handling code execution attempt (os-windows.rules) * 1:13272 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:13273 <-> DISABLED <-> BROWSER-PLUGINS DivX Web Player ActiveX clsid access (browser-plugins.rules) * 1:13275 <-> DISABLED <-> BROWSER-PLUGINS DivX Web Player ActiveX function call access (browser-plugins.rules) * 1:13277 <-> DISABLED <-> PUA-ADWARE Adware netword agent runtime detection (pua-adware.rules) * 1:13278 <-> ENABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13279 <-> DISABLED <-> MALWARE-OTHER Keylogger advanced spy 4.0 runtime detection (malware-other.rules) * 1:13280 <-> ENABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13281 <-> DISABLED <-> MALWARE-OTHER Keylogger email spy monitor 6.9 runtime detection (malware-other.rules) * 1:13282 <-> DISABLED <-> PUA-TOOLBARS Adware jily ie toolbar runtime detection (pua-toolbars.rules) * 1:13283 <-> DISABLED <-> PUA-ADWARE Hijacker dreambar outbound connection (pua-adware.rules) * 1:13284 <-> DISABLED <-> PUA-ADWARE Adware netguarder web cleaner runtime detection (pua-adware.rules) * 1:13285 <-> DISABLED <-> PUA-ADWARE Hijacker phazebar outbound connection (pua-adware.rules) * 1:13286 <-> DISABLED <-> PUA-ADWARE Adware 3wplayer 1.7 runtime detection (pua-adware.rules) * 1:13287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules) * 1:13288 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (os-windows.rules) * 1:13289 <-> DISABLED <-> BROWSER-PLUGINS Gatway CWebLaunchCtl ActiveX clsid access (browser-plugins.rules) * 1:13291 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:13292 <-> DISABLED <-> PUA-OTHER Skype skype4com URI handler memory corruption attempt (pua-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:13294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX function call access (browser-plugins.rules) * 1:13300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules) * 1:13303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX clsid access (browser-plugins.rules) * 1:13305 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX function call access (browser-plugins.rules) * 1:13312 <-> DISABLED <-> BROWSER-PLUGINS StreamAudio ProxyManager ActiveX clsid access (browser-plugins.rules) * 1:13314 <-> DISABLED <-> BROWSER-PLUGINS StreamAudio ProxyManager ActiveX function call access (browser-plugins.rules) * 1:13316 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing ART buffer overflow attempt (file-multimedia.rules) * 1:13317 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing nam buffer overflow attempt (file-multimedia.rules) * 1:13318 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cmt buffer overflow attempt (file-multimedia.rules) * 1:13319 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing des buffer overflow attempt (file-multimedia.rules) * 1:13320 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing cpy buffer overflow attempt (file-multimedia.rules) * 1:13321 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX clsid access (browser-plugins.rules) * 1:13323 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX function call access (browser-plugins.rules) * 1:13325 <-> DISABLED <-> BROWSER-PLUGINS Macrovision FLEXnet Connect ActiveX clsid access (browser-plugins.rules) * 1:13327 <-> DISABLED <-> BROWSER-PLUGINS Macrovision FLEXnet Connect ActiveX function call access (browser-plugins.rules) * 1:13329 <-> DISABLED <-> BROWSER-PLUGINS Toshiba Surveillance Surveillix DVR ActiveX clsid access (browser-plugins.rules) * 1:13331 <-> DISABLED <-> BROWSER-PLUGINS Toshiba Surveillance Surveillix DVR ActiveX function call access (browser-plugins.rules) * 1:13333 <-> DISABLED <-> BROWSER-PLUGINS HP Virtual Rooms ActiveX clsid access (browser-plugins.rules) * 1:13335 <-> DISABLED <-> BROWSER-PLUGINS Lycos File Upload Component ActiveX clsid access (browser-plugins.rules) * 1:13337 <-> DISABLED <-> BROWSER-PLUGINS Comodo AntiVirus ActiveX clsid access (browser-plugins.rules) * 1:13339 <-> DISABLED <-> PUA-TOOLBARS Hijacker direct toolbar runtime detection (pua-toolbars.rules) * 1:13340 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - hijack ie searches and error pages (pua-adware.rules) * 1:13341 <-> DISABLED <-> PUA-ADWARE Hijacker search4top outbound connection - popup ads (pua-adware.rules) * 1:13342 <-> DISABLED <-> PUA-TOOLBARS Hijacker ditto toolbar runtime detection (pua-toolbars.rules) * 1:13343 <-> DISABLED <-> PUA-ADWARE Adware 2005-search loader runtime detection (pua-adware.rules) * 1:13344 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - presale request (pua-adware.rules) * 1:13345 <-> DISABLED <-> PUA-ADWARE Adware yourprivacyguard runtime detection - update (pua-adware.rules) * 1:13346 <-> ENABLED <-> PUA-ADWARE Snoopware remote desktop inspector outbound connection - init connection (pua-adware.rules) * 1:13347 <-> DISABLED <-> PUA-ADWARE Snoopware remote desktop inspector runtime detection - init connection (pua-adware.rules) * 1:13348 <-> DISABLED <-> BROWSER-PLUGINS Move Networks Media Player ActiveX clsid access (browser-plugins.rules) * 1:13350 <-> DISABLED <-> BROWSER-PLUGINS Move Networks Media Player ActiveX function call access (browser-plugins.rules) * 1:13352 <-> DISABLED <-> BROWSER-PLUGINS Lycos File Upload Component ActiveX function call access (browser-plugins.rules) * 1:13354 <-> DISABLED <-> BROWSER-PLUGINS HP Virtual Rooms ActiveX function call access (browser-plugins.rules) * 1:13356 <-> ENABLED <-> SQL SAP MaxDB shell command injection attempt (sql.rules) * 1:13357 <-> DISABLED <-> SERVER-MYSQL failed Oracle Mysql login attempt (server-mysql.rules) * 1:13358 <-> DISABLED <-> SERVER-MYSQL Oracle Mysql login attempt from unauthorized location (server-mysql.rules) * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules) * 1:13360 <-> DISABLED <-> APP-DETECT FTP 530 Login failed response (app-detect.rules) * 1:13361 <-> DISABLED <-> FILE-OTHER ClamAV MEW PE file integer overflow attempt (file-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13364 <-> DISABLED <-> SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow (server-mail.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13366 <-> DISABLED <-> SERVER-ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt (server-oracle.rules) * 1:13367 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss GetPrinterData attempt (netbios.rules) * 1:13415 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:13419 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access (browser-plugins.rules) * 1:13421 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX function call access (browser-plugins.rules) * 1:13423 <-> DISABLED <-> BROWSER-PLUGINS SwiftView ActiveX clsid access (browser-plugins.rules) * 1:13426 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox DataGrid ActiveX clsid access (browser-plugins.rules) * 1:13428 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox DataGrid ActiveX function call access (browser-plugins.rules) * 1:13430 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX clsid access (browser-plugins.rules) * 1:13432 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music JukeBox MediaGrid ActiveX function call access (browser-plugins.rules) * 1:13434 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13436 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 4 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13438 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX clsid access (browser-plugins.rules) * 1:13440 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Vulnerable Methods ActiveX function call access (browser-plugins.rules) * 1:13442 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX clsid access (browser-plugins.rules) * 1:13444 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader 5 Property Overflows ActiveX function call access (browser-plugins.rules) * 1:13446 <-> DISABLED <-> BROWSER-PLUGINS GlobalLink HanGamePlugin ActiveX clsid access (browser-plugins.rules) * 1:13448 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine begin buffer overflow attempt (os-windows.rules) * 1:13449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (os-windows.rules) * 1:13451 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual FoxPro foxtlib ActiveX clsid access (browser-plugins.rules) * 1:13453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid access (browser-ie.rules) * 1:13454 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX clsid unicode access (browser-ie.rules) * 1:13455 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call access (browser-ie.rules) * 1:13456 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call unicode access (browser-ie.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13466 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section length headers memory corruption attempt (file-office.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules) * 1:13472 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter field length invalid chunk size buffer overflow attempt (file-office.rules) * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13477 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt - compressed (file-pdf.rules) * 1:13478 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:13479 <-> ENABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13480 <-> DISABLED <-> MALWARE-OTHER Keylogger findnot guarddog 4.0 runtime detection (malware-other.rules) * 1:13481 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13482 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - discloses information (pua-toolbars.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13484 <-> DISABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13485 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - hijacks search engine (pua-toolbars.rules) * 1:13486 <-> DISABLED <-> PUA-TOOLBARS Hijacker sofa toolbar runtime detection - records search information (pua-toolbars.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13488 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - automatic upgrade (pua-toolbars.rules) * 1:13489 <-> DISABLED <-> PUA-TOOLBARS Hijacker people pal toolbar runtime detection - traffic for searching (pua-toolbars.rules) * 1:13490 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - presale request (pua-adware.rules) * 1:13491 <-> DISABLED <-> PUA-ADWARE Adware spy shredder 2.1 runtime detection - update (pua-adware.rules) * 1:13492 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - redirects search engine (pua-toolbars.rules) * 1:13493 <-> DISABLED <-> PUA-TOOLBARS Hijacker deepdo toolbar runtime detection - automatic update (pua-toolbars.rules) * 1:13494 <-> DISABLED <-> MALWARE-OTHER Keylogger smart pc Keylogger runtime detection (malware-other.rules) * 1:13495 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 1 (pua-toolbars.rules) * 1:13496 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - initial traffic 2 (pua-toolbars.rules) * 1:13497 <-> DISABLED <-> PUA-TOOLBARS Hijacker ez-tracks toolbar runtime detection - tracking traffic (pua-toolbars.rules) * 1:13498 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 1 (pua-adware.rules) * 1:13499 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - search traffic 2 (pua-adware.rules) * 1:13500 <-> DISABLED <-> PUA-ADWARE Hijacker hbtbar outbound connection - log information (pua-adware.rules) * 1:13501 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - presale request (pua-adware.rules) * 1:13502 <-> DISABLED <-> PUA-ADWARE Adware contravirus runtime detection - update (pua-adware.rules) * 1:13503 <-> DISABLED <-> PUA-TOOLBARS Hijacker dealio toolbar runtime detection user-agent detected (pua-toolbars.rules) * 1:13504 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - presale request (pua-adware.rules) * 1:13505 <-> DISABLED <-> PUA-ADWARE Adware iedefender runtime detection - update (pua-adware.rules) * 1:13506 <-> ENABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules) * 1:13507 <-> DISABLED <-> MALWARE-CNC evilotus 1.3.2 variant outbound connection (malware-cnc.rules) * 1:13508 <-> DISABLED <-> MALWARE-CNC xploit 1.4.5 variant outbound connection (malware-cnc.rules) * 1:13509 <-> DISABLED <-> MALWARE-CNC xploit 1.4.5 pc variant outbound connection (malware-cnc.rules) * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules) * 1:13513 <-> DISABLED <-> SQL generic sql insert injection attempt - GET parameter (sql.rules) * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules) * 1:13515 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13516 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HTTP error response buffer overflow (file-multimedia.rules) * 1:13517 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime malformed idsc atom (file-multimedia.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13527 <-> DISABLED <-> BROWSER-PLUGINS D-Link MPEG4 SHM Audio Control ActiveX clsid access (browser-plugins.rules) * 1:13529 <-> DISABLED <-> BROWSER-PLUGINS D-Link MPEG4 SHM Audio Control ActiveX function call access (browser-plugins.rules) * 1:13531 <-> DISABLED <-> BROWSER-PLUGINS 4xem VatCtrl ActiveX clsid access (browser-plugins.rules) * 1:13533 <-> DISABLED <-> BROWSER-PLUGINS 4xem VatCtrl ActiveX function call access (browser-plugins.rules) * 1:13535 <-> DISABLED <-> BROWSER-PLUGINS Vivotek RTSP MPEG4 SP Control ActiveX clsid access (browser-plugins.rules) * 1:13537 <-> DISABLED <-> BROWSER-PLUGINS Vivotek RTSP MPEG4 SP Control ActiveX function call access (browser-plugins.rules) * 1:13539 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX clsid access (browser-plugins.rules) * 1:13541 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX function call access (browser-plugins.rules) * 1:13543 <-> DISABLED <-> BROWSER-PLUGINS Learn2 STRunner ActiveX clsid access (browser-plugins.rules) * 1:13545 <-> DISABLED <-> BROWSER-PLUGINS Learn2 STRunner ActiveX function call access (browser-plugins.rules) * 1:12163 <-> ENABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules) * 1:12165 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules) * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules) * 1:12167 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:12168 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX clsid access (browser-plugins.rules) * 1:1217 <-> DISABLED <-> SERVER-WEBAPP plusmail access (server-webapp.rules) * 1:12170 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:12171 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:12172 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:12173 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:12174 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12175 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:12176 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12177 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:12178 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:12179 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:1218 <-> DISABLED <-> SERVER-WEBAPP adminlogin access (server-webapp.rules) * 1:12180 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:12181 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12183 <-> DISABLED <-> FILE-FLASH Adobe FLV long string script data buffer overflow attempt (file-flash.rules) * 1:12184 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (file-office.rules) * 1:12185 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp request (protocol-rpc.rules) * 1:12186 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp request (protocol-rpc.rules) * 1:12187 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp rename_principal attempt (protocol-rpc.rules) * 1:12188 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 udp rename_principal attempt (protocol-rpc.rules) * 1:12189 <-> DISABLED <-> BROWSER-PLUGINS Clever Internet Suite ActiveX clsid access (browser-plugins.rules) * 1:1219 <-> DISABLED <-> SERVER-WEBAPP dfire.cgi access (server-webapp.rules) * 1:12191 <-> DISABLED <-> BROWSER-PLUGINS Clever Internet Suite ActiveX function call access (browser-plugins.rules) * 1:12193 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX clsid access (browser-plugins.rules) * 1:12195 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX function call access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules) * 1:12199 <-> DISABLED <-> SERVER-OTHER RIM BlackBerry SRP negative string size (server-other.rules) * 1:1220 <-> DISABLED <-> SERVER-WEBAPP ultraboard access (server-webapp.rules) * 1:12200 <-> DISABLED <-> BROWSER-PLUGINS VMWare IntraProcessLogging ActiveX clsid access (browser-plugins.rules) * 1:12202 <-> DISABLED <-> SERVER-OTHER Ingres long message heap buffer overflow attempt (server-other.rules) * 1:12203 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX clsid access (browser-plugins.rules) * 1:12205 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX function call access (browser-plugins.rules) * 1:12207 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates ETrust Intrusion Detection Caller.DLL ActiveX function call access (browser-plugins.rules) * 1:12209 <-> ENABLED <-> PUA-P2P P2PTv TVAnt udp traffic detected (pua-p2p.rules) * 1:1221 <-> DISABLED <-> SERVER-WEBAPP Muscat Empower cgi access (server-webapp.rules) * 1:12210 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP tracker connect traffic detected (pua-p2p.rules) * 1:12211 <-> ENABLED <-> PUA-P2P P2PTv TVAnts TCP connection traffic detected (pua-p2p.rules) * 1:12212 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail literal search date command buffer overflow attempt (server-mail.rules) * 1:12213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search date command buffer overflow attempt (server-mail.rules) * 1:12216 <-> DISABLED <-> SERVER-OTHER Borland interbase Create Request opcode string length buffer overflow attempt (server-other.rules) * 1:12217 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12218 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12219 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (file-multimedia.rules) * 1:1222 <-> DISABLED <-> SERVER-WEBAPP pals-cgi arbitrary file access attempt (server-webapp.rules) * 1:12220 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server long username buffer overflow attempt (server-other.rules) * 1:12221 <-> DISABLED <-> SERVER-WEBAPP file upload GLOBAL variable overwrite attempt (server-webapp.rules) * 1:12222 <-> DISABLED <-> SERVER-OTHER Squid proxy long WCCP packet (server-other.rules) * 1:12223 <-> DISABLED <-> SERVER-OTHER Novell WebAdmin long user name (server-other.rules) * 1:12224 <-> DISABLED <-> PUA-ADWARE Adware enbrowser snackman runtime detection (pua-adware.rules) * 1:12225 <-> DISABLED <-> PUA-TOOLBARS Adware zango2007 toolbar runtime detection (pua-toolbars.rules) * 1:12226 <-> DISABLED <-> MALWARE-OTHER Keylogger overspy runtime detection (malware-other.rules) * 1:12227 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - search (pua-toolbars.rules) * 1:12228 <-> DISABLED <-> PUA-TOOLBARS Trackware snap ultrasearch/desktop toolbar runtime detection - cookie (pua-toolbars.rules) * 1:12229 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12230 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool hippynotify 2.0 runtime detection (malware-tools.rules) * 1:12231 <-> DISABLED <-> PUA-ADWARE Adware vroomsearch runtime detection (pua-adware.rules) * 1:12232 <-> DISABLED <-> PUA-ADWARE Adware errorsafe runtime detection (pua-adware.rules) * 1:12233 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules) * 1:12235 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules) * 1:12237 <-> ENABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules) * 1:12239 <-> DISABLED <-> MALWARE-BACKDOOR webcenter v1.0 Backdoor - init connection (malware-backdoor.rules) * 1:1224 <-> DISABLED <-> SERVER-WEBAPP ROADS search.pl attempt (server-webapp.rules) * 1:12240 <-> ENABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:12242 <-> ENABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules) * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules) * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules) * 1:12246 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:12248 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:1225 <-> DISABLED <-> X11 MIT Magic Cookie detected (x11.rules) * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:12252 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:14128 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 21 ActiveX clsid access (browser-plugins.rules) * 1:1413 <-> DISABLED <-> PROTOCOL-SNMP private access udp (protocol-snmp.rules) * 1:14130 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 22 ActiveX clsid access (browser-plugins.rules) * 1:14132 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 23 ActiveX clsid access (browser-plugins.rules) * 1:14134 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 24 ActiveX clsid access (browser-plugins.rules) * 1:14136 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 25 ActiveX clsid access (browser-plugins.rules) * 1:14138 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 26 ActiveX clsid access (browser-plugins.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:14140 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 27 ActiveX clsid access (browser-plugins.rules) * 1:14142 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 28 ActiveX clsid access (browser-plugins.rules) * 1:14144 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 29 ActiveX clsid access (browser-plugins.rules) * 1:14146 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 30 ActiveX clsid access (browser-plugins.rules) * 1:14148 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 31 ActiveX clsid access (browser-plugins.rules) * 1:1415 <-> DISABLED <-> PROTOCOL-SNMP Broadcast request (protocol-snmp.rules) * 1:14150 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 32 ActiveX clsid access (browser-plugins.rules) * 1:14152 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 33 ActiveX clsid access (browser-plugins.rules) * 1:14154 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 34 ActiveX clsid access (browser-plugins.rules) * 1:14156 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 35 ActiveX clsid access (browser-plugins.rules) * 1:14158 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 36 ActiveX clsid access (browser-plugins.rules) * 1:1416 <-> DISABLED <-> PROTOCOL-SNMP broadcast trap (protocol-snmp.rules) * 1:14160 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 37 ActiveX clsid access (browser-plugins.rules) * 1:14162 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 38 ActiveX clsid access (browser-plugins.rules) * 1:14164 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 39 ActiveX clsid access (browser-plugins.rules) * 1:14166 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 40 ActiveX clsid access (browser-plugins.rules) * 1:14168 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 41 ActiveX clsid access (browser-plugins.rules) * 1:1417 <-> DISABLED <-> PROTOCOL-SNMP request udp (protocol-snmp.rules) * 1:14170 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 42 ActiveX clsid access (browser-plugins.rules) * 1:14172 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 43 ActiveX clsid access (browser-plugins.rules) * 1:14174 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 44 ActiveX clsid access (browser-plugins.rules) * 1:14176 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 45 ActiveX clsid access (browser-plugins.rules) * 1:14178 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 46 ActiveX clsid access (browser-plugins.rules) * 1:1418 <-> DISABLED <-> PROTOCOL-SNMP request tcp (protocol-snmp.rules) * 1:14180 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 47 ActiveX clsid access (browser-plugins.rules) * 1:14182 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 48 ActiveX clsid access (browser-plugins.rules) * 1:14184 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 49 ActiveX clsid access (browser-plugins.rules) * 1:14186 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 50 ActiveX clsid access (browser-plugins.rules) * 1:14188 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 51 ActiveX clsid access (browser-plugins.rules) * 1:1419 <-> DISABLED <-> PROTOCOL-SNMP trap udp (protocol-snmp.rules) * 1:14190 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 52 ActiveX clsid access (browser-plugins.rules) * 1:14192 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 53 ActiveX clsid access (browser-plugins.rules) * 1:14194 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 54 ActiveX clsid access (browser-plugins.rules) * 1:14196 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 55 ActiveX clsid access (browser-plugins.rules) * 1:14198 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 56 ActiveX clsid access (browser-plugins.rules) * 1:1420 <-> DISABLED <-> PROTOCOL-SNMP trap tcp (protocol-snmp.rules) * 1:14200 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 57 ActiveX clsid access (browser-plugins.rules) * 1:14202 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 58 ActiveX clsid access (browser-plugins.rules) * 1:14204 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 59 ActiveX clsid access (browser-plugins.rules) * 1:14206 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 60 ActiveX clsid access (browser-plugins.rules) * 1:14208 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 61 ActiveX clsid access (browser-plugins.rules) * 1:1421 <-> DISABLED <-> PROTOCOL-SNMP AgentX/tcp request (protocol-snmp.rules) * 1:14210 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 62 ActiveX clsid access (browser-plugins.rules) * 1:14212 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 63 ActiveX clsid access (browser-plugins.rules) * 1:14214 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 64 ActiveX clsid access (browser-plugins.rules) * 1:14216 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 65 ActiveX clsid access (browser-plugins.rules) * 1:14218 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 66 ActiveX clsid access (browser-plugins.rules) * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules) * 1:14220 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 67 ActiveX clsid access (browser-plugins.rules) * 1:14222 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 68 ActiveX clsid access (browser-plugins.rules) * 1:14224 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 69 ActiveX clsid access (browser-plugins.rules) * 1:14226 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 70 ActiveX clsid access (browser-plugins.rules) * 1:14228 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image Uploader unspecified 71 ActiveX clsid access (browser-plugins.rules) * 1:1423 <-> DISABLED <-> SERVER-WEBAPP content-disposition memchr overflow (server-webapp.rules) * 1:14230 <-> DISABLED <-> SERVER-WEBAPP SAP DB web server stack buffer overflow attempt (server-webapp.rules) * 1:14231 <-> DISABLED <-> BROWSER-PLUGINS SoftArtisans XFile FileManager ActiveX clsid access (browser-plugins.rules) * 1:14233 <-> DISABLED <-> BROWSER-PLUGINS SoftArtisans XFile FileManager ActiveX function call access (browser-plugins.rules) * 1:14235 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Services CallHTMLHelp ActiveX buffer overflow attempt (browser-plugins.rules) * 1:14237 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Services ActiveX function call access (browser-plugins.rules) * 1:14239 <-> DISABLED <-> BROWSER-PLUGINS Friendly Technologies fwRemoteConfig ActiveX clsid access (browser-plugins.rules) * 1:14241 <-> DISABLED <-> BROWSER-PLUGINS Friendly Technologies fwRemoteConfig ActiveX function call access (browser-plugins.rules) * 1:14243 <-> DISABLED <-> BROWSER-PLUGINS Najdi.si Toolbar ActiveX clsid access (browser-plugins.rules) * 1:14245 <-> DISABLED <-> BROWSER-PLUGINS Najdi.si Toolbar ActiveX function call access (browser-plugins.rules) * 1:14247 <-> DISABLED <-> BROWSER-PLUGINS Eyeball MessengerSDK ActiveX clsid access (browser-plugins.rules) * 1:14249 <-> DISABLED <-> BROWSER-PLUGINS Eyeball MessengerSDK ActiveX function call access (browser-plugins.rules) * 1:1425 <-> DISABLED <-> SERVER-WEBAPP content-disposition file upload attempt (server-webapp.rules) * 1:14255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX clsid access (browser-plugins.rules) * 1:14257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:1426 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-req-app attempt (protocol-snmp.rules) * 1:14261 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI VML gradient size heap overflow attempt (os-windows.rules) * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules) * 1:14264 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14266 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Image Acquisition Logger ActiveX clsid access (browser-plugins.rules) * 1:14268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Image Acquisition Logger ActiveX function call access (browser-plugins.rules) * 1:1427 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-trap-app attempt (protocol-snmp.rules) * 1:14270 <-> DISABLED <-> BROWSER-PLUGINS VieLib2.Vie2Locator ActiveX clsid access (browser-plugins.rules) * 1:14272 <-> DISABLED <-> BROWSER-PLUGINS VieLib2.Vie2Locator ActiveX function call access (browser-plugins.rules) * 1:14274 <-> DISABLED <-> BROWSER-PLUGINS Vie2Lib.Vie2LinuxVolume ActiveX clsid access (browser-plugins.rules) * 1:14276 <-> DISABLED <-> BROWSER-PLUGINS Vie2Lib.Vie2LinuxVolume ActiveX function call access (browser-plugins.rules) * 1:14278 <-> DISABLED <-> BROWSER-PLUGINS VieLib2.Vie2Process ActiveX clsid access (browser-plugins.rules) * 1:1428 <-> DISABLED <-> POLICY-MULTIMEDIA audio galaxy keepalive (policy-multimedia.rules) * 1:14280 <-> DISABLED <-> BROWSER-PLUGINS VieLib2.Vie2Process ActiveX function call access (browser-plugins.rules) * 1:14282 <-> DISABLED <-> BROWSER-PLUGINS IntraProcessLogging.Logger ActiveX clsid access (browser-plugins.rules) * 1:14284 <-> DISABLED <-> BROWSER-PLUGINS IntraProcessLogging.Logger ActiveX function call access (browser-plugins.rules) * 1:14286 <-> DISABLED <-> BROWSER-PLUGINS VMClientHosts Class ActiveX clsid access (browser-plugins.rules) * 1:14288 <-> DISABLED <-> BROWSER-PLUGINS VMClientHosts Class ActiveX function call access (browser-plugins.rules) * 1:14290 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.DiskLibCreateParamObj ActiveX clsid access (browser-plugins.rules) * 1:14292 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.DiskLibCreateParamObj ActiveX function call access (browser-plugins.rules) * 1:14294 <-> DISABLED <-> BROWSER-PLUGINS RemoteDirDlg Class ActiveX clsid access (browser-plugins.rules) * 1:14296 <-> DISABLED <-> BROWSER-PLUGINS RemoteDirDlg Class ActiveX function call access (browser-plugins.rules) * 1:14298 <-> DISABLED <-> BROWSER-PLUGINS TeamListViewWnd Class ActiveX clsid access (browser-plugins.rules) * 1:14300 <-> DISABLED <-> BROWSER-PLUGINS TeamListViewWnd Class ActiveX function call access (browser-plugins.rules) * 1:14302 <-> DISABLED <-> BROWSER-PLUGINS VMStatusbarCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14304 <-> DISABLED <-> BROWSER-PLUGINS VMStatusbarCtl Class ActiveX function call access (browser-plugins.rules) * 1:14306 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCConfiguration ActiveX clsid access (browser-plugins.rules) * 1:14308 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCConfiguration ActiveX function call access (browser-plugins.rules) * 1:14310 <-> DISABLED <-> BROWSER-PLUGINS VmdbUpdate Class ActiveX clsid access (browser-plugins.rules) * 1:14312 <-> DISABLED <-> BROWSER-PLUGINS VmdbUpdate Class ActiveX function call access (browser-plugins.rules) * 1:14314 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 1 ActiveX clsid access (browser-plugins.rules) * 1:14316 <-> DISABLED <-> BROWSER-PLUGINS VmdbExecuteError Class ActiveX clsid access (browser-plugins.rules) * 1:14318 <-> DISABLED <-> BROWSER-PLUGINS VmdbExecuteError Class ActiveX function call access (browser-plugins.rules) * 1:1432 <-> DISABLED <-> PUA-P2P GNUTella client request (pua-p2p.rules) * 1:14320 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 2 ActiveX clsid access (browser-plugins.rules) * 1:14322 <-> DISABLED <-> BROWSER-PLUGINS reconfig.SysImageUti ActiveX clsid access (browser-plugins.rules) * 1:14324 <-> DISABLED <-> BROWSER-PLUGINS reconfig.SysImageUti ActiveX function call access (browser-plugins.rules) * 1:14326 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Database Tools Query Designer V7.0 ActiveX clsid access (browser-plugins.rules) * 1:14328 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Database Tools Query Designer V7.0 ActiveX function call access (browser-plugins.rules) * 1:1433 <-> DISABLED <-> SERVER-WEBAPP .history access (server-webapp.rules) * 1:14330 <-> DISABLED <-> BROWSER-PLUGINS VmdbContext Class ActiveX clsid access (browser-plugins.rules) * 1:14332 <-> DISABLED <-> BROWSER-PLUGINS VmdbContext Class ActiveX function call access (browser-plugins.rules) * 1:14334 <-> DISABLED <-> BROWSER-PLUGINS VMClientVMs Class ActiveX clsid access (browser-plugins.rules) * 1:14336 <-> DISABLED <-> BROWSER-PLUGINS VMClientVMs Class ActiveX function call access (browser-plugins.rules) * 1:14338 <-> DISABLED <-> BROWSER-PLUGINS vmappPropObj Class ActiveX clsid access (browser-plugins.rules) * 1:1434 <-> DISABLED <-> SERVER-WEBAPP .bash_history access (server-webapp.rules) * 1:14340 <-> DISABLED <-> BROWSER-PLUGINS vmappPropObj Class ActiveX function call access (browser-plugins.rules) * 1:14342 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 3 ActiveX clsid access (browser-plugins.rules) * 1:14344 <-> DISABLED <-> BROWSER-PLUGINS VMMsg Class ActiveX clsid access (browser-plugins.rules) * 1:14346 <-> DISABLED <-> BROWSER-PLUGINS VMMsg Class ActiveX function call access (browser-plugins.rules) * 1:14348 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 4 ActiveX clsid access (browser-plugins.rules) * 1:1435 <-> DISABLED <-> PROTOCOL-DNS named authors attempt (protocol-dns.rules) * 1:14350 <-> DISABLED <-> BROWSER-PLUGINS reconfig.PopulatedDi ActiveX clsid access (browser-plugins.rules) * 1:14352 <-> DISABLED <-> BROWSER-PLUGINS reconfig.PopulatedDi ActiveX function call access (browser-plugins.rules) * 1:14354 <-> DISABLED <-> BROWSER-PLUGINS Elevated.ElevMgr ActiveX clsid access (browser-plugins.rules) * 1:14356 <-> DISABLED <-> BROWSER-PLUGINS Elevated.ElevMgr ActiveX function call access (browser-plugins.rules) * 1:14358 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 5 ActiveX clsid access (browser-plugins.rules) * 1:1436 <-> DISABLED <-> POLICY-MULTIMEDIA Apple Quicktime User Agent access (policy-multimedia.rules) * 1:14360 <-> DISABLED <-> BROWSER-PLUGINS HardwareCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14362 <-> DISABLED <-> BROWSER-PLUGINS HardwareCtl Class ActiveX function call access (browser-plugins.rules) * 1:14364 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 6 ActiveX clsid access (browser-plugins.rules) * 1:14366 <-> DISABLED <-> BROWSER-PLUGINS VmdbQuery Class ActiveX clsid access (browser-plugins.rules) * 1:14368 <-> DISABLED <-> BROWSER-PLUGINS VmdbQuery Class ActiveX function call access (browser-plugins.rules) * 1:1437 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media download detected (file-identify.rules) * 1:14370 <-> DISABLED <-> BROWSER-PLUGINS vmappPropObj2 Class ActiveX clsid access (browser-plugins.rules) * 1:14372 <-> DISABLED <-> BROWSER-PLUGINS vmappPropObj2 Class ActiveX function call access (browser-plugins.rules) * 1:14374 <-> DISABLED <-> BROWSER-PLUGINS VmappPoll Class ActiveX clsid access (browser-plugins.rules) * 1:14376 <-> DISABLED <-> BROWSER-PLUGINS VmappPoll Class ActiveX function call access (browser-plugins.rules) * 1:14378 <-> DISABLED <-> BROWSER-PLUGINS VMClient Class ActiveX clsid access (browser-plugins.rules) * 1:14380 <-> DISABLED <-> BROWSER-PLUGINS VMClient Class ActiveX function call access (browser-plugins.rules) * 1:14382 <-> DISABLED <-> BROWSER-PLUGINS Pq2vcom.Pq2v ActiveX clsid access (browser-plugins.rules) * 1:14384 <-> DISABLED <-> BROWSER-PLUGINS Pq2vcom.Pq2v ActiveX function call access (browser-plugins.rules) * 1:14386 <-> DISABLED <-> BROWSER-PLUGINS VmdbSchema Class ActiveX clsid access (browser-plugins.rules) * 1:14388 <-> DISABLED <-> BROWSER-PLUGINS VmdbSchema Class ActiveX function call access (browser-plugins.rules) * 1:1439 <-> DISABLED <-> POLICY-MULTIMEDIA Shoutcast playlist redirection (policy-multimedia.rules) * 1:14394 <-> DISABLED <-> BROWSER-PLUGINS VixCOM.VixLib ActiveX clsid access (browser-plugins.rules) * 1:14396 <-> DISABLED <-> BROWSER-PLUGINS VixCOM.VixLib ActiveX function call access (browser-plugins.rules) * 1:14398 <-> DISABLED <-> BROWSER-PLUGINS vmappsdk.CuiObj ActiveX clsid access (browser-plugins.rules) * 1:144 <-> DISABLED <-> PROTOCOL-FTP ADMw0rm ftp login attempt (protocol-ftp.rules) * 1:1440 <-> DISABLED <-> POLICY-MULTIMEDIA Icecast playlist redirection (policy-multimedia.rules) * 1:14400 <-> DISABLED <-> BROWSER-PLUGINS vmappsdk.CuiObj ActiveX function call access (browser-plugins.rules) * 1:14402 <-> DISABLED <-> BROWSER-PLUGINS RemoteBrowseDlg Class ActiveX clsid access (browser-plugins.rules) * 1:14404 <-> DISABLED <-> BROWSER-PLUGINS RemoteBrowseDlg Class ActiveX function call access (browser-plugins.rules) * 1:14406 <-> DISABLED <-> BROWSER-PLUGINS RegVmsCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14408 <-> DISABLED <-> BROWSER-PLUGINS RegVmsCtl Class ActiveX function call access (browser-plugins.rules) * 1:1441 <-> DISABLED <-> PROTOCOL-TFTP GET nc.exe (protocol-tftp.rules) * 1:14410 <-> DISABLED <-> BROWSER-PLUGINS VmdbEnumTags Class ActiveX clsid access (browser-plugins.rules) * 1:14412 <-> DISABLED <-> BROWSER-PLUGINS VmdbEnumTags Class ActiveX function call access (browser-plugins.rules) * 1:14414 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 7 ActiveX clsid access (browser-plugins.rules) * 1:1442 <-> DISABLED <-> PROTOCOL-TFTP GET shadow (protocol-tftp.rules) * 1:14420 <-> DISABLED <-> BROWSER-PLUGINS VmdbDatabase Class ActiveX clsid access (browser-plugins.rules) * 1:14422 <-> DISABLED <-> BROWSER-PLUGINS VmdbDatabase Class ActiveX function call access (browser-plugins.rules) * 1:14424 <-> DISABLED <-> BROWSER-PLUGINS VMAppSdkUtil Class ActiveX clsid access (browser-plugins.rules) * 1:14426 <-> DISABLED <-> BROWSER-PLUGINS VMAppSdkUtil Class ActiveX function call access (browser-plugins.rules) * 1:14428 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 8 ActiveX clsid access (browser-plugins.rules) * 1:1443 <-> DISABLED <-> PROTOCOL-TFTP GET passwd (protocol-tftp.rules) * 1:14430 <-> DISABLED <-> BROWSER-PLUGINS VMEnumStrings Class ActiveX clsid access (browser-plugins.rules) * 1:14432 <-> DISABLED <-> BROWSER-PLUGINS VMEnumStrings Class ActiveX function call access (browser-plugins.rules) * 1:14434 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 9 ActiveX clsid access (browser-plugins.rules) * 1:14436 <-> DISABLED <-> BROWSER-PLUGINS VMClientHost Class ActiveX clsid access (browser-plugins.rules) * 1:14438 <-> DISABLED <-> BROWSER-PLUGINS VMClientHost Class ActiveX function call access (browser-plugins.rules) * 1:1444 <-> DISABLED <-> PROTOCOL-TFTP Get (protocol-tftp.rules) * 1:14440 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 10 ActiveX clsid access (browser-plugins.rules) * 1:14442 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 11 ActiveX clsid access (browser-plugins.rules) * 1:14444 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 12 ActiveX clsid access (browser-plugins.rules) * 1:14446 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 13 ActiveX clsid access (browser-plugins.rules) * 1:14448 <-> DISABLED <-> BROWSER-PLUGINS reconfig.SystemReconfigur ActiveX clsid access (browser-plugins.rules) * 1:1445 <-> DISABLED <-> INDICATOR-COMPROMISE FTP file_id.diz access possible warez site (indicator-compromise.rules) * 1:14450 <-> DISABLED <-> BROWSER-PLUGINS reconfig.SystemReconfigur ActiveX function call access (browser-plugins.rules) * 1:14452 <-> DISABLED <-> BROWSER-PLUGINS vmhwcfg.NwzCompleted ActiveX clsid access (browser-plugins.rules) * 1:14454 <-> DISABLED <-> BROWSER-PLUGINS vmhwcfg.NwzCompleted ActiveX function call access (browser-plugins.rules) * 1:14456 <-> DISABLED <-> BROWSER-PLUGINS MksCompatCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14458 <-> DISABLED <-> BROWSER-PLUGINS MksCompatCtl Class ActiveX function call access (browser-plugins.rules) * 1:1446 <-> DISABLED <-> SERVER-MAIL vrfy root (server-mail.rules) * 1:14460 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 14 ActiveX clsid access (browser-plugins.rules) * 1:14466 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 15 ActiveX clsid access (browser-plugins.rules) * 1:14468 <-> DISABLED <-> BROWSER-PLUGINS Elevated.HostDeviceInfos ActiveX clsid access (browser-plugins.rules) * 1:1447 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Terminal server RDP attempt (policy-other.rules) * 1:14470 <-> DISABLED <-> BROWSER-PLUGINS Elevated.HostDeviceInfos ActiveX function call access (browser-plugins.rules) * 1:14472 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 16 ActiveX clsid access (browser-plugins.rules) * 1:14474 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 17 ActiveX clsid access (browser-plugins.rules) * 1:14476 <-> DISABLED <-> BROWSER-PLUGINS reconfig.GuestInfo ActiveX clsid access (browser-plugins.rules) * 1:14478 <-> DISABLED <-> BROWSER-PLUGINS reconfig.GuestInfo ActiveX function call access (browser-plugins.rules) * 1:1448 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Terminal server request attempt (policy-other.rules) * 1:14480 <-> DISABLED <-> BROWSER-PLUGINS VmappPropFrame Class ActiveX clsid access (browser-plugins.rules) * 1:14482 <-> DISABLED <-> BROWSER-PLUGINS VmappPropFrame Class ActiveX function call access (browser-plugins.rules) * 1:14484 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.VhdConverter ActiveX clsid access (browser-plugins.rules) * 1:14486 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.VhdConverter ActiveX function call access (browser-plugins.rules) * 1:14488 <-> DISABLED <-> BROWSER-PLUGINS VMSwitchCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14490 <-> DISABLED <-> BROWSER-PLUGINS VMSwitchCtl Class ActiveX function call access (browser-plugins.rules) * 1:14492 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 18 ActiveX clsid access (browser-plugins.rules) * 1:14494 <-> DISABLED <-> BROWSER-PLUGINS VmdbUtil Class ActiveX clsid access (browser-plugins.rules) * 1:14496 <-> DISABLED <-> BROWSER-PLUGINS VmdbUtil Class ActiveX function call access (browser-plugins.rules) * 1:14498 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 19 ActiveX clsid access (browser-plugins.rules) * 1:1450 <-> DISABLED <-> SERVER-MAIL Vintra Mailserver expn *@ (server-mail.rules) * 1:14500 <-> DISABLED <-> BROWSER-PLUGINS VMwareVpcCvt.VpcC ActiveX clsid access (browser-plugins.rules) * 1:14502 <-> DISABLED <-> BROWSER-PLUGINS VMwareVpcCvt.VpcC ActiveX function call access (browser-plugins.rules) * 1:14504 <-> DISABLED <-> BROWSER-PLUGINS VmdbCnxUtil Class ActiveX clsid access (browser-plugins.rules) * 1:14506 <-> DISABLED <-> BROWSER-PLUGINS VmdbCnxUtil Class ActiveX function call access (browser-plugins.rules) * 1:14508 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCDrive ActiveX clsid access (browser-plugins.rules) * 1:1451 <-> DISABLED <-> SERVER-WEBAPP NPH-maillist access (server-webapp.rules) * 1:14510 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCDrive ActiveX function call access (browser-plugins.rules) * 1:14512 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 20 ActiveX clsid access (browser-plugins.rules) * 1:14514 <-> DISABLED <-> BROWSER-PLUGINS VMClientVM Class ActiveX clsid access (browser-plugins.rules) * 1:14516 <-> DISABLED <-> BROWSER-PLUGINS VMClientVM Class ActiveX function call access (browser-plugins.rules) * 1:14518 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 21 ActiveX clsid access (browser-plugins.rules) * 1:1452 <-> DISABLED <-> SERVER-WEBAPP args.cmd access (server-webapp.rules) * 1:14520 <-> DISABLED <-> BROWSER-PLUGINS Elevated.VMXCreator ActiveX clsid access (browser-plugins.rules) * 1:14522 <-> DISABLED <-> BROWSER-PLUGINS Elevated.VMXCreator ActiveX function call access (browser-plugins.rules) * 1:14524 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 22 ActiveX clsid access (browser-plugins.rules) * 1:14526 <-> DISABLED <-> BROWSER-PLUGINS HotfixWz Class ActiveX clsid access (browser-plugins.rules) * 1:14528 <-> DISABLED <-> BROWSER-PLUGINS HotfixWz Class ActiveX function call access (browser-plugins.rules) * 1:1453 <-> DISABLED <-> SERVER-WEBAPP AT-generated.cgi access (server-webapp.rules) * 1:14530 <-> DISABLED <-> BROWSER-PLUGINS VmdbUpdates Class ActiveX clsid access (browser-plugins.rules) * 1:14532 <-> DISABLED <-> BROWSER-PLUGINS VmdbUpdates Class ActiveX function call access (browser-plugins.rules) * 1:14534 <-> DISABLED <-> BROWSER-PLUGINS VMListCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14536 <-> DISABLED <-> BROWSER-PLUGINS VMListCtl Class ActiveX function call access (browser-plugins.rules) * 1:14538 <-> DISABLED <-> BROWSER-PLUGINS CheckedListViewWnd Class ActiveX clsid access (browser-plugins.rules) * 1:1454 <-> DISABLED <-> SERVER-WEBAPP wwwwais access (server-webapp.rules) * 1:14540 <-> DISABLED <-> BROWSER-PLUGINS CheckedListViewWnd Class ActiveX function call access (browser-plugins.rules) * 1:14542 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 23 ActiveX clsid access (browser-plugins.rules) * 1:14544 <-> DISABLED <-> BROWSER-PLUGINS VmdbTreeCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14546 <-> DISABLED <-> BROWSER-PLUGINS VmdbTreeCtl Class ActiveX function call access (browser-plugins.rules) * 1:14548 <-> DISABLED <-> BROWSER-PLUGINS Nwz Class ActiveX clsid access (browser-plugins.rules) * 1:1455 <-> DISABLED <-> SERVER-WEBAPP calendar.pl access (server-webapp.rules) * 1:14550 <-> DISABLED <-> BROWSER-PLUGINS Nwz Class ActiveX function call access (browser-plugins.rules) * 1:14552 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCDrives ActiveX clsid access (browser-plugins.rules) * 1:14554 <-> DISABLED <-> BROWSER-PLUGINS Vmc2vmx.CoVPCDrives ActiveX function call access (browser-plugins.rules) * 1:14556 <-> DISABLED <-> BROWSER-PLUGINS MksCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14558 <-> DISABLED <-> BROWSER-PLUGINS MksCtl Class ActiveX function call access (browser-plugins.rules) * 1:1456 <-> DISABLED <-> SERVER-WEBAPP calender_admin.pl access (server-webapp.rules) * 1:14560 <-> DISABLED <-> BROWSER-PLUGINS VmappPropPath Class ActiveX clsid access (browser-plugins.rules) * 1:14562 <-> DISABLED <-> BROWSER-PLUGINS VmappPropPath Class ActiveX function call access (browser-plugins.rules) * 1:14564 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 24 ActiveX clsid access (browser-plugins.rules) * 1:14566 <-> DISABLED <-> BROWSER-PLUGINS PolicyCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14568 <-> DISABLED <-> BROWSER-PLUGINS PolicyCtl Class ActiveX function call access (browser-plugins.rules) * 1:1457 <-> DISABLED <-> SERVER-WEBAPP user_update_admin.pl access (server-webapp.rules) * 1:14570 <-> DISABLED <-> BROWSER-PLUGINS VmdbParseError Class ActiveX clsid access (browser-plugins.rules) * 1:14572 <-> DISABLED <-> BROWSER-PLUGINS VmdbParseError Class ActiveX function call access (browser-plugins.rules) * 1:14574 <-> DISABLED <-> BROWSER-PLUGINS NavigationCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14576 <-> DISABLED <-> BROWSER-PLUGINS NavigationCtl Class ActiveX function call access (browser-plugins.rules) * 1:14578 <-> DISABLED <-> BROWSER-PLUGINS VMList Class ActiveX clsid access (browser-plugins.rules) * 1:1458 <-> DISABLED <-> SERVER-WEBAPP user_update_passwd.pl access (server-webapp.rules) * 1:14580 <-> DISABLED <-> BROWSER-PLUGINS VMList Class ActiveX function call access (browser-plugins.rules) * 1:14582 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 25 ActiveX clsid access (browser-plugins.rules) * 1:14584 <-> DISABLED <-> BROWSER-PLUGINS VMWare unspecified 26 ActiveX clsid access (browser-plugins.rules) * 1:14586 <-> DISABLED <-> BROWSER-PLUGINS CurrentVMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14588 <-> DISABLED <-> BROWSER-PLUGINS CurrentVMCtl Class ActiveX function call access (browser-plugins.rules) * 1:1459 <-> DISABLED <-> SERVER-WEBAPP bb-histlog.sh access (server-webapp.rules) * 1:14590 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.DiskLibHelper ActiveX clsid access (browser-plugins.rules) * 1:14592 <-> DISABLED <-> BROWSER-PLUGINS VhdCvtCom.DiskLibHelper ActiveX function call access (browser-plugins.rules) * 1:14594 <-> DISABLED <-> BROWSER-PLUGINS Peachtree Accounting 2004 ActiveX clsid access (browser-plugins.rules) * 1:14596 <-> DISABLED <-> BROWSER-PLUGINS ComponentOne VSFlexGrid ActiveX clsid access (browser-plugins.rules) * 1:14598 <-> DISABLED <-> BROWSER-PLUGINS ComponentOne VSFlexGrid ActiveX function call access (browser-plugins.rules) * 1:146 <-> DISABLED <-> MALWARE-BACKDOOR NetSphere access (malware-backdoor.rules) * 1:1460 <-> DISABLED <-> SERVER-WEBAPP bb-histsvc.sh access (server-webapp.rules) * 1:14600 <-> DISABLED <-> SERVER-OTHER SAP Message Server Heap buffer overflow attempt (server-other.rules) * 1:14602 <-> DISABLED <-> SERVER-OTHER Borland Interbase open_marker_file overflow attempt (server-other.rules) * 1:14603 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveReport ARViewer2 ActiveX clsid access (browser-plugins.rules) * 1:14605 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveReport ARViewer2 ActiveX function call access (browser-plugins.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:1461 <-> DISABLED <-> SERVER-WEBAPP bb-rep.sh access (server-webapp.rules) * 1:14610 <-> DISABLED <-> SERVER-WEBAPP Joomla invalid token administrative password reset attempt (server-webapp.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14615 <-> DISABLED <-> SERVER-OTHER Oracle Java web console format string attempt (server-other.rules) * 1:1462 <-> DISABLED <-> SERVER-WEBAPP bb-replog.sh access (server-webapp.rules) * 1:1463 <-> DISABLED <-> POLICY-SOCIAL IRC message (policy-social.rules) * 1:14631 <-> DISABLED <-> BROWSER-PLUGINS Husdawg System Requirements Lab Control ActiveX clsid access (browser-plugins.rules) * 1:14633 <-> DISABLED <-> BROWSER-PLUGINS PhotoStockPlus ActiveX clsid access (browser-plugins.rules) * 1:14635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft RSClientPrint ActiveX clsid access (browser-plugins.rules) * 1:14637 <-> DISABLED <-> BROWSER-PLUGINS Microsoft PicturePusher ActiveX clsid access (browser-plugins.rules) * 1:14639 <-> DISABLED <-> BROWSER-PLUGINS Microsoft PicturePusher ActiveX function call access (browser-plugins.rules) * 1:1464 <-> DISABLED <-> INDICATOR-COMPROMISE oracle one hour install (indicator-compromise.rules) * 1:14641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:14642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:14643 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location and location.href cross domain security bypass vulnerability (browser-ie.rules) * 1:14644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createRange cross domain scripting (browser-ie.rules) * 1:14645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain setExpression exploit attempt (browser-ie.rules) * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:1465 <-> DISABLED <-> SERVER-WEBAPP auktion.cgi access (server-webapp.rules) * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules) * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules) * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules) * 1:14656 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSS mouseevent PII disclosure attempt (browser-ie.rules) * 1:14657 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain componentFromPoint memory corruption attempt (browser-ie.rules) * 1:1466 <-> DISABLED <-> SERVER-WEBAPP cgiforum.pl access (server-webapp.rules) * 1:1467 <-> DISABLED <-> SERVER-WEBAPP directorypro.cgi access (server-webapp.rules) * 1:1468 <-> DISABLED <-> SERVER-WEBAPP Web Shopper shopper.cgi attempt (server-webapp.rules) * 1:1469 <-> DISABLED <-> SERVER-WEBAPP Web Shopper shopper.cgi access (server-webapp.rules) * 1:147 <-> DISABLED <-> MALWARE-BACKDOOR GateCrasher (malware-backdoor.rules) * 1:1470 <-> DISABLED <-> SERVER-WEBAPP listrec.pl access (server-webapp.rules) * 1:1471 <-> DISABLED <-> SERVER-WEBAPP mailnews.cgi access (server-webapp.rules) * 1:14710 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt (os-windows.rules) * 1:1472 <-> DISABLED <-> SERVER-WEBAPP book.cgi access (server-webapp.rules) * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:1473 <-> DISABLED <-> SERVER-WEBAPP newsdesk.cgi access (server-webapp.rules) * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules) * 1:1474 <-> DISABLED <-> SERVER-WEBAPP cal_make.pl access (server-webapp.rules) * 1:14741 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Foundation Service NULL service authentication attempt (server-other.rules) * 1:14743 <-> DISABLED <-> PROTOCOL-FTP RNTO directory traversal attempt (protocol-ftp.rules) * 1:14744 <-> DISABLED <-> BROWSER-PLUGINS Hummingbird HostExplorer ActiveX clsid access (browser-plugins.rules) * 1:14746 <-> DISABLED <-> BROWSER-PLUGINS Autodesk DWF Viewer ActiveX clsid access (browser-plugins.rules) * 1:14748 <-> DISABLED <-> BROWSER-PLUGINS Autodesk LiveUpdate ActiveX clsid access (browser-plugins.rules) * 1:1475 <-> DISABLED <-> SERVER-WEBAPP mailit.pl access (server-webapp.rules) * 1:14750 <-> DISABLED <-> BROWSER-PLUGINS Autodesk LiveUpdate ActiveX function call access (browser-plugins.rules) * 1:14752 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks Desktop Management ActiveX clsid access (browser-plugins.rules) * 1:14754 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks Desktop Management ActiveX function call access (browser-plugins.rules) * 1:14756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:14758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX function call access (browser-plugins.rules) * 1:1476 <-> DISABLED <-> SERVER-WEBAPP sdbsearch.cgi access (server-webapp.rules) * 1:14760 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:14762 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:14764 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX clsid access attempt (browser-plugins.rules) * 1:14765 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX function call (browser-plugins.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:14770 <-> DISABLED <-> PROTOCOL-FTP Ipswitch WS_FTP client format string attempt (protocol-ftp.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:14777 <-> DISABLED <-> PROTOCOL-DNS single byte encoded name response (protocol-dns.rules) * 1:14778 <-> DISABLED <-> BROWSER-PLUGINS Dart Communications PowerTCP FTP ActiveX clsid access (browser-plugins.rules) * 1:1478 <-> DISABLED <-> SERVER-WEBAPP Simple Web Counter URI Parameter Buffer Overflow attempt (server-webapp.rules) * 1:14780 <-> DISABLED <-> BROWSER-PLUGINS Dart Communications PowerTCP FTP ActiveX function call access (browser-plugins.rules) * 1:14782 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14783 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:1479 <-> DISABLED <-> SERVER-WEBAPP ttawebtop.cgi arbitrary file attempt (server-webapp.rules) * 1:1480 <-> DISABLED <-> SERVER-WEBAPP ttawebtop.cgi access (server-webapp.rules) * 1:1481 <-> DISABLED <-> SERVER-WEBAPP upload.cgi access (server-webapp.rules) * 1:1482 <-> DISABLED <-> SERVER-WEBAPP view_source access (server-webapp.rules) * 1:1483 <-> DISABLED <-> SERVER-WEBAPP ustorekeeper.pl access (server-webapp.rules) * 1:1485 <-> DISABLED <-> SERVER-IIS mkilog.exe access (server-iis.rules) * 1:1486 <-> DISABLED <-> SERVER-IIS ctss.idc access (server-iis.rules) * 1:1487 <-> DISABLED <-> SERVER-IIS /iisadmpwd/aexp2.htr access (server-iis.rules) * 1:1488 <-> DISABLED <-> SERVER-WEBAPP store.cgi directory traversal attempt (server-webapp.rules) * 1:1489 <-> DISABLED <-> SERVER-WEBAPP nobody access (server-webapp.rules) * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules) * 1:14897 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX function call access (browser-plugins.rules) * 1:1490 <-> DISABLED <-> SERVER-WEBAPP Phorum /support/common.php attempt (server-webapp.rules) * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:1491 <-> DISABLED <-> SERVER-WEBAPP Phorum /support/common.php access (server-webapp.rules) * 1:1492 <-> DISABLED <-> SERVER-WEBAPP RBS ISP /newuser directory traversal attempt (server-webapp.rules) * 1:1493 <-> DISABLED <-> SERVER-WEBAPP RBS ISP /newuser access (server-webapp.rules) * 1:1494 <-> DISABLED <-> SERVER-WEBAPP SIX webboard generate.cgi attempt (server-webapp.rules) * 1:1495 <-> DISABLED <-> SERVER-WEBAPP SIX webboard generate.cgi access (server-webapp.rules) * 1:1496 <-> DISABLED <-> SERVER-WEBAPP spin_client.cgi access (server-webapp.rules) * 1:14986 <-> DISABLED <-> INDICATOR-SHELLCODE x86 fldz get eip shellcode (indicator-shellcode.rules) * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules) * 1:1499 <-> DISABLED <-> SERVER-WEBAPP SiteScope Service access (server-webapp.rules) * 1:14990 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Charset header overflow attempt (server-webapp.rules) * 1:14991 <-> ENABLED <-> SQL IBM DB2 Universal Database xmlquery buffer overflow attempt (sql.rules) * 1:14992 <-> DISABLED <-> SERVER-WEBAPP Openwsman HTTP basic authentication buffer overflow attempt (server-webapp.rules) * 1:14993 <-> DISABLED <-> BROWSER-PLUGINS Visagesoft eXPert PDF Viewer ActiveX clsid access (browser-plugins.rules) * 1:14995 <-> DISABLED <-> BROWSER-PLUGINS Visagesoft eXPert PDF Viewer ActiveX function call access (browser-plugins.rules) * 1:14997 <-> DISABLED <-> BROWSER-PLUGINS DjVu MSOffice Converter ActiveX clsid access (browser-plugins.rules) * 1:14999 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Debug Diagnostic Tool ActiveX clsid access (browser-plugins.rules) * 1:1500 <-> DISABLED <-> SERVER-WEBAPP ExAir access (server-webapp.rules) * 1:15001 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Debug Diagnostic Tool ActiveX function call access (browser-plugins.rules) * 1:15003 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Crypt 2 ActiveX clsid access (browser-plugins.rules) * 1:15005 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Crypt 2 ActiveX function call access (browser-plugins.rules) * 1:15007 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems / Adobe getPlus Download Manager ActiveX clsid access (browser-plugins.rules) * 1:1501 <-> DISABLED <-> SERVER-WEBAPP a1stats a1disp3.cgi directory traversal attempt (server-webapp.rules) * 1:15012 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML DLL memory corruption attempt (browser-ie.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15014 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:15015 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (os-windows.rules) * 1:1502 <-> DISABLED <-> SERVER-WEBAPP a1stats a1disp3.cgi access (server-webapp.rules) * 1:1503 <-> DISABLED <-> SERVER-WEBAPP admentor admin.asp access (server-webapp.rules) * 1:1504 <-> DISABLED <-> POLICY-OTHER AFS access (policy-other.rules) * 1:1505 <-> DISABLED <-> SERVER-WEBAPP alchemy http server PRN arbitrary command execution attempt (server-webapp.rules) * 1:1506 <-> DISABLED <-> SERVER-WEBAPP alchemy http server NUL arbitrary command execution attempt (server-webapp.rules) * 1:15069 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui mdrmsap ActiveX clsid access (browser-plugins.rules) * 1:1507 <-> DISABLED <-> SERVER-WEBAPP alibaba.pl arbitrary command execution attempt (server-webapp.rules) * 1:15071 <-> DISABLED <-> PROTOCOL-SCADA Modbus exception returned (protocol-scada.rules) * 1:15074 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 65 to 72 (protocol-scada.rules) * 1:15075 <-> DISABLED <-> PROTOCOL-SCADA Modbus user-defined function code - 100 to 110 (protocol-scada.rules) * 1:15076 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils - too many outputs (protocol-scada.rules) * 1:15077 <-> DISABLED <-> PROTOCOL-SCADA Modbus read multiple coils - too many inputs (protocol-scada.rules) * 1:15078 <-> DISABLED <-> SERVER-OTHER HP Openview Network Node Manager OValarmsrv buffer overflow attempt (server-other.rules) * 1:15079 <-> ENABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:1508 <-> DISABLED <-> SERVER-WEBAPP alibaba.pl access (server-webapp.rules) * 1:15080 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (file-multimedia.rules) * 1:15081 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start xml encoding buffer overflow attempt (file-java.rules) * 1:15082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules) * 1:15083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:15084 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:15086 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Common Controls Animation Object ActiveX function call access (browser-plugins.rules) * 1:15088 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Charts ActiveX clsid access (browser-plugins.rules) * 1:1509 <-> DISABLED <-> SERVER-WEBAPP AltaVista Intranet Search directory traversal attempt (server-webapp.rules) * 1:15090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Charts ActiveX function call access (browser-plugins.rules) * 1:15092 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic DataGrid ActiveX clsid access (browser-plugins.rules) * 1:15094 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic DataGrid ActiveX function call access (browser-plugins.rules) * 1:15096 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15098 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX function call access (browser-plugins.rules) * 1:1510 <-> DISABLED <-> SERVER-WEBAPP test.bat arbitrary command execution attempt (server-webapp.rules) * 1:15100 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15102 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15104 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:15105 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:15106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules) * 1:15108 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server elevation of privilege exploit attempt (server-webapp.rules) * 1:15109 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 1 ActiveX clsid access (browser-plugins.rules) * 1:1511 <-> DISABLED <-> SERVER-WEBAPP test.bat access (server-webapp.rules) * 1:15112 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX function call access (browser-plugins.rules) * 1:15114 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer embed src buffer overflow attempt (browser-ie.rules) * 1:15115 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV pathname buffer overflow attempt (os-windows.rules) * 1:15116 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:15118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid access (browser-plugins.rules) * 1:15119 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX clsid unicode access (browser-plugins.rules) * 1:1512 <-> DISABLED <-> SERVER-WEBAPP input.bat arbitrary command execution attempt (server-webapp.rules) * 1:15120 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call access (browser-plugins.rules) * 1:15121 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic Winsock ActiveX function call unicode access (browser-plugins.rules) * 1:15122 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access (browser-plugins.rules) * 1:15126 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:1513 <-> DISABLED <-> SERVER-WEBAPP input.bat access (server-webapp.rules) * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules) * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules) * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules) * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules) * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules) * 1:1514 <-> DISABLED <-> SERVER-WEBAPP input2.bat arbitrary command execution attempt (server-webapp.rules) * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules) * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules) * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules) * 1:15143 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin unicode vulnerable function attempt (server-mssql.rules) * 1:15144 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin vulnerable function attempt (server-mssql.rules) * 1:15145 <-> DISABLED <-> SERVER-OTHER Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15146 <-> DISABLED <-> SERVER-OTHER Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:1515 <-> DISABLED <-> SERVER-WEBAPP input2.bat access (server-webapp.rules) * 1:15150 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server login Authentication bypass attempt (pua-other.rules) * 1:15151 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server logout Authentication bypass attempt (pua-other.rules) * 1:15152 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup-index Authentication bypass attempt (pua-other.rules) * 1:15153 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup Authentication bypass attempt (pua-other.rules) * 1:15154 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server gif Authentication bypass attempt (pua-other.rules) * 1:15155 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server png Authentication bypass attempt (pua-other.rules) * 1:15156 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server serverdown Authentication bypass attempt (pua-other.rules) * 1:15157 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:15158 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15159 <-> DISABLED <-> BROWSER-PLUGINS Evans FTP ActiveX clsid access (browser-plugins.rules) * 1:1516 <-> DISABLED <-> SERVER-WEBAPP envout.bat arbitrary command execution attempt (server-webapp.rules) * 1:15161 <-> DISABLED <-> BROWSER-PLUGINS Evans FTP ActiveX function call access (browser-plugins.rules) * 1:15163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Object Header Buffer Overflow attempt (file-office.rules) * 1:15164 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG pathSegList memory corruption attempt (browser-firefox.rules) * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules) * 1:15166 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player RealText buffer overflow attempt (file-multimedia.rules) * 1:15167 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cn dns query (indicator-compromise.rules) * 1:15168 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ru dns query (indicator-compromise.rules) * 1:15169 <-> DISABLED <-> POLICY-SOCIAL XBOX Live Kerberos authentication request (policy-social.rules) * 1:1517 <-> DISABLED <-> SERVER-WEBAPP envout.bat access (server-webapp.rules) * 1:15170 <-> DISABLED <-> POLICY-SOCIAL XBOX Netflix client activity (policy-social.rules) * 1:15171 <-> DISABLED <-> POLICY-SOCIAL XBOX Marketplace http request (policy-social.rules) * 1:15172 <-> DISABLED <-> POLICY-SOCIAL XBOX avatar retrieval request (policy-social.rules) * 1:15173 <-> DISABLED <-> BROWSER-PLUGINS Phoenician Casino ActiveX clsid access (browser-plugins.rules) * 1:15175 <-> DISABLED <-> BROWSER-PLUGINS Phoenician Casino ActiveX function call access (browser-plugins.rules) * 1:15177 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules) * 1:15179 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules) * 1:1518 <-> DISABLED <-> SERVER-WEBAPP nstelemetry.adp access (server-webapp.rules) * 1:15181 <-> DISABLED <-> BROWSER-PLUGINS SaschArt SasCam Webcam Server ActiveX clsid access (browser-plugins.rules) * 1:15183 <-> DISABLED <-> POLICY-SOCIAL Yahoo messenger http link transmission attempt (policy-social.rules) * 1:15184 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN messenger http link transmission attempt (policy-social.rules) * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:1519 <-> DISABLED <-> SERVER-WEBAPP apache ?M=D directory list attempt (server-webapp.rules) * 1:15190 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CCProxy CONNECT Request buffer overflow attempt (server-webapp.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15192 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX clsid access attempt (browser-plugins.rules) * 1:15194 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX function call access (browser-plugins.rules) * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules) * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33176 <-> DISABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33177 <-> DISABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript out-of-bounds read attempt (file-flash.rules) * 1:33179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript out-of-bounds read attempt (file-flash.rules) * 1:33180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript out-of-bounds read attempt (file-flash.rules) * 1:33181 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript out-of-bounds read attempt (file-flash.rules) * 1:33182 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound Adobe Flash request (exploit-kit.rules) * 1:33183 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33184 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash download (exploit-kit.rules) * 1:33185 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:33186 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33187 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33189 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules) * 1:33190 <-> DISABLED <-> SERVER-WEBAPP Samsung AllShare Cast command injection attempt (server-webapp.rules) * 1:33191 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33192 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33193 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33194 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:33198 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:33199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Sabeba outbound connection (malware-cnc.rules) * 1:332 <-> DISABLED <-> PROTOCOL-FINGER 0 query (protocol-finger.rules) * 1:33200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules) * 1:33201 <-> DISABLED <-> FILE-FLASH Adobe Flash Player class confusion memory corruption compressed file attempt (file-flash.rules) * 1:33202 <-> ENABLED <-> FILE-FLASH Adobe Flash Player class confusion memory corruption compressed file attempt (file-flash.rules) * 1:33203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player class confusion memory corruption compressed file attempt (file-flash.rules) * 1:33204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player class confusion memory corruption compressed file attempt (file-flash.rules) * 1:33205 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33206 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC 2.1.5 Media Player libavcodex memory corruption attempt (file-multimedia.rules) * 1:33207 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33208 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bladbindi obfuscated with Yano Obfuscator download attempt (malware-other.rules) * 1:33211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33212 <-> ENABLED <-> PUA-ADWARE SoftPulse variant HTTP response attempt (pua-adware.rules) * 1:33213 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader newfunction memory corruption attempt (file-pdf.rules) * 1:33215 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain icanhazip.com (indicator-compromise.rules) * 1:15678 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript (browser-plugins.rules) * 1:15679 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding (browser-plugins.rules) * 1:1568 <-> DISABLED <-> SERVER-IIS /exchange/root.asp access (server-iis.rules) * 1:15680 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:15681 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 file format arbitrary code execution attempt (file-office.rules) * 1:15682 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (file-multimedia.rules) * 1:15683 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:15684 <-> DISABLED <-> OS-WINDOWS Multiple product snews uri handling code execution attempt (os-windows.rules) * 1:15685 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15687 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15689 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:1569 <-> DISABLED <-> SERVER-WEBAPP loadpage.cgi directory traversal attempt (server-webapp.rules) * 1:15691 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:15693 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (file-other.rules) * 1:15694 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:15695 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:15697 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:15698 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:15699 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:157 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Client FTP Open Request (malware-backdoor.rules) * 1:1570 <-> DISABLED <-> SERVER-WEBAPP loadpage.cgi access (server-webapp.rules) * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules) * 1:15702 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 1:15703 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15704 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITMSS protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15705 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PCAST protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15706 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes DAAP protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15707 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITPC protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:15709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:1571 <-> DISABLED <-> SERVER-WEBAPP dcforum.cgi directory traversal attempt (server-webapp.rules) * 1:15710 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x3B null strings attempt (netbios.rules) * 1:15711 <-> DISABLED <-> PUA-OTHER mIRC PRIVMSG message processing overflow attempt (pua-other.rules) * 1:15713 <-> DISABLED <-> PROTOCOL-SCADA DNP3 device trouble (protocol-scada.rules) * 1:15714 <-> DISABLED <-> PROTOCOL-SCADA DNP3 corrupt configuration (protocol-scada.rules) * 1:15715 <-> DISABLED <-> PROTOCOL-SCADA DNP3 event buffer overflow error (protocol-scada.rules) * 1:15716 <-> DISABLED <-> PROTOCOL-SCADA DNP3 parameter error (protocol-scada.rules) * 1:15717 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unknown object error (protocol-scada.rules) * 1:15718 <-> DISABLED <-> PROTOCOL-SCADA DNP3 unsupported function code error (protocol-scada.rules) * 1:15719 <-> DISABLED <-> PROTOCOL-SCADA DNP3 link service not supported (protocol-scada.rules) * 1:1572 <-> DISABLED <-> SERVER-WEBAPP commerce.cgi arbitrary file access attempt (server-webapp.rules) * 1:15722 <-> DISABLED <-> SERVER-ORACLE Oracle database server Workspace Manager multiple SQL injection attempt (server-oracle.rules) * 1:15723 <-> DISABLED <-> SERVER-ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt (server-oracle.rules) * 1:15724 <-> DISABLED <-> SERVER-ORACLE Oracle database server MergeWorkspace SQL injection attempt (server-oracle.rules) * 1:15725 <-> DISABLED <-> SERVER-ORACLE Oracle database server RemoveWorkspace SQL injection attempt (server-oracle.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15727 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:15728 <-> DISABLED <-> FILE-PDF Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt (file-pdf.rules) * 1:15729 <-> DISABLED <-> FILE-FLASH Possible Adobe Flash Player ActionScript byte_array heap spray attempt (file-flash.rules) * 1:1573 <-> DISABLED <-> SERVER-WEBAPP cgiforum.pl attempt (server-webapp.rules) * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:15731 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (browser-ie.rules) * 1:15732 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS handling memory corruption attempt (browser-ie.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:1574 <-> DISABLED <-> SERVER-WEBAPP directorypro.cgi attempt (server-webapp.rules) * 1:1575 <-> DISABLED <-> SERVER-WEBAPP Domino mab.nsf access (server-webapp.rules) * 1:1576 <-> DISABLED <-> SERVER-WEBAPP Domino cersvr.nsf access (server-webapp.rules) * 1:1577 <-> DISABLED <-> SERVER-WEBAPP Domino setup.nsf access (server-webapp.rules) * 1:1578 <-> DISABLED <-> SERVER-WEBAPP Domino statrep.nsf access (server-webapp.rules) * 1:1579 <-> DISABLED <-> SERVER-WEBAPP Domino webadmin.nsf access (server-webapp.rules) * 1:158 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Server FTP Open Reply (malware-backdoor.rules) * 1:1580 <-> DISABLED <-> SERVER-WEBAPP Domino events4.nsf access (server-webapp.rules) * 1:1581 <-> DISABLED <-> SERVER-WEBAPP Domino ntsync4.nsf access (server-webapp.rules) * 1:1582 <-> DISABLED <-> SERVER-WEBAPP Domino collect4.nsf access (server-webapp.rules) * 1:1583 <-> DISABLED <-> SERVER-WEBAPP Domino mailw46.nsf access (server-webapp.rules) * 1:1584 <-> DISABLED <-> SERVER-WEBAPP Domino bookmark.nsf access (server-webapp.rules) * 1:15849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:1585 <-> DISABLED <-> SERVER-WEBAPP Domino agentrunner.nsf access (server-webapp.rules) * 1:15850 <-> DISABLED <-> OS-WINDOWS Remote Desktop orderType remote code execution attempt (os-windows.rules) * 1:15851 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:15852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Datasource ActiveX clsid access (browser-plugins.rules) * 1:15854 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:15855 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:15858 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:1586 <-> DISABLED <-> SERVER-WEBAPP Domino mail.box access (server-webapp.rules) * 1:15860 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrGetJoinInformation attempt (os-windows.rules) * 1:15861 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:15863 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX function call access (browser-plugins.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF font processing memory corruption attempt (file-pdf.rules) * 1:15868 <-> DISABLED <-> SQL Borland InterBase username buffer overflow (sql.rules) * 1:15869 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:1587 <-> DISABLED <-> SERVER-WEBAPP cgitest.exe access (server-webapp.rules) * 1:15870 <-> ENABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15871 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg 4xm processing memory corruption attempt (file-multimedia.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15873 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location spoofing attempt via invalid window.open characters (browser-firefox.rules) * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules) * 1:15875 <-> DISABLED <-> SQL generic sql insert injection attempt - POST parameter (sql.rules) * 1:15876 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules) * 1:15877 <-> DISABLED <-> SQL generic sql exec injection attempt - POST parameter (sql.rules) * 1:15878 <-> DISABLED <-> BROWSER-PLUGINS AcerCtrls.APlunch ActiveX clsid access (browser-plugins.rules) * 1:1588 <-> DISABLED <-> SERVER-WEBAPP SalesLogix Eviewer access (server-webapp.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules) * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules) * 1:15882 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:15883 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x01 command buffer overflow attempt (server-other.rules) * 1:15884 <-> DISABLED <-> SERVER-OTHER Multiple Products LPD 0x02 command buffer overflow attempt (server-other.rules) * 1:15885 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x03 command buffer overflow attempt (server-other.rules) * 1:15886 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x04 command buffer overflow attempt (server-other.rules) * 1:15887 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x05 command buffer overflow attempt (server-other.rules) * 1:15888 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x31 command buffer overflow attempt (server-other.rules) * 1:15889 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x32 command buffer overflow attempt (server-other.rules) * 1:1589 <-> DISABLED <-> SERVER-WEBAPP musicat empower attempt (server-webapp.rules) * 1:15890 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x33 command buffer overflow attempt (server-other.rules) * 1:15891 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x34 command buffer overflow attempt (server-other.rules) * 1:15892 <-> DISABLED <-> SERVER-OTHER SAPLPD 0x53 command denial of service attempt (server-other.rules) * 1:15893 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:15894 <-> DISABLED <-> OS-WINDOWS Microsoft Color Management Module remote code execution attempt (os-windows.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules) * 1:1590 <-> DISABLED <-> SERVER-WEBAPP faqmanager.cgi arbitrary file access attempt (server-webapp.rules) * 1:15900 <-> ENABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15902 <-> DISABLED <-> INDICATOR-SHELLCODE x86 win2k-2k3 decoder base shellcode (indicator-shellcode.rules) * 1:15903 <-> DISABLED <-> INDICATOR-SHELLCODE x86 PoC CVE-2003-0605 (indicator-shellcode.rules) * 1:15906 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15907 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15909 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:1591 <-> DISABLED <-> SERVER-WEBAPP faqmanager.cgi access (server-webapp.rules) * 1:15910 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption attempt (browser-ie.rules) * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules) * 1:15913 <-> DISABLED <-> OS-WINDOWS Microsoft Windows javascript arguments keyword override rce attempt (os-windows.rules) * 1:1592 <-> DISABLED <-> SERVER-WEBAPP /fcgi-bin/echo.exe access (server-webapp.rules) * 1:15921 <-> ENABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15924 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:15926 <-> DISABLED <-> BROWSER-PLUGINS PPStream PPSMediaList ActiveX clsid access (browser-plugins.rules) * 1:15928 <-> DISABLED <-> BROWSER-PLUGINS PPStream PPSMediaList ActiveX function call access (browser-plugins.rules) * 1:1593 <-> DISABLED <-> SERVER-WEBAPP FormHandler.cgi external site redirection attempt (server-webapp.rules) * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules) * 1:15932 <-> DISABLED <-> PROTOCOL-FTP LIST globbing denial of service attack (protocol-ftp.rules) * 1:15933 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer URL canonicalization address bar spoofing attempt (browser-ie.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15935 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 192.168/16 address detected (protocol-dns.rules) * 1:15936 <-> DISABLED <-> SERVER-MAIL Sendmail identd command parsing vulnerability (server-mail.rules) * 1:15937 <-> DISABLED <-> SERVER-OTHER protos h323 buffer overflow (server-other.rules) * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:1594 <-> DISABLED <-> SERVER-WEBAPP FormHandler.cgi access (server-webapp.rules) * 1:15940 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer Multiple Products RA file processing overflow attempt (file-multimedia.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15944 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory crafted LDAP request denial of service attempt (os-windows.rules) * 1:15945 <-> ENABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15946 <-> DISABLED <-> FILE-OTHER Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (file-other.rules) * 1:15947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access Cross-Site Scripting attempt (file-office.rules) * 1:15948 <-> DISABLED <-> SERVER-OTHER CA License Software invalid command overflow attempt (server-other.rules) * 1:15949 <-> DISABLED <-> FILE-OTHER McAfee LHA file handling overflow attempt (file-other.rules) * 1:1595 <-> DISABLED <-> SERVER-IIS htimage.exe access (server-iis.rules) * 1:15950 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15952 <-> DISABLED <-> SERVER-MYSQL create function libc arbitrary code execution attempt (server-mysql.rules) * 1:15953 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail Calendaring arbitrary file read attempt (server-webapp.rules) * 1:15954 <-> DISABLED <-> SERVER-MAIL SpamAssassin malformed email header DoS attempt (server-mail.rules) * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules) * 1:15956 <-> DISABLED <-> SERVER-ORACLE http Server mod_access restriction bypass attempt (server-oracle.rules) * 1:15957 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus zip file handling DoS attempt (file-other.rules) * 1:15958 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules) * 1:15961 <-> DISABLED <-> SERVER-OTHER 3Com Network Supervisor directory traversal attempt (server-other.rules) * 1:15962 <-> DISABLED <-> SERVER-WEBAPP Sybase EAServer WebConsole overflow attempt (server-webapp.rules) * 1:15963 <-> DISABLED <-> OS-LINUX Red Hat Enterprise Linux DNS resolver buffer overflow attempt (os-linux.rules) * 1:15964 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange OWA XSS and spoofing attempt (server-mail.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:15967 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt (server-other.rules) * 1:15969 <-> DISABLED <-> SERVER-OTHER Symantec Multiple Products ISAKMPd denial of service attempt (server-other.rules) * 1:1597 <-> DISABLED <-> SERVER-WEBAPP guestbook.cgi access (server-webapp.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules) * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules) * 1:15974 <-> DISABLED <-> SERVER-IIS Microsoft IIS ASP handling buffer overflow attempt (server-iis.rules) * 1:15977 <-> DISABLED <-> SERVER-WEBAPP PHP strip_tags bypass vulnerability exploit attempt (server-webapp.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:15979 <-> DISABLED <-> SERVER-OTHER Check Point VPN-1 ASN.1 Decoding heap overflow attempt (server-other.rules) * 1:1598 <-> DISABLED <-> SERVER-WEBAPP Home Free search.cgi directory traversal attempt (server-webapp.rules) * 1:15980 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl hook functions format string attempt (server-apache.rules) * 1:15981 <-> DISABLED <-> FILE-OTHER zlib Denial of Service (file-other.rules) * 1:15982 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Gold DOS Device HTTP request denial of service attempt (server-webapp.rules) * 1:15983 <-> DISABLED <-> SERVER-SAMBA Samba arbitrary file access exploit attempt (server-samba.rules) * 1:15984 <-> DISABLED <-> SERVER-SAMBA Samba Printer Change Notification Request DoS attempt (server-samba.rules) * 1:15985 <-> DISABLED <-> OS-WINDOWS Microsoft ASP.NET canonicalization exploit attempt (os-windows.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15988 <-> DISABLED <-> OS-WINDOWS Microsoft ISA Server DNS spoofing attempt (os-windows.rules) * 1:15989 <-> DISABLED <-> SERVER-OTHER Squid ASN.1 header parsing denial of service attempt (server-other.rules) * 1:1599 <-> DISABLED <-> SERVER-WEBAPP search.cgi access (server-webapp.rules) * 1:15990 <-> DISABLED <-> SERVER-WEBAPP Multiple Vendor server file disclosure attempt (server-webapp.rules) * 1:15992 <-> DISABLED <-> FILE-OTHER Trend Micro Products Antivirus Library overflow attempt (file-other.rules) * 1:15993 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript intrf_count integer overflow attempt (file-flash.rules) * 1:15994 <-> DISABLED <-> SERVER-OTHER Squid strListGetItem denial of service attempt (server-other.rules) * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:15996 <-> DISABLED <-> OS-WINDOWS Microsoft Negotiate SSP buffer overflow attempt (os-windows.rules) * 1:15997 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JIT escape function memory corruption attempt (browser-firefox.rules) * 1:15998 <-> DISABLED <-> SERVER-OTHER HP OpenView Client Configuration Manager Radia Notify Daemon code execution attempt (server-other.rules) * 1:15999 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:1600 <-> DISABLED <-> SERVER-WEBAPP htsearch arbitrary configuration file attempt (server-webapp.rules) * 1:16000 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16002 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16003 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16004 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:16006 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime color table id memory corruption attempt (file-multimedia.rules) * 1:16007 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:16008 <-> DISABLED <-> OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt (os-windows.rules) * 1:16009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products overflow event handling memory corruption attempt (browser-firefox.rules) * 1:1601 <-> DISABLED <-> SERVER-WEBAPP htsearch arbitrary file read attempt (server-webapp.rules) * 1:16010 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Javascript Page update race condition attempt (browser-ie.rules) * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:16013 <-> DISABLED <-> SERVER-OTHER IBM solidDB logging function format string exploit attempt (server-other.rules) * 1:16014 <-> DISABLED <-> SERVER-OTHER Novell eDirectory HTTP headers denial of service attempt (server-other.rules) * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules) * 1:16016 <-> DISABLED <-> OS-WINDOWS Microsoft client for netware overflow attempt (os-windows.rules) * 1:16017 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server invalid DN message buffer overflow attempt (server-other.rules) * 1:16018 <-> DISABLED <-> SERVER-OTHER HP OpenView network node manager buffer overflow (server-other.rules) * 1:16019 <-> DISABLED <-> SERVER-OTHER Novell Distributed Print Services integer overflow attempt (server-other.rules) * 1:1602 <-> DISABLED <-> SERVER-WEBAPP htsearch access (server-webapp.rules) * 1:16020 <-> DISABLED <-> SERVER-MYSQL login handshake information disclosure attempt (server-mysql.rules) * 1:16021 <-> DISABLED <-> SERVER-APACHE Apache http Server mod_tcl format string attempt (server-apache.rules) * 1:16022 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16023 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16024 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:16025 <-> DISABLED <-> SERVER-MAIL MailEnable SMTP service SPF lookup buffer overflow attempt (server-mail.rules) * 1:16027 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp midi file header overflow attempt (file-multimedia.rules) * 1:16028 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameters invalid memory access attempt (server-webapp.rules) * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules) * 1:1603 <-> DISABLED <-> SERVER-WEBAPP DELETE attempt (server-webapp.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16031 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested object tag memory corruption attempt (browser-ie.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed content attempt (browser-ie.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16035 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16036 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products QueryInterface method memory corruption attempt (browser-firefox.rules) * 1:16037 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products graphics and XML features integer overflows attempt (browser-firefox.rules) * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules) * 1:16039 <-> DISABLED <-> SERVER-OTHER EMC Dantz Retrospect Backup Agent denial of service attempt (server-other.rules) * 1:1604 <-> DISABLED <-> SERVER-WEBAPP iChat directory traversal attempt (server-webapp.rules) * 1:16040 <-> DISABLED <-> SERVER-OTHER SpamAssassin spamd vpopmail and paranoid options code execution attempt (server-other.rules) * 1:16041 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime FLIC animation file buffer overflow attempt (file-multimedia.rules) * 1:16042 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers CSS moz-binding cross domain scripting attempt (browser-firefox.rules) * 1:16043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html tag memory corruption attempt (browser-ie.rules) * 1:16044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSS Letter-Spacing overflow attempt (browser-firefox.rules) * 1:16045 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:16046 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia file format processing heap corruption attempt (file-multimedia.rules) * 1:16047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox layout frame constructor memory corruption attempt (browser-firefox.rules) * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules) * 1:1605 <-> DISABLED <-> SERVER-OTHER iParty DOS attempt (server-other.rules) * 1:16050 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16052 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:16053 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:16054 <-> DISABLED <-> FILE-IMAGE Apple QuickTime bitmap multiple header overflow (file-image.rules) * 1:16055 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes AAC file handling integer overflow attempt (file-multimedia.rules) * 1:16056 <-> DISABLED <-> SERVER-WEBAPP Symantec Scan Engine authentication bypass attempt (server-webapp.rules) * 1:16057 <-> DISABLED <-> SERVER-MAIL Sendmail smtp timeout buffer overflow attempt (server-mail.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:1606 <-> DISABLED <-> SERVER-WEBAPP icat access (server-webapp.rules) * 1:16060 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server memory exception attempt (server-other.rules) * 1:16061 <-> ENABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules) * 1:16063 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isindex buffer overflow attempt (browser-ie.rules) * 1:16064 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (browser-ie.rules) * 1:16065 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location.replace memory corruption attempt (browser-ie.rules) * 1:16066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server driver crafted SMB data denial of service (os-windows.rules) * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:16068 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:16069 <-> DISABLED <-> SERVER-OTHER IBM Informix server argument processing overflow attempt (server-other.rules) * 1:1607 <-> DISABLED <-> SERVER-WEBAPP HyperSeek hsx.cgi access (server-webapp.rules) * 1:16070 <-> DISABLED <-> FILE-OTHER X.org PCF parsing buffer overflow attempt (file-other.rules) * 1:16071 <-> DISABLED <-> SERVER-OTHER CA ARCServe Backup Discovery Service denial of service attempt (server-other.rules) * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules) * 1:16073 <-> DISABLED <-> OS-WINDOWS MS-SQL convert function unicode overflow (os-windows.rules) * 1:16074 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16075 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16076 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability nfs exploit attempt (server-other.rules) * 1:16077 <-> DISABLED <-> SERVER-OTHER Tripwire format string vulnerability ftp exploit attempt (server-other.rules) * 1:16078 <-> DISABLED <-> SERVER-WEBAPP PHP memory_limit vulnerability exploit attempt (server-webapp.rules) * 1:16079 <-> DISABLED <-> SERVER-WEBAPP uselang code injection (server-webapp.rules) * 1:1608 <-> DISABLED <-> SERVER-WEBAPP htmlscript attempt (server-webapp.rules) * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules) * 1:16081 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16082 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp XDR SString buffer overflow attempt (protocol-rpc.rules) * 1:16083 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp request (protocol-rpc.rules) * 1:16084 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp request (protocol-rpc.rules) * 1:16085 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp xml buffer overflow attempt (protocol-rpc.rules) * 1:16086 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 udp xml buffer overflow attempt (protocol-rpc.rules) * 1:16087 <-> DISABLED <-> FILE-OTHER Multiple vendor AV gateway virus detection bypass attempt (file-other.rules) * 1:16089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:16090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Core XML core services XMLHTTP control open method code execution attempt (browser-plugins.rules) * 1:16091 <-> DISABLED <-> SERVER-OTHER Macromedia Flash Media Server administration service denial of service attempt (server-other.rules) * 1:16092 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.delf.jwh runtime detection (malware-backdoor.rules) * 1:16093 <-> ENABLED <-> MALWARE-CNC bugsprey variant inbound connection (malware-cnc.rules) * 1:16094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.exchan.gen variant outbound connection (malware-cnc.rules) * 1:16095 <-> DISABLED <-> MALWARE-CNC td.exe variant outbound connection getfile (malware-cnc.rules) * 1:16096 <-> DISABLED <-> MALWARE-CNC td.exe variant outbound connection download (malware-cnc.rules) * 1:16097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.vvm variant outbound connection (malware-cnc.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules) * 1:16099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.wdv variant outbound connection (malware-cnc.rules) * 1:161 <-> DISABLED <-> MALWARE-BACKDOOR Matrix 2.0 Client connect (malware-backdoor.rules) * 1:1610 <-> DISABLED <-> SERVER-WEBAPP formmail arbitrary command execution attempt (server-webapp.rules) * 1:16100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection file.exe (malware-cnc.rules) * 1:16101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection 57329.exe (malware-cnc.rules) * 1:16102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.delf.phh variant outbound connection sft_ver1.1454.0.exe (malware-cnc.rules) * 1:16103 <-> DISABLED <-> MALWARE-CNC lost door 3.0 variant outbound connection (malware-cnc.rules) * 1:16104 <-> DISABLED <-> MALWARE-CNC lost door 3.0 variant outbound connection (malware-cnc.rules) * 1:16105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob variant outbound connection topqualityads (malware-cnc.rules) * 1:16106 <-> DISABLED <-> MALWARE-CNC synrat 2.1 pro variant outbound connection (malware-cnc.rules) * 1:16107 <-> DISABLED <-> MALWARE-CNC synrat 2.1 pro variant outbound connection (malware-cnc.rules) * 1:16108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.exchanger.gen2 variant outbound connection (malware-cnc.rules) * 1:16109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob.wwv variant outbound connection onestoponlineshop (malware-cnc.rules) * 1:1611 <-> DISABLED <-> SERVER-WEBAPP eXtropia webstore access (server-webapp.rules) * 1:16110 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob.wwv variant outbound connection childhe (malware-cnc.rules) * 1:16111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.zlob.wwv installtime detection (malware-cnc.rules) * 1:16112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.vhb variant outbound connection contact remote server (malware-cnc.rules) * 1:16113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.agent.vhb variant outbound connection request login page (malware-cnc.rules) * 1:16114 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - hijack (pua-toolbars.rules) * 1:16115 <-> DISABLED <-> PUA-TOOLBARS Hijacker cramtoolbar runtime detection - search (pua-toolbars.rules) * 1:16116 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (malware-other.rules) * 1:16117 <-> DISABLED <-> MALWARE-OTHER Trackware rightonadz.biz adrotator runtime detection - ads (malware-other.rules) * 1:16118 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - register request (pua-adware.rules) * 1:16119 <-> DISABLED <-> PUA-ADWARE Adware winreanimator runtime detection - daily update (pua-adware.rules) * 1:1612 <-> DISABLED <-> SERVER-WEBAPP ftp.pl attempt (server-webapp.rules) * 1:16120 <-> DISABLED <-> PUA-TOOLBARS Trackware 6sq toolbar runtime detection (pua-toolbars.rules) * 1:16121 <-> DISABLED <-> PUA-ADWARE Hijacker weatherstudio outbound connection (pua-adware.rules) * 1:16122 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - buy (pua-adware.rules) * 1:16123 <-> DISABLED <-> PUA-ADWARE rogue antivirus xp 2008 runtime detection - update (pua-adware.rules) * 1:16124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.nsis.agent.s variant outbound connection (malware-cnc.rules) * 1:16125 <-> DISABLED <-> MALWARE-OTHER Keylogger spyyahoo v2.2 runtime detection (malware-other.rules) * 1:16126 <-> DISABLED <-> PUA-ADWARE Trickler virusremover 2008 outbound connection (pua-adware.rules) * 1:16127 <-> DISABLED <-> PUA-ADWARE Adware superiorads runtime detection (pua-adware.rules) * 1:16129 <-> DISABLED <-> MALWARE-OTHER Keylogger kamyab Keylogger v.3 runtime detection (malware-other.rules) * 1:1613 <-> DISABLED <-> SERVER-WEBAPP handler attempt (server-webapp.rules) * 1:16130 <-> DISABLED <-> MALWARE-OTHER Keylogger lord spy pro 1.4 runtime detection (malware-other.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16132 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #1 (malware-other.rules) * 1:16133 <-> DISABLED <-> MALWARE-OTHER Trackware owlforce runtime detection - remote server #2 (malware-other.rules) * 1:16134 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - contacts remote server (pua-adware.rules) * 1:16135 <-> DISABLED <-> PUA-ADWARE Adware spyware guard 2008 runtime detection - purchase page (pua-adware.rules) * 1:16136 <-> DISABLED <-> PUA-ADWARE Hijacker xp antispyware 2009 runtime detection - pre-sale webpage (pua-adware.rules) * 1:16137 <-> DISABLED <-> MALWARE-OTHER Keylogger cheat monitor runtime detection (malware-other.rules) * 1:16138 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool 0desa msn pass stealer 8.5 runtime detection (malware-tools.rules) * 1:16139 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gen2 variant outbound connection scanner page (malware-cnc.rules) * 1:1614 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise gwweb.exe attempt (server-webapp.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules) * 1:16141 <-> DISABLED <-> SERVER-OTHER Kaspersky Online Scanner trojaned Dll download attempt (server-other.rules) * 1:16142 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PKCS11 module installation code execution attempt (browser-firefox.rules) * 1:16143 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules) * 1:16145 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:16147 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS malformed URL .dll denial of service attempt (server-iis.rules) * 1:16148 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime and iTunes heap memory corruption attempt (file-multimedia.rules) * 1:16149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream header remote code execution attempt (browser-ie.rules) * 1:1615 <-> DISABLED <-> SERVER-WEBAPP htgrep attempt (server-webapp.rules) * 1:16150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules) * 1:16151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized or deleted object access attempt (browser-ie.rules) * 1:16152 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer table layout unitialized or deleted object access attempt (browser-ie.rules) * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:16154 <-> DISABLED <-> FILE-EXECUTABLE GDI+ .NET image property parsing memory corruption (file-executable.rules) * 1:16155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer indexing service malformed parameters (browser-ie.rules) * 1:16156 <-> DISABLED <-> FILE-MULTIMEDIA Windows Media Player ASF marker object memory corruption attempt (file-multimedia.rules) * 1:16157 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed ASF voice codec memory corruption attempt (os-windows.rules) * 1:16158 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:16159 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Add-in for SQL Analysis Services 1 ActiveX clsid access (browser-plugins.rules) * 1:1616 <-> DISABLED <-> PROTOCOL-DNS named version attempt (protocol-dns.rules) * 1:16161 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Add-in for SQL Analysis Services 2 ActiveX clsid access (browser-plugins.rules) * 1:16163 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Add-in for SQL Analysis Services 3 ActiveX clsid access (browser-plugins.rules) * 1:16165 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Add-in for SQL Analysis Services 4 ActiveX clsid access (browser-plugins.rules) * 1:16167 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer wrap denial of service attempt (os-windows.rules) * 1:16168 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 integer overflow denial of service attempt (os-windows.rules) * 1:16169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:1617 <-> DISABLED <-> SERVER-WEBAPP Bugzilla doeditvotes.cgi access (server-webapp.rules) * 1:16172 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D line set heap corruption attempt (file-pdf.rules) * 1:16173 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt (file-pdf.rules) * 1:16174 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt (file-pdf.rules) * 1:16175 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.removeStateModel denial of service attempt (file-pdf.rules) * 1:16176 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.addStateModel remote corruption attempt (file-pdf.rules) * 1:16177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16178 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:16179 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL CLR interface multiple instantiation attempt (file-executable.rules) * 1:1618 <-> DISABLED <-> SERVER-IIS .asp chunked Transfer-Encoding (server-iis.rules) * 1:16181 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI ASN.1 integer overflow attempt (os-windows.rules) * 1:16182 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET MSIL stack corruption attempt (file-executable.rules) * 1:16183 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt (file-executable.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ compressed TIFF file parsing remote code execution attempt (os-windows.rules) * 1:16186 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules) * 1:16187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:16188 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:16189 <-> DISABLED <-> SERVER-ORACLE Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt (server-oracle.rules) * 1:16190 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (server-oracle.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16193 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent SMTP AUTH LOGIN command buffer overflow attempt (server-mail.rules) * 1:16194 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16197 <-> DISABLED <-> SERVER-OTHER OpenLDAP ber_get_next BER decoding denial of service attempt (server-other.rules) * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules) * 1:16199 <-> DISABLED <-> SERVER-MAIL SpamAssassin long message header denial of service attempt (server-mail.rules) * 1:162 <-> DISABLED <-> MALWARE-BACKDOOR Matrix 2.0 Server access (malware-backdoor.rules) * 1:16200 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox command line URL shell command injection attempt (browser-firefox.rules) * 1:16201 <-> DISABLED <-> SERVER-MAIL Ipswitch Collaboration Suite SMTP format string exploit attempt (server-mail.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS server spoofing attempt (os-windows.rules) * 1:16207 <-> DISABLED <-> SERVER-WEBAPP MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (server-webapp.rules) * 1:16208 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Distributed Management Objects overflow attempt (server-mssql.rules) * 1:16209 <-> DISABLED <-> SERVER-OTHER FreeRADIUS RADIUS server rad_decode remote denial of service attempt (server-other.rules) * 1:1621 <-> DISABLED <-> PROTOCOL-FTP CMD overflow attempt (protocol-ftp.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16214 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules) * 1:16215 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server Portal cross site scripting attempt (server-oracle.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16218 <-> DISABLED <-> SERVER-WEBAPP Content-Length request offset smuggling attempt (server-webapp.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:1622 <-> DISABLED <-> PROTOCOL-FTP RNFR ././ attempt (protocol-ftp.rules) * 1:16220 <-> DISABLED <-> FILE-OTHER Adobe Shockwave director file malformed lcsr block memory corruption attempt (file-other.rules) * 1:16221 <-> DISABLED <-> OS-WINDOWS Microsoft ISA and Forefront Threat Management Web Proxy TCP Listener denial of service attempt (os-windows.rules) * 1:16223 <-> DISABLED <-> FILE-OTHER Adobe Shockwave tSAC pointer overwrite attempt (file-other.rules) * 1:16224 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes invalid tref box exploit attempt (file-multimedia.rules) * 1:16225 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash arbitrary memory access attempt (file-other.rules) * 1:16226 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:16227 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:16228 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules) * 1:16229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ib memory corruption attempt (file-office.rules) * 1:1623 <-> DISABLED <-> PROTOCOL-FTP invalid MODE (protocol-ftp.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:16233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow attempt (file-office.rules) * 1:16234 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16235 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SXDB record exploit attempt (file-office.rules) * 1:16236 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:16237 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory NTDSA stack space exhaustion attempt (server-other.rules) * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:1624 <-> DISABLED <-> PROTOCOL-FTP PWD overflow attempt (protocol-ftp.rules) * 1:16240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file Window/Pane record exploit attempt (file-office.rules) * 1:16241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FeatHdr BIFF record remote code execution attempt (file-office.rules) * 1:16242 <-> DISABLED <-> MALWARE-CNC downloader-ash.gen.b variant outbound connection adload (malware-cnc.rules) * 1:16243 <-> DISABLED <-> MALWARE-CNC downloader-ash.gen.b variant outbound connection 3264.php (malware-cnc.rules) * 1:16244 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus runtime detection - purchase (pua-adware.rules) * 1:16245 <-> DISABLED <-> PUA-ADWARE rogue software xp police antivirus install-timedetection (pua-adware.rules) * 1:16246 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - purchase request (pua-adware.rules) * 1:16247 <-> DISABLED <-> PUA-ADWARE rogue software spyware protect 2009 outbound connection - block (pua-adware.rules) * 1:16248 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - start (pua-adware.rules) * 1:16249 <-> DISABLED <-> PUA-ADWARE rogue software ms antispyware 2009 runtime detection - pay (pua-adware.rules) * 1:1625 <-> DISABLED <-> PROTOCOL-FTP SYST overflow attempt (protocol-ftp.rules) * 1:16250 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16251 <-> DISABLED <-> PUA-ADWARE rogue software win pc defender outbound connection (pua-adware.rules) * 1:16252 <-> DISABLED <-> PUA-ADWARE rogue software pro antispyware 2009 runtime detection - purchase (pua-adware.rules) * 1:16253 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16254 <-> ENABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16255 <-> DISABLED <-> PUA-ADWARE rogue software system security 2009 outbound connection (pua-adware.rules) * 1:16256 <-> DISABLED <-> PUA-ADWARE rogue software coreguard antivirus 2009 runtime detection (pua-adware.rules) * 1:16257 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - update (pua-adware.rules) * 1:16258 <-> DISABLED <-> PUA-ADWARE rogue software perfect defender 2009 outbound connection - purchase (pua-adware.rules) * 1:16259 <-> DISABLED <-> PUA-ADWARE rogue software antivirusdoktor2009 runtime detection (pua-adware.rules) * 1:1626 <-> DISABLED <-> SERVER-IIS /StoreCSVS/InstantOrder.asmx request (server-iis.rules) * 1:16260 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - installation (pua-adware.rules) * 1:16261 <-> DISABLED <-> PUA-ADWARE rogue software xp antivirus protection runtime detection - runtime (pua-adware.rules) * 1:16262 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection (pua-adware.rules) * 1:16263 <-> DISABLED <-> PUA-ADWARE rogue software xp-shield outbound connection - installation (pua-adware.rules) * 1:16264 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - update (pua-adware.rules) * 1:16265 <-> DISABLED <-> PUA-ADWARE rogue software 007 anti-spyware runtime detection - register (pua-adware.rules) * 1:16266 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - buy (pua-adware.rules) * 1:16267 <-> DISABLED <-> PUA-ADWARE rogue software pc antispyware 2010 runtime detection - files (pua-adware.rules) * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules) * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules) * 1:16271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.1.Gen keepalive detection (malware-cnc.rules) * 1:16272 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.irc.tkb variant outbound connection lordhack (malware-cnc.rules) * 1:16273 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.irc.tkb variant outbound connection dxcpm (malware-cnc.rules) * 1:16274 <-> DISABLED <-> MALWARE-CNC Trickler trojan-spy.win32.pophot variant outbound connection connect to server (malware-cnc.rules) * 1:16275 <-> DISABLED <-> MALWARE-CNC Trickler trojan-spy.win32.pophot variant outbound connection download files (malware-cnc.rules) * 1:16276 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection (pua-adware.rules) * 1:16277 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl outbound connection - downloads malicious files (pua-adware.rules) * 1:16278 <-> DISABLED <-> PUA-ADWARE Trickler win32-fakealert.kl installime detection - updates remote server (pua-adware.rules) * 1:16279 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - pre-sale page (pua-adware.rules) * 1:1628 <-> DISABLED <-> SERVER-WEBAPP FormHandler.cgi directory traversal attempt attempt (server-webapp.rules) * 1:16280 <-> DISABLED <-> PUA-ADWARE rogue-software windows antivirus 2008 runtime detection - registration and payment page (pua-adware.rules) * 1:16281 <-> DISABLED <-> PUA-P2P BitTorrent scrape request (pua-p2p.rules) * 1:16282 <-> DISABLED <-> PUA-P2P Bittorrent uTP peer request (pua-p2p.rules) * 1:16283 <-> DISABLED <-> SERVER-WEBAPP Borland StarTeam Multicast Service buffer overflow attempt (server-webapp.rules) * 1:16284 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:16285 <-> DISABLED <-> PROTOCOL-RPC AIX ttdbserv function 15 buffer overflow attempt (protocol-rpc.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:16288 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16290 <-> DISABLED <-> SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt (server-oracle.rules) * 1:16291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Network Security Services regexp heap overflow attempt (browser-firefox.rules) * 1:16292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla CSS value counter overflow attempt (browser-firefox.rules) * 1:16293 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Flash memory corruption attempt (file-other.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:163 <-> DISABLED <-> MALWARE-BACKDOOR WinCrash 1.0 Server Active (malware-backdoor.rules) * 1:16300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:16301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:16305 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altiris Deployment Solution ActiveX clsid access attempt (browser-plugins.rules) * 1:16307 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altiris Deployment Solution ActiveX clsid access attempt (browser-plugins.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16310 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16311 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16312 <-> DISABLED <-> SERVER-IIS ADFS custom header arbitrary code execution attempt (server-iis.rules) * 1:16313 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:16314 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules) * 1:16316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed getPropertyLate actioncode attempt (file-flash.rules) * 1:16317 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mouse move during refresh memory corruption attempt (browser-ie.rules) * 1:16318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:16319 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat attempt (browser-ie.rules) * 1:16320 <-> DISABLED <-> FILE-IMAGE Adobe PNG empty sPLT exploit attempt (file-image.rules) * 1:16321 <-> DISABLED <-> FILE-IMAGE Adobe tiff oversized image length attempt (file-image.rules) * 1:16322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader oversized object width attempt (file-pdf.rules) * 1:16323 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16324 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader doc.export arbitrary file write attempt (file-pdf.rules) * 1:16325 <-> DISABLED <-> FILE-PDF Adobe JPEG2k uninitialized QCC memory corruption attempt (file-pdf.rules) * 1:16326 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 DOM memory corruption attempt (browser-ie.rules) * 1:16327 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt (os-windows.rules) * 1:16328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt (server-other.rules) * 1:16330 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer orphan DOM objects memory corruption attempt (browser-ie.rules) * 1:16331 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16333 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16335 <-> DISABLED <-> FILE-PDF XPDF ObjectStream integer overflow (file-pdf.rules) * 1:16336 <-> DISABLED <-> FILE-PDF Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (file-pdf.rules) * 1:16337 <-> DISABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules) * 1:16339 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt - obfuscated (browser-ie.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16340 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:16341 <-> DISABLED <-> SERVER-OTHER IBM DB2 Database Server invalid data stream denial of service attempt (server-other.rules) * 1:16342 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16345 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:16346 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16348 <-> DISABLED <-> SERVER-MYSQL database PROCEDURE ANALYSE denial of service attempt - 1 (server-mysql.rules) * 1:16349 <-> DISABLED <-> SERVER-MYSQL database Procedure Analyse denial of service attempt - 2 (server-mysql.rules) * 1:1635 <-> DISABLED <-> PROTOCOL-POP APOP overflow attempt (protocol-pop.rules) * 1:16350 <-> DISABLED <-> SERVER-OTHER ntp mode 7 denial of service attempt (server-other.rules) * 1:16351 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:16352 <-> DISABLED <-> OS-LINUX Linux Kernel NFSD Subsystem overflow attempt (os-linux.rules) * 1:16353 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg OGV file format memory corruption attempt (file-multimedia.rules) * 1:16354 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader start-of-file alternate header obfuscation (file-pdf.rules) * 1:16355 <-> DISABLED <-> FILE-PDF Xpdf Splash DrawImage integer overflow attempt (file-pdf.rules) * 1:16356 <-> DISABLED <-> SERVER-IIS multiple extension code execution attempt (server-iis.rules) * 1:16357 <-> DISABLED <-> PROTOCOL-FTP multiple extension code execution attempt (protocol-ftp.rules) * 1:16358 <-> DISABLED <-> MALWARE-CNC bugsprey variant outbound connection (malware-cnc.rules) * 1:16359 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:1636 <-> DISABLED <-> SERVER-OTHER Xtramail Username overflow attempt (server-other.rules) * 1:16360 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:16361 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules) * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules) * 1:16364 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server SQLSTT denial of service attempt (server-other.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules) * 1:16369 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:1637 <-> DISABLED <-> SERVER-WEBAPP yabb access (server-webapp.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16373 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshContinuation code execution attempt (file-pdf.rules) * 1:16374 <-> DISABLED <-> SERVER-OTHER Oracle Internet Directory heap corruption attempt (server-other.rules) * 1:16376 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:16377 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:16378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:16379 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui sapirrfc ActiveX clsid access (browser-plugins.rules) * 1:1638 <-> DISABLED <-> INDICATOR-SCAN SSH Version map attempt (indicator-scan.rules) * 1:16381 <-> ENABLED <-> NETBIOS SMB session negotiation request (netbios.rules) * 1:16382 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (browser-ie.rules) * 1:16383 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:16384 <-> DISABLED <-> SERVER-OTHER VMware Server ISAPI Extension remote denial of service attempt (server-other.rules) * 1:16385 <-> DISABLED <-> SERVER-MYSQL yaSSL library cert parsing stack overflow attempt (server-mysql.rules) * 1:16386 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access (browser-plugins.rules) * 1:16388 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX function call access (browser-plugins.rules) * 1:1639 <-> DISABLED <-> POLICY-SOCIAL IRC DCC file transfer request (policy-social.rules) * 1:16390 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader alternate file magic obfuscation (file-pdf.rules) * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules) * 1:16392 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0u7 authorization digest heap overflow (server-webapp.rules) * 1:16393 <-> DISABLED <-> SERVER-OTHER PostgreSQL bit substring buffer overflow attempt (server-other.rules) * 1:16395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB COPY command oversized pathname attempt (os-windows.rules) * 1:16397 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules) * 1:16398 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules) * 1:16399 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules) * 1:1640 <-> DISABLED <-> POLICY-SOCIAL IRC DCC chat request (policy-social.rules) * 1:16400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules) * 1:16401 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules) * 1:16402 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules) * 1:16403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules) * 1:16404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16409 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:1641 <-> DISABLED <-> SERVER-OTHER DB2 dos attempt (server-other.rules) * 1:16410 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint file LinkedSlide10Atom record parsing heap corruption attempt (file-office.rules) * 1:16411 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16412 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules) * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules) * 1:16416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:16417 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol Response overflow attempt (os-windows.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules) * 1:1642 <-> DISABLED <-> SERVER-WEBAPP document.d2w access (server-webapp.rules) * 1:16421 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16422 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt (file-image.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:16424 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Script Host Shell Object ActiveX clsid access (browser-plugins.rules) * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules) * 1:16426 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method (server-webapp.rules) * 1:16427 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0 WebDAV format string exploit attempt - LOCK method (server-webapp.rules) * 1:16428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overflow attempt (file-office.rules) * 1:16429 <-> DISABLED <-> SERVER-WEBAPP Novell iManager eDirectory plugin schema buffer overflow attempt - GET request (server-webapp.rules) * 1:1643 <-> DISABLED <-> SERVER-WEBAPP db2www access (server-webapp.rules) * 1:16430 <-> DISABLED <-> SERVER-WEBAPP Novell iManager eDirectory plugin schema buffer overflow attempt - POST request (server-webapp.rules) * 1:16431 <-> ENABLED <-> SQL generic sql with comments injection attempt - GET parameter (sql.rules) * 1:16432 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:16434 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:16435 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:16436 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:16437 <-> DISABLED <-> SERVER-OTHER CVS Entry line flag remote heap overflow attempt (server-other.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:16439 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - _TEST_ (malware-cnc.rules) * 1:1644 <-> DISABLED <-> SERVER-WEBAPP test-cgi attempt (server-webapp.rules) * 1:16440 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - ie (malware-cnc.rules) * 1:16441 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Download (malware-cnc.rules) * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules) * 1:16443 <-> DISABLED <-> POLICY-SOCIAL deny Gmail chat DNS request (policy-social.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt (protocol-voip.rules) * 1:16446 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp request (protocol-rpc.rules) * 1:16447 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin request attempt (protocol-rpc.rules) * 1:16448 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin tcp adm_build_path overflow attempt (protocol-rpc.rules) * 1:16449 <-> DISABLED <-> PROTOCOL-RPC portmap Solaris sadmin udp adm_build_path overflow attempt (protocol-rpc.rules) * 1:1645 <-> DISABLED <-> SERVER-WEBAPP testcgi access (server-webapp.rules) * 1:16452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer .hlp samba share download attempt (browser-ie.rules) * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules) * 1:16455 <-> DISABLED <-> MALWARE-OTHER Keylogger egyspy keylogger 1.13 runtime detection (malware-other.rules) * 1:16456 <-> DISABLED <-> PUA-ADWARE Rogue-Software ang antivirus 09 runtime detection (pua-adware.rules) * 1:16457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cutwail.AI variant outbound connection (malware-cnc.rules) * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules) * 1:1646 <-> DISABLED <-> SERVER-WEBAPP test.cgi access (server-webapp.rules) * 1:16461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:16462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules) * 1:16463 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules) * 1:16464 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 heap overflow attempt (file-office.rules) * 1:16465 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (file-office.rules) * 1:16466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel uninitialized stack variable code execution attempt (file-office.rules) * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:16469 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:16470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16475 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detected (file-identify.rules) * 1:16476 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducer file download request (file-identify.rules) * 1:16477 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerZ file download request (file-identify.rules) * 1:16478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint .MSProducerBF file download request (file-identify.rules) * 1:16479 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt - public shell code (server-apache.rules) * 1:1648 <-> DISABLED <-> SERVER-WEBAPP perl.exe command attempt (server-webapp.rules) * 1:16480 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:16483 <-> DISABLED <-> MALWARE-CNC Koobface worm submission of collected data to C&C server (malware-cnc.rules) * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules) * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules) * 1:16486 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - command execution attempt (malware-backdoor.rules) * 1:16487 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - yes command attempt (malware-backdoor.rules) * 1:16488 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - write file attempt (malware-backdoor.rules) * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules) * 1:1649 <-> DISABLED <-> SERVER-WEBAPP perl command attempt (server-webapp.rules) * 1:16490 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:16492 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari inline text box use after free attempt (browser-webkit.rules) * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16495 <-> DISABLED <-> MALWARE-CNC Rustock botnet variant outbound connection (malware-cnc.rules) * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules) * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:1650 <-> DISABLED <-> SERVER-WEBAPP tst.bat access (server-webapp.rules) * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules) * 1:16502 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based (browser-firefox.rules) * 1:16503 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules) * 1:16505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML parsing memory corruption attempt (browser-ie.rules) * 1:16506 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:16507 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt (browser-ie.rules) * 1:16508 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (browser-ie.rules) * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules) * 1:1651 <-> DISABLED <-> SERVER-WEBAPP environ.pl access (server-webapp.rules) * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules) * 1:16511 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by ProgID (browser-plugins.rules) * 1:16512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed span/div html document heap corruption attempt (browser-ie.rules) * 1:16513 <-> DISABLED <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules) * 1:16516 <-> DISABLED <-> SERVER-ORACLE Database sys.olapimpl_t package odcitablestart overflow attempt (server-oracle.rules) * 1:16517 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:16518 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:16519 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:1652 <-> DISABLED <-> SERVER-WEBAPP campas attempt (server-webapp.rules) * 1:16520 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:16521 <-> DISABLED <-> SERVER-OTHER Squid Proxy http version number overflow attempt (server-other.rules) * 1:16522 <-> DISABLED <-> SERVER-OTHER Novell QuickFinder server cross-site-scripting attempt (server-other.rules) * 1:16523 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:16524 <-> DISABLED <-> PROTOCOL-FTP ProFTPD username sql injection attempt (protocol-ftp.rules) * 1:16525 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN Messenger web login attempt (policy-social.rules) * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules) * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16534 <-> DISABLED <-> SERVER-OTHER Windows Server2000/2003/2008 SMTP service DNS MX lookup denial of service attempt (server-other.rules) * 1:16535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio improper attribute code execution attempt (file-office.rules) * 1:16536 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio off-by-one in array index code execution attempt (file-office.rules) * 1:16537 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknown compression algorithm use after free attempt (browser-plugins.rules) * 1:16538 <-> ENABLED <-> NETBIOS NT QUERY SECURITY DESC flowbit (netbios.rules) * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules) * 1:1654 <-> DISABLED <-> SERVER-WEBAPP cart32.exe access (server-webapp.rules) * 1:16540 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:16541 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Service stack overflow attempt (os-windows.rules) * 1:16542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:16543 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player codec code execution attempt (file-multimedia.rules) * 1:16545 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:16546 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt (file-pdf.rules) * 1:16549 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (file-other.rules) * 1:1655 <-> DISABLED <-> SERVER-WEBAPP pfdispaly.cgi arbitrary command execution attempt (server-webapp.rules) * 1:16550 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - java-deployment-toolkit (file-other.rules) * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules) * 1:16552 <-> DISABLED <-> FILE-IDENTIFY Adobe .pfb file download request (file-identify.rules) * 1:16553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ptg index parsing code execution attempt (file-office.rules) * 1:16554 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16556 <-> ENABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm get request attempt (file-other.rules) * 1:16557 <-> DISABLED <-> FILE-OTHER 2imaegshack/lmageshack IM worm inbound communication attempt (file-other.rules) * 1:16558 <-> DISABLED <-> MALWARE-CNC SdBot IRC Win.Trojan.server to client communication (malware-cnc.rules) * 1:1656 <-> DISABLED <-> SERVER-WEBAPP pfdispaly.cgi access (server-webapp.rules) * 1:16560 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS attempt (server-webapp.rules) * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1 (file-image.rules) * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2 (file-image.rules) * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3 (file-image.rules) * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4 (file-image.rules) * 1:16565 <-> DISABLED <-> BROWSER-PLUGINS Ultra Shareware Office Control ActiveX clsid access (browser-plugins.rules) * 1:16566 <-> DISABLED <-> BROWSER-PLUGINS Tumbleweed SecureTransport ActiveX clsid access (browser-plugins.rules) * 1:16568 <-> DISABLED <-> BROWSER-PLUGINS Altnet Download Manager ADM4 ActiveX clsid access (browser-plugins.rules) * 1:16569 <-> DISABLED <-> BROWSER-PLUGINS EnjoySAP kweditcontrol ActiveX clsid access (browser-plugins.rules) * 1:1657 <-> DISABLED <-> SERVER-WEBAPP pagelog.cgi directory traversal attempt (server-webapp.rules) * 1:16571 <-> DISABLED <-> BROWSER-PLUGINS EnjoySAP kweditcontrol ActiveX function call access (browser-plugins.rules) * 1:16573 <-> DISABLED <-> BROWSER-PLUGINS obfuscated ActiveX object instantiation via unescape (browser-plugins.rules) * 1:16574 <-> DISABLED <-> BROWSER-PLUGINS obfuscated ActiveX object instantiation via fromCharCode (browser-plugins.rules) * 1:16575 <-> DISABLED <-> BROWSER-PLUGINS RKD Software BarCode ActiveX buffer overflow attempt (browser-plugins.rules) * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules) * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules) * 1:16578 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt (os-windows.rules) * 1:16579 <-> DISABLED <-> PUA-OTHER mIRC IRC URL buffer overflow attempt (pua-other.rules) * 1:1658 <-> DISABLED <-> SERVER-WEBAPP pagelog.cgi access (server-webapp.rules) * 1:16580 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioFile2 ActiveX clsid access via object tag (browser-plugins.rules) * 1:16581 <-> DISABLED <-> BROWSER-PLUGINS Persits Software XUpload ActiveX clsid unsafe function access attempt (browser-plugins.rules) * 1:16582 <-> DISABLED <-> FILE-OTHER Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-other.rules) * 1:16584 <-> DISABLED <-> BROWSER-IE Oracle Java Web Start arbitrary command execution attempt - Internet Explorer (browser-ie.rules) * 1:16586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:16587 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altiris Deployment Solution ActiveX clsid access attempt (browser-plugins.rules) * 1:16588 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:16589 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:1659 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sendmail.cfm access (server-other.rules) * 1:16590 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail Objects ActiveX exploit attempt (browser-plugins.rules) * 1:16592 <-> DISABLED <-> BROWSER-OTHER Opera asynchronous document modifications attempted memory corruption (browser-other.rules) * 1:16593 <-> DISABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules) * 1:16594 <-> ENABLED <-> PROTOCOL-POP STAT command (protocol-pop.rules) * 1:16595 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail remote code execution attempt (server-mail.rules) * 1:16596 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari information disclosure and remote code execution attempt (browser-webkit.rules) * 1:16597 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent Email address processing buffer overflow attempt (server-mail.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16599 <-> DISABLED <-> BROWSER-PLUGINS AtHocGov IWSAlerts ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:1660 <-> DISABLED <-> SERVER-IIS trace.axd access (server-iis.rules) * 1:16600 <-> DISABLED <-> MALWARE-CNC Otlard Win.Trojan.activity (malware-cnc.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16602 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectShow 3 ActiveX exploit via JavaScript (browser-plugins.rules) * 1:16603 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (file-pdf.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested SPAN tag memory corruption attempt (browser-ie.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules) * 1:16607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX control access attempt (browser-plugins.rules) * 1:16608 <-> DISABLED <-> BROWSER-PLUGINS HP Mercury Quality Center SPIDERLib ActiveX control access attempt (browser-plugins.rules) * 1:16609 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Import ActiveX clsid access attempt (browser-plugins.rules) * 1:1661 <-> DISABLED <-> SERVER-IIS cmd32.exe access (server-iis.rules) * 1:16610 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX GetXMLValue method buffer overflow attempt (browser-plugins.rules) * 1:16611 <-> DISABLED <-> SERVER-APACHE Apache 413 error HTTP request method cross-site scripting attack (server-apache.rules) * 1:16612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt (browser-firefox.rules) * 1:16613 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:16614 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:16615 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:16616 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:16617 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:16618 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:16619 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:1662 <-> DISABLED <-> SERVER-WEBAPP /~ftp access (server-webapp.rules) * 1:16620 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:16621 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:16622 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:16623 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:16624 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:16625 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:16626 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:16627 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:16628 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:1663 <-> DISABLED <-> SERVER-WEBAPP *%20.pl access (server-webapp.rules) * 1:16630 <-> ENABLED <-> FILE-IDENTIFY DAT file download request (file-identify.rules) * 1:16631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after remove attempt (browser-webkit.rules) * 1:16632 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after reparent attempt (browser-webkit.rules) * 1:16633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:16634 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:16635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules) * 1:16637 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer security zone restriction bypass attempt (browser-ie.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:16639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:1664 <-> DISABLED <-> SERVER-WEBAPP mkplog.exe access (server-webapp.rules) * 1:16640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:16641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:16643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:16644 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:16645 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:16646 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:16647 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (file-office.rules) * 1:16648 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (file-office.rules) * 1:16650 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (file-office.rules) * 1:16651 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (file-office.rules) * 1:16652 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (file-office.rules) * 1:16653 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (file-office.rules) * 1:16654 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:16655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lbl record stack overflow attempt (file-office.rules) * 1:16656 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (file-office.rules) * 1:16657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DBQueryExt record memory corruption attempt (file-office.rules) * 1:16658 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules) * 1:16659 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:1666 <-> DISABLED <-> INDICATOR-COMPROMISE index of /cgi-bin/ response (indicator-compromise.rules) * 1:16660 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt (server-webapp.rules) * 1:16661 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:16664 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16666 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari window.parent.close unspecified remote code execution vulnerability (browser-webkit.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules) * 1:1667 <-> DISABLED <-> SERVER-WEBAPP cross site scripting HTML Image tag set to javascript attempt (server-webapp.rules) * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules) * 1:16671 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access ActiveX exploit attempt (browser-plugins.rules) * 1:16672 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:16673 <-> DISABLED <-> FILE-OTHER Adobe Shockwave DIR file PAMI chunk code execution attempt (file-other.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16675 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX control access (browser-plugins.rules) * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16677 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16678 <-> DISABLED <-> SERVER-WEBAPP Tandberg VCS local file disclosure attempt (server-webapp.rules) * 1:16679 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDIplus integer overflow attempt (os-windows.rules) * 1:1668 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/ access (server-webapp.rules) * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules) * 1:16681 <-> DISABLED <-> SERVER-WEBAPP Basic Authorization string overflow attempt (server-webapp.rules) * 1:16682 <-> DISABLED <-> SERVER-WEBAPP Oracle ONE Web Server JSP source code disclosure attempt (server-webapp.rules) * 1:16683 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp CAF file processing integer overflow attempt (file-multimedia.rules) * 1:16684 <-> DISABLED <-> SERVER-SAMBA Samba smbd Session Setup AndX security blob length dos attempt (server-samba.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16686 <-> DISABLED <-> SERVER-OTHER IBM WebSphere application server cross site scripting attempt (server-other.rules) * 1:16687 <-> DISABLED <-> BROWSER-PLUGINS Juniper Networks SSL-VPN Client JuniperSetup ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:1669 <-> DISABLED <-> SERVER-WEBAPP /cgi-dos/ access (server-webapp.rules) * 1:16690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16691 <-> ENABLED <-> FILE-IDENTIFY PLF playlist file download request (file-identify.rules) * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:16693 <-> ENABLED <-> MALWARE-CNC Torpig bot sinkhole server DNS lookup (malware-cnc.rules) * 1:16694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP request denial of service attempt (server-other.rules) * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16697 <-> DISABLED <-> PROTOCOL-FTP httpdx USER null byte denial of service (protocol-ftp.rules) * 1:16698 <-> DISABLED <-> PROTOCOL-FTP httpdx PASS null byte denial of service (protocol-ftp.rules) * 1:16699 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:1670 <-> DISABLED <-> SERVER-WEBAPP /home/ftp access (server-webapp.rules) * 1:16700 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16701 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16702 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16703 <-> DISABLED <-> SERVER-MYSQL Database COM_FIELD_LIST Buffer Overflow attempt (server-mysql.rules) * 1:16704 <-> DISABLED <-> BROWSER-PLUGINS CA eTrust PestPatrol ActiveX Initialize method overflow attempt (browser-plugins.rules) * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16707 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_CREATE_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16708 <-> DISABLED <-> SERVER-MYSQL mysql_log COM_DROP_DB format string vulnerability exploit attempt (server-mysql.rules) * 1:16709 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETERS empty DataConvertBuffer header denial of service attempt (server-other.rules) * 1:1671 <-> DISABLED <-> SERVER-WEBAPP /home/www access (server-webapp.rules) * 1:16710 <-> DISABLED <-> SERVER-OTHER Oracle BEA Weblogic server console-help.portal cross-site scripting attempt (server-other.rules) * 1:16711 <-> DISABLED <-> BROWSER-PLUGINS E-Book Systems FlipViewer FlipViewerX.dll activex clsid access ActiveX clsid access (browser-plugins.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16714 <-> DISABLED <-> BROWSER-PLUGINS SoftArtisans XFile FileManager ActiveX Control access attempt (browser-plugins.rules) * 1:16715 <-> DISABLED <-> BROWSER-PLUGINS SaschArt SasCam Webcam Server ActiveX control exploit attempt (browser-plugins.rules) * 1:16716 <-> DISABLED <-> FILE-IMAGE multiple products PNG processing buffer overflow attempt (file-image.rules) * 1:16717 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (server-oracle.rules) * 1:16718 <-> DISABLED <-> PUA-OTHER Skype URI handler input validation exploit attempt (pua-other.rules) * 1:16719 <-> DISABLED <-> FILE-OTHER CA multiple product AV engine CAB header parsing stack overflow attempt (file-other.rules) * 1:1672 <-> DISABLED <-> PROTOCOL-FTP CWD ~ attempt (protocol-ftp.rules) * 1:16720 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player TY processing buffer overflow attempt (file-multimedia.rules) * 1:16721 <-> DISABLED <-> FILE-OTHER Orbital Viewer .orb stack buffer overflow attempt (file-other.rules) * 1:16722 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16723 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16724 <-> DISABLED <-> OS-LINUX Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (os-linux.rules) * 1:16725 <-> DISABLED <-> BROWSER-PLUGINS ActivePDF WebGrabber APWebGrb.ocx GetStatus method overflow attempt (browser-plugins.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16729 <-> DISABLED <-> BROWSER-PLUGINS McAfee Remediation client ActiveX control access attempt (browser-plugins.rules) * 1:1673 <-> DISABLED <-> SERVER-ORACLE EXECUTE_SYSTEM attempt (server-oracle.rules) * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16734 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:16735 <-> DISABLED <-> FILE-OTHER URSoft W32Dasm Import/Export function buffer overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA Multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:1674 <-> DISABLED <-> SERVER-ORACLE connect_data remote version detection attempt (server-oracle.rules) * 1:16740 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Works WkImgSrv.dll ActiveX control code execution attempt (browser-plugins.rules) * 1:16741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Works WkImgSrv.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:16742 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file download request (file-identify.rules) * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules) * 1:16744 <-> DISABLED <-> FILE-MULTIMEDIA Worldweaver DX Studio Player plug-in command injection attempt (file-multimedia.rules) * 1:16745 <-> DISABLED <-> BROWSER-PLUGINS DjVu ActiveX control access attempt (browser-plugins.rules) * 1:16746 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX clsid access (browser-plugins.rules) * 1:16748 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX function call access (browser-plugins.rules) * 1:1675 <-> DISABLED <-> SERVER-ORACLE misparsed login response (server-oracle.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules) * 1:16754 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16758 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16759 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:1676 <-> DISABLED <-> SERVER-ORACLE select union attempt (server-oracle.rules) * 1:16760 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16761 <-> ENABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16762 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX andx attempt (netbios.rules) * 1:16763 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX attempt (netbios.rules) * 1:16764 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode andx attempt (netbios.rules) * 1:16765 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode attempt (netbios.rules) * 1:16766 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow andx attempt (netbios.rules) * 1:16767 <-> DISABLED <-> BROWSER-PLUGINS AwingSoft Web3D Player SceneURL ActiveX clsid access (browser-plugins.rules) * 1:16769 <-> DISABLED <-> BROWSER-PLUGINS AwingSoft Web3D Player ActiveX function call access (browser-plugins.rules) * 1:1677 <-> DISABLED <-> SERVER-ORACLE select like '%' attempt (server-oracle.rules) * 1:16771 <-> DISABLED <-> BROWSER-PLUGINS AwingSoft Web3D Player WindsPlayerIE.View.1 ActiveX SceneURL method overflow attempt (browser-plugins.rules) * 1:16772 <-> DISABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX clsid access (browser-plugins.rules) * 1:16774 <-> DISABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX function call access (browser-plugins.rules) * 1:16776 <-> DISABLED <-> BROWSER-PLUGINS KeyWorks KeyHelp ActiveX control JumpURL method access attempt (browser-plugins.rules) * 1:16777 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16778 <-> DISABLED <-> SERVER-ORACLE Secure Backup NDMP packet handling DoS attempt (server-oracle.rules) * 1:16779 <-> DISABLED <-> BROWSER-PLUGINS EasyMail IMAP4 ActiveX clsid access (browser-plugins.rules) * 1:1678 <-> DISABLED <-> SERVER-ORACLE select like '%' attempt backslash escaped (server-oracle.rules) * 1:16781 <-> DISABLED <-> BROWSER-PLUGINS EasyMail IMAP4 ActiveX function call access (browser-plugins.rules) * 1:16783 <-> DISABLED <-> BROWSER-PLUGINS Autodesk iDrop ActiveX clsid access (browser-plugins.rules) * 1:16784 <-> DISABLED <-> BROWSER-PLUGINS Autodesk iDrop ActiveX function call access (browser-plugins.rules) * 1:16785 <-> DISABLED <-> BROWSER-PLUGINS AwingSoft Winds3D Player SceneURL method command execution attempt (browser-plugins.rules) * 1:16786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Web Components Spreadsheet ActiveX buffer overflow attempt (file-office.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:16788 <-> DISABLED <-> SERVER-OTHER RealVNC VNC Server ClientCutText message memory corruption attempt (server-other.rules) * 1:16789 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Crypt 2 ActiveX object access attempt (browser-plugins.rules) * 1:1679 <-> DISABLED <-> SERVER-ORACLE describe attempt (server-oracle.rules) * 1:16790 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Crypt 2 ActiveX clsid access attempt (browser-plugins.rules) * 1:16791 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui EAI WebViewer3D ActiveX clsid access (browser-plugins.rules) * 1:16793 <-> DISABLED <-> BROWSER-PLUGINS SAP AG SAPgui EAI WebViewer3D ActiveX function call access (browser-plugins.rules) * 1:16795 <-> DISABLED <-> BROWSER-CHROME Google Chrome FTP handling out-of-bounds array index denial of service attempt (browser-chrome.rules) * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:16799 <-> DISABLED <-> SERVER-MAIL Eureka Mail 2.2q server error response overflow attempt (server-mail.rules) * 1:1680 <-> DISABLED <-> SERVER-ORACLE all_constraints access (server-oracle.rules) * 1:16800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:16801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll remote memory corruption denial of service attempt (file-pdf.rules) * 1:16802 <-> DISABLED <-> BROWSER-PLUGINS WinDVD IASystemInfo.dll ActiveX clsid access (browser-plugins.rules) * 1:16804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - initial load (malware-cnc.rules) * 1:16805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E config check (malware-cnc.rules) * 1:16806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - FTP upload seclog (malware-cnc.rules) * 1:16807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - FTP Upload ps_dump (malware-cnc.rules) * 1:16808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - register client (malware-cnc.rules) * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:1681 <-> DISABLED <-> SERVER-ORACLE all_views access (server-oracle.rules) * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16813 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16814 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16815 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16818 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16819 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:1682 <-> DISABLED <-> SERVER-ORACLE all_source access (server-oracle.rules) * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16821 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16825 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16829 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:1683 <-> DISABLED <-> SERVER-ORACLE all_tables access (server-oracle.rules) * 1:16830 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16831 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:1684 <-> DISABLED <-> SERVER-ORACLE all_tab_columns access (server-oracle.rules) * 1:1685 <-> DISABLED <-> SERVER-ORACLE all_tab_privs access (server-oracle.rules) * 1:1686 <-> DISABLED <-> SERVER-ORACLE dba_tablespace access (server-oracle.rules) * 1:1687 <-> DISABLED <-> SERVER-ORACLE dba_tables access (server-oracle.rules) * 1:1688 <-> DISABLED <-> SERVER-ORACLE user_tablespace access (server-oracle.rules) * 1:1689 <-> DISABLED <-> SERVER-ORACLE sys.all_users access (server-oracle.rules) * 1:1690 <-> DISABLED <-> SERVER-ORACLE grant attempt (server-oracle.rules) * 1:1691 <-> DISABLED <-> SERVER-ORACLE ALTER USER attempt (server-oracle.rules) * 1:16911 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - ucsp0416.exe?t= (malware-cnc.rules) * 1:16912 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - net/cfg2.bin (malware-cnc.rules) * 1:16913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - count_log/log/boot.php?p= (malware-cnc.rules) * 1:16914 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .bin?ucsp (malware-cnc.rules) * 1:16915 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /MNG/Download/?File=AZF (malware-cnc.rules) * 1:16916 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /jarun/jezerce (malware-cnc.rules) * 1:16917 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /ekaterina/velika (malware-cnc.rules) * 1:16918 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /ultimate/fight (malware-cnc.rules) * 1:16919 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /tmp/pm.exe?t= (malware-cnc.rules) * 1:1692 <-> DISABLED <-> SERVER-ORACLE drop table attempt (server-oracle.rules) * 1:16920 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /DownLoadFile/BaePo/ver (malware-cnc.rules) * 1:16921 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /s1/launcher/update/Update/data/ (malware-cnc.rules) * 1:16922 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (malware-cnc.rules) * 1:16923 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /search.php?username=coolweb07&keywords= (malware-cnc.rules) * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules) * 1:16925 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /message.php?subid= (malware-cnc.rules) * 1:16926 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (malware-cnc.rules) * 1:16927 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MGWEB.php?c=TestUrl (malware-cnc.rules) * 1:16928 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (malware-cnc.rules) * 1:16929 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - gate.php?guid= (malware-cnc.rules) * 1:1693 <-> DISABLED <-> SERVER-ORACLE create table attempt (server-oracle.rules) * 1:16930 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - count.asp?mac= (malware-cnc.rules) * 1:16931 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - feedbigfoot.php?m= (malware-cnc.rules) * 1:16932 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /qqnongchang/qqkj. (malware-cnc.rules) * 1:16933 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /root/9 frt.rar (malware-cnc.rules) * 1:16934 <-> DISABLED <-> POLICY-SPAM pku-edp.cn known spam email attempt (policy-spam.rules) * 1:16935 <-> DISABLED <-> POLICY-SPAM sjtu-edp.cn known spam email attempt (policy-spam.rules) * 1:16936 <-> DISABLED <-> POLICY-SPAM xoposuhop.cn xoposuhop.cn known spam email attempt (policy-spam.rules) * 1:16937 <-> DISABLED <-> POLICY-SPAM bestdrug-store.com known spam email attempt (policy-spam.rules) * 1:16938 <-> DISABLED <-> POLICY-SPAM pharmrik66y.ru known spam email attempt (policy-spam.rules) * 1:16939 <-> DISABLED <-> POLICY-SPAM refillleonardo59y.ru known spam email attempt (policy-spam.rules) * 1:1694 <-> DISABLED <-> SERVER-ORACLE alter table attempt (server-oracle.rules) * 1:16940 <-> DISABLED <-> POLICY-SPAM medfreddie55a.ru known spam email attempt (policy-spam.rules) * 1:16941 <-> DISABLED <-> POLICY-SPAM drugshershel38w.ru known spam email attempt (policy-spam.rules) * 1:16942 <-> DISABLED <-> POLICY-SPAM drugshayyim77n.ru known spam email attempt (policy-spam.rules) * 1:16943 <-> DISABLED <-> POLICY-SPAM erectguthry99c.ru known spam email attempt (policy-spam.rules) * 1:16944 <-> DISABLED <-> POLICY-SPAM pilldory92n.ru known spam email attempt (policy-spam.rules) * 1:16945 <-> DISABLED <-> POLICY-SPAM tabwinn77t.ru known spam email attempt (policy-spam.rules) * 1:16946 <-> DISABLED <-> POLICY-SPAM pillrenault15j.ru known spam email attempt (policy-spam.rules) * 1:16947 <-> DISABLED <-> POLICY-SPAM pharmrolland95h.ru known spam email attempt (policy-spam.rules) * 1:16948 <-> DISABLED <-> POLICY-SPAM onlineheindrick60i.ru known spam email attempt (policy-spam.rules) * 1:16949 <-> DISABLED <-> POLICY-SPAM erectnormie71a.ru known spam email attempt (policy-spam.rules) * 1:1695 <-> DISABLED <-> SERVER-ORACLE truncate table attempt (server-oracle.rules) * 1:16950 <-> DISABLED <-> POLICY-SPAM tabscotti71i.ru known spam email attempt (policy-spam.rules) * 1:16951 <-> DISABLED <-> POLICY-SPAM drugsjudd45f.ru known spam email attempt (policy-spam.rules) * 1:16952 <-> DISABLED <-> POLICY-SPAM pharmharman55y.ru known spam email attempt (policy-spam.rules) * 1:16953 <-> DISABLED <-> POLICY-SPAM medgaultiero11e.ru known spam email attempt (policy-spam.rules) * 1:16954 <-> DISABLED <-> POLICY-SPAM pillgaylor21n.ru known spam email attempt (policy-spam.rules) * 1:16955 <-> DISABLED <-> POLICY-SPAM drugspenn84f.ru known spam email attempt (policy-spam.rules) * 1:16956 <-> DISABLED <-> POLICY-SPAM medebeneser68c.ru known spam email attempt (policy-spam.rules) * 1:16957 <-> DISABLED <-> POLICY-SPAM tabmario94r.ru known spam email attempt (policy-spam.rules) * 1:16958 <-> DISABLED <-> POLICY-SPAM tablennard88q.ru known spam email attempt (policy-spam.rules) * 1:16959 <-> DISABLED <-> POLICY-SPAM medforster79j.ru known spam email attempt (policy-spam.rules) * 1:1696 <-> DISABLED <-> SERVER-ORACLE create database attempt (server-oracle.rules) * 1:16960 <-> DISABLED <-> POLICY-SPAM erectvincent21v.ru known spam email attempt (policy-spam.rules) * 1:16961 <-> DISABLED <-> POLICY-SPAM drugsdemott21o.ru known spam email attempt (policy-spam.rules) * 1:16962 <-> DISABLED <-> POLICY-SPAM onlinelovell30p.ru known spam email attempt (policy-spam.rules) * 1:16963 <-> DISABLED <-> POLICY-SPAM erecttaylor49i.ru known spam email attempt (policy-spam.rules) * 1:16964 <-> DISABLED <-> POLICY-SPAM smellexact.ru known spam email attempt (policy-spam.rules) * 1:16965 <-> DISABLED <-> POLICY-SPAM givehome.ru known spam email attempt (policy-spam.rules) * 1:16966 <-> DISABLED <-> POLICY-SPAM thingpath.ru known spam email attempt (policy-spam.rules) * 1:16967 <-> DISABLED <-> POLICY-SPAM wereif.ru known spam email attempt (policy-spam.rules) * 1:16968 <-> DISABLED <-> POLICY-SPAM bassmax.ru known spam email attempt (policy-spam.rules) * 1:16969 <-> DISABLED <-> POLICY-SPAM steadfig.ru known spam email attempt (policy-spam.rules) * 1:1697 <-> DISABLED <-> SERVER-ORACLE alter database attempt (server-oracle.rules) * 1:16970 <-> DISABLED <-> POLICY-SPAM drugsmayne5a.ru known spam email attempt (policy-spam.rules) * 1:16971 <-> DISABLED <-> POLICY-SPAM mystick.ru known spam email attempt (policy-spam.rules) * 1:16972 <-> DISABLED <-> POLICY-SPAM drugsrey95a.ru known spam email attempt (policy-spam.rules) * 1:16973 <-> DISABLED <-> POLICY-SPAM milklowly.ru known spam email attempt (policy-spam.rules) * 1:16974 <-> DISABLED <-> POLICY-SPAM numberenough.ru known spam email attempt (policy-spam.rules) * 1:16975 <-> DISABLED <-> POLICY-SPAM oldsheer.ru known spam email attempt (policy-spam.rules) * 1:16976 <-> DISABLED <-> POLICY-SPAM logzest.ru known spam email attempt (policy-spam.rules) * 1:16977 <-> DISABLED <-> POLICY-SPAM energypotent.ru known spam email attempt (policy-spam.rules) * 1:16978 <-> DISABLED <-> POLICY-SPAM outhave.ru known spam email attempt (policy-spam.rules) * 1:16979 <-> DISABLED <-> POLICY-SPAM solvecalm.ru known spam email attempt (policy-spam.rules) * 1:16980 <-> DISABLED <-> POLICY-SPAM stillvisit.ru known spam email attempt (policy-spam.rules) * 1:16981 <-> DISABLED <-> POLICY-SPAM livelycall.ru known spam email attempt (policy-spam.rules) * 1:16982 <-> DISABLED <-> POLICY-SPAM 64.com1.ru known spam email attempt (policy-spam.rules) * 1:16983 <-> DISABLED <-> POLICY-SPAM heatsettle.ru known spam email attempt (policy-spam.rules) * 1:16984 <-> DISABLED <-> POLICY-SPAM freshmuch.ru known spam email attempt (policy-spam.rules) * 1:16985 <-> DISABLED <-> POLICY-SPAM extoleye.ru known spam email attempt (policy-spam.rules) * 1:16987 <-> DISABLED <-> POLICY-SPAM tabemmerich86b.ru known spam email attempt (policy-spam.rules) * 1:16988 <-> DISABLED <-> POLICY-SPAM moderneight.ru known spam email attempt (policy-spam.rules) * 1:16989 <-> DISABLED <-> POLICY-SPAM tabferd49a.ru known spam email attempt (policy-spam.rules) * 1:16990 <-> DISABLED <-> POLICY-SPAM nextmail.ru known spam email attempt (policy-spam.rules) * 1:16991 <-> DISABLED <-> POLICY-SPAM fruitone.ru known spam email attempt (policy-spam.rules) * 1:16992 <-> DISABLED <-> POLICY-SPAM liquideat.ru known spam email attempt (policy-spam.rules) * 1:16993 <-> DISABLED <-> POLICY-SPAM tabwinn2a.ru known spam email attempt (policy-spam.rules) * 1:16994 <-> DISABLED <-> POLICY-SPAM abletool.ru known spam email attempt (policy-spam.rules) * 1:16995 <-> DISABLED <-> POLICY-SPAM miltyrefil.ru known spam email attempt (policy-spam.rules) * 1:16996 <-> DISABLED <-> POLICY-SPAM quincytab.ru known spam email attempt (policy-spam.rules) * 1:16997 <-> DISABLED <-> POLICY-SPAM giacoporx.ru known spam email attempt (policy-spam.rules) * 1:16998 <-> DISABLED <-> POLICY-SPAM drugsnevile.ru known spam email attempt (policy-spam.rules) * 1:16999 <-> DISABLED <-> POLICY-SPAM jasemed.ru known spam email attempt (policy-spam.rules) * 1:1700 <-> DISABLED <-> SERVER-WEBAPP imagemap.exe access (server-webapp.rules) * 1:17000 <-> DISABLED <-> POLICY-SPAM ximenezdrug.ru known spam email attempt (policy-spam.rules) * 1:17001 <-> DISABLED <-> POLICY-SPAM dillonline.ru known spam email attempt (policy-spam.rules) * 1:17002 <-> DISABLED <-> POLICY-SPAM swellliquid.ru known spam email attempt (policy-spam.rules) * 1:17003 <-> DISABLED <-> POLICY-SPAM younglaugh.ru known spam email attempt (policy-spam.rules) * 1:17004 <-> DISABLED <-> POLICY-SPAM 2047757.kaskad-travel.ru known spam email attempt (policy-spam.rules) * 1:17005 <-> DISABLED <-> POLICY-SPAM paintwater.ru known spam email attempt (policy-spam.rules) * 1:17006 <-> DISABLED <-> POLICY-SPAM lovingover.ru known spam email attempt (policy-spam.rules) * 1:17007 <-> DISABLED <-> POLICY-SPAM pharmerastus.ru known spam email attempt (policy-spam.rules) * 1:17008 <-> DISABLED <-> POLICY-SPAM hisoffer.ru known spam email attempt (policy-spam.rules) * 1:17009 <-> DISABLED <-> POLICY-SPAM butleft.ru known spam email attempt (policy-spam.rules) * 1:1701 <-> DISABLED <-> SERVER-WEBAPP calendar-admin.pl access (server-webapp.rules) * 1:17010 <-> DISABLED <-> POLICY-SPAM starknow.ru known spam email attempt (policy-spam.rules) * 1:17011 <-> DISABLED <-> POLICY-SPAM beginwisdom.ru known spam email attempt (policy-spam.rules) * 1:17012 <-> DISABLED <-> POLICY-SPAM oneus.ru known spam email attempt (policy-spam.rules) * 1:17013 <-> DISABLED <-> POLICY-SPAM reapcomfy.ru known spam email attempt (policy-spam.rules) * 1:17014 <-> DISABLED <-> POLICY-SPAM rowsay.ru known spam email attempt (policy-spam.rules) * 1:17015 <-> DISABLED <-> POLICY-SPAM pamperletter.ru known spam email attempt (policy-spam.rules) * 1:17016 <-> DISABLED <-> POLICY-SPAM boxdouble.ru known spam email attempt (policy-spam.rules) * 1:17017 <-> DISABLED <-> POLICY-SPAM beatmoon.ru known spam email attempt (policy-spam.rules) * 1:17018 <-> DISABLED <-> POLICY-SPAM ensureequate.ru known spam email attempt (policy-spam.rules) * 1:1702 <-> DISABLED <-> SERVER-WEBAPP Amaya templates sendtemp.pl access (server-webapp.rules) * 1:17020 <-> DISABLED <-> POLICY-SPAM sheerwheel.ru known spam email attempt (policy-spam.rules) * 1:17021 <-> DISABLED <-> POLICY-SPAM nearpass.ru known spam email attempt (policy-spam.rules) * 1:17022 <-> DISABLED <-> POLICY-SPAM thatmile.ru known spam email attempt (policy-spam.rules) * 1:17023 <-> DISABLED <-> POLICY-SPAM hillfoot.ru known spam email attempt (policy-spam.rules) * 1:17024 <-> DISABLED <-> POLICY-SPAM writeobject.ru known spam email attempt (policy-spam.rules) * 1:17025 <-> DISABLED <-> POLICY-SPAM thoughthese.ru known spam email attempt (policy-spam.rules) * 1:17026 <-> DISABLED <-> POLICY-SPAM redlead.ru known spam email attempt (policy-spam.rules) * 1:17027 <-> DISABLED <-> POLICY-SPAM scoreenjoy.ru known spam email attempt (policy-spam.rules) * 1:17029 <-> DISABLED <-> POLICY-SPAM tenderpower.ru known spam email attempt (policy-spam.rules) * 1:1703 <-> DISABLED <-> SERVER-WEBAPP auktion.cgi directory traversal attempt (server-webapp.rules) * 1:17030 <-> DISABLED <-> POLICY-SPAM fewvalley.ru known spam email attempt (policy-spam.rules) * 1:17031 <-> DISABLED <-> POLICY-SPAM burnshy.ru known spam email attempt (policy-spam.rules) * 1:17032 <-> DISABLED <-> POLICY-SPAM centtry.ru known spam email attempt (policy-spam.rules) * 1:17033 <-> DISABLED <-> POLICY-SPAM signpearl.ru known spam email attempt (policy-spam.rules) * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:17038 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 1 (file-office.rules) * 1:17039 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules) * 1:1704 <-> DISABLED <-> SERVER-WEBAPP cal_make.pl directory traversal attempt (server-webapp.rules) * 1:17041 <-> DISABLED <-> SERVER-OTHER ISA Server OTP-based Forms-authorization fallback policy bypass attempt (server-other.rules) * 1:17042 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:17044 <-> ENABLED <-> SQL WinCC DB default password security bypass attempt (sql.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:1705 <-> DISABLED <-> SERVER-WEBAPP echo.bat arbitrary command execution attempt (server-webapp.rules) * 1:17050 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration Server authentication bypass attempt (server-webapp.rules) * 1:17051 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17052 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17053 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17054 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access attempt (browser-plugins.rules) * 1:17055 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS TNS Listener denial of service attempt (server-oracle.rules) * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules) * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules) * 1:17059 <-> DISABLED <-> PROTOCOL-FTP Vermillion 1.31 vftpd port command memory corruption (protocol-ftp.rules) * 1:1706 <-> DISABLED <-> SERVER-WEBAPP echo.bat access (server-webapp.rules) * 1:17060 <-> DISABLED <-> BROWSER-PLUGINS Roxio CinePlayer SonicDVDDashVRNav.dll ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:17061 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Personal Firewall 2004 ActiveX clsid access (browser-plugins.rules) * 1:17063 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 1 ActiveX clsid access (browser-plugins.rules) * 1:17065 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 2 ActiveX clsid access (browser-plugins.rules) * 1:17067 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 3 ActiveX clsid access (browser-plugins.rules) * 1:17069 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 4 ActiveX clsid access (browser-plugins.rules) * 1:1707 <-> DISABLED <-> SERVER-WEBAPP hello.bat arbitrary command execution attempt (server-webapp.rules) * 1:17071 <-> DISABLED <-> BROWSER-PLUGINS Logitech Video Call 5 ActiveX clsid access (browser-plugins.rules) * 1:17073 <-> DISABLED <-> BROWSER-PLUGINS Ask Toolbar AskJeevesToolBar.SettingsPlugin ActiveX clsid access (browser-plugins.rules) * 1:17075 <-> DISABLED <-> BROWSER-PLUGINS Ask Toolbar AskJeevesToolBar.SettingsPlugin ActiveX function call access (browser-plugins.rules) * 1:17077 <-> DISABLED <-> BROWSER-PLUGINS Ask Toolbar AskJeevesToolBar.SettingsPlugin.1 ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:17078 <-> DISABLED <-> BROWSER-PLUGINS GOM Player GomWeb ActiveX clsid access (browser-plugins.rules) * 1:1708 <-> DISABLED <-> SERVER-WEBAPP hello.bat access (server-webapp.rules) * 1:17080 <-> DISABLED <-> BROWSER-PLUGINS GOM Player GomWeb ActiveX function call access (browser-plugins.rules) * 1:17082 <-> DISABLED <-> BROWSER-PLUGINS SonicWALL SSL-VPN NeLaunchCtrl ActiveX clsid access (browser-plugins.rules) * 1:17084 <-> DISABLED <-> BROWSER-PLUGINS Creative Software AutoUpdate Engine ActiveX clsid access (browser-plugins.rules) * 1:17086 <-> DISABLED <-> BROWSER-PLUGINS Creative Software AutoUpdate Engine CTSUEng.ocx ActiveX control access attempt (browser-plugins.rules) * 1:17087 <-> DISABLED <-> BROWSER-PLUGINS VeryDOC PDF Viewer ActiveX clsid access (browser-plugins.rules) * 1:17089 <-> DISABLED <-> BROWSER-PLUGINS VeryDOC PDF Viewer ActiveX function call access (browser-plugins.rules) * 1:1709 <-> DISABLED <-> SERVER-WEBAPP ad.cgi access (server-webapp.rules) * 1:17091 <-> DISABLED <-> BROWSER-PLUGINS VeryDOC PDF Viewer ActiveX control OpenPDF buffer overflow attempt (browser-plugins.rules) * 1:17092 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid access (browser-plugins.rules) * 1:17094 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call access (browser-plugins.rules) * 1:17096 <-> DISABLED <-> BROWSER-PLUGINS AOL WinAmpX ActiveX clsid access (browser-plugins.rules) * 1:17098 <-> DISABLED <-> BROWSER-PLUGINS AOL IWinAmpActiveX class ConvertFile buffer overflow attempt (browser-plugins.rules) * 1:17099 <-> DISABLED <-> BROWSER-PLUGINS CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX clsid access (browser-plugins.rules) * 1:1710 <-> DISABLED <-> SERVER-WEBAPP bbs_forum.cgi access (server-webapp.rules) * 1:17101 <-> DISABLED <-> BROWSER-PLUGINS CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX function call access (browser-plugins.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules) * 1:17104 <-> DISABLED <-> FILE-OTHER FeedDemon OPML file handling buffer overflow attempt (file-other.rules) * 1:17105 <-> DISABLED <-> FILE-OTHER FeedDemon unicode OPML file handling buffer overflow attempt (file-other.rules) * 1:17106 <-> ENABLED <-> FILE-IDENTIFY download of RMF file - potentially malicious (file-identify.rules) * 1:17107 <-> DISABLED <-> SERVER-APACHE Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 1 (server-apache.rules) * 1:17109 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Console logging functionality format string exploit attempt (server-oracle.rules) * 1:1711 <-> DISABLED <-> SERVER-WEBAPP bsguest.cgi access (server-webapp.rules) * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules) * 1:17111 <-> DISABLED <-> INDICATOR-OBFUSCATION known JavaScript obfuscation routine (indicator-obfuscation.rules) * 1:17112 <-> DISABLED <-> OS-WINDOWS DCERPC rpcss2 _RemoteGetClassObject attempt (os-windows.rules) * 1:17113 <-> ENABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource redefine flowbit (os-windows.rules) * 1:17114 <-> DISABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource remote code execution attempt (os-windows.rules) * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17117 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-multimedia.rules) * 1:17118 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET CreateDelegate method arbitrary code execution attempt (file-executable.rules) * 1:17119 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority SPRM overflow attempt (file-office.rules) * 1:1712 <-> DISABLED <-> SERVER-WEBAPP bslist.cgi access (server-webapp.rules) * 1:17120 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:17121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:17122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:17123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules) * 1:17124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules) * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet (os-windows.rules) * 1:17128 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI cinepak codec decompression remote code execution attempt (file-multimedia.rules) * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:1713 <-> DISABLED <-> SERVER-WEBAPP cgforum.cgi access (server-webapp.rules) * 1:17130 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution attempt (browser-ie.rules) * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules) * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules) * 1:17133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:17135 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:17136 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6 race condition exploit attempt (browser-ie.rules) * 1:17137 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center information disclosure attempt (server-webapp.rules) * 1:17138 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules) * 1:1714 <-> DISABLED <-> SERVER-WEBAPP newdesk access (server-webapp.rules) * 1:17140 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:17141 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid data precision arbitrary code execution exploit attempt (file-flash.rules) * 1:17142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:17143 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (file-image.rules) * 1:17144 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (file-image.rules) * 1:17145 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ASL file processing buffer overflow attempt (file-image.rules) * 1:17146 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 GRD file processing buffer overflow attempt (file-image.rules) * 1:17147 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt (file-image.rules) * 1:17148 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 1 (file-multimedia.rules) * 1:17149 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 2 (file-multimedia.rules) * 1:1715 <-> DISABLED <-> SERVER-WEBAPP register.cgi access (server-webapp.rules) * 1:17150 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 3 (file-multimedia.rules) * 1:17151 <-> ENABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17152 <-> DISABLED <-> SERVER-SAMBA Samba smbd flags2 header parsing denial of service attempt (server-samba.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17157 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 1 (server-webapp.rules) * 1:17158 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 2 (server-webapp.rules) * 1:17159 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 3 (server-webapp.rules) * 1:1716 <-> DISABLED <-> SERVER-WEBAPP gbook.cgi access (server-webapp.rules) * 1:17160 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio LtXmlComHelp8.dll ActiveX control access (browser-plugins.rules) * 1:17161 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX clsid access (browser-plugins.rules) * 1:17163 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX function call access (browser-plugins.rules) * 1:17165 <-> DISABLED <-> BROWSER-OTHER Opera browser document writing uninitialized memory access attempt (browser-other.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17167 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 1 ActiveX clsid access (browser-plugins.rules) * 1:17169 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 2 ActiveX clsid access (browser-plugins.rules) * 1:1717 <-> DISABLED <-> SERVER-WEBAPP simplestguest.cgi access (server-webapp.rules) * 1:17171 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 3 ActiveX clsid access (browser-plugins.rules) * 1:17173 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 4 ActiveX clsid access (browser-plugins.rules) * 1:17175 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 5 ActiveX clsid access (browser-plugins.rules) * 1:17177 <-> DISABLED <-> BROWSER-PLUGINS Oracle Siebel Option Pack 6 ActiveX clsid access (browser-plugins.rules) * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules) * 1:1718 <-> DISABLED <-> SERVER-WEBAPP statsconfig.pl access (server-webapp.rules) * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17181 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules) * 1:17182 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17183 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17184 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC record exploit attempt (file-other.rules) * 1:17185 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17186 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17187 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17188 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules) * 1:1719 <-> DISABLED <-> SERVER-WEBAPP talkback.cgi directory traversal attempt (server-webapp.rules) * 1:17190 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17191 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17192 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17193 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17194 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC tag exploit attempt (file-other.rules) * 1:17196 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17197 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17198 <-> DISABLED <-> FILE-OTHER Adobe Director file exploit attempt (file-other.rules) * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules) * 1:1720 <-> DISABLED <-> SERVER-WEBAPP talkback.cgi access (server-webapp.rules) * 1:17200 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM overflow attempt (file-other.rules) * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules) * 1:17202 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:17203 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:17204 <-> DISABLED <-> FILE-OTHER Adobe Director file mmap overflow attempt (file-other.rules) * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules) * 1:17208 <-> DISABLED <-> SERVER-OTHER Squid Proxy HTCP packet processing denial of service attempt (server-other.rules) * 1:17209 <-> ENABLED <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules) * 1:1721 <-> DISABLED <-> SERVER-WEBAPP adcycle access (server-webapp.rules) * 1:17210 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file load from SMB share attempt (file-executable.rules) * 1:17211 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime marshaled punk remote code execution (file-multimedia.rules) * 1:17212 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript eval arbitrary code execution attempt (browser-firefox.rules) * 1:17213 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17215 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17216 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt (browser-webkit.rules) * 1:17217 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari invalid FRAME tag remote code execution attempt (browser-webkit.rules) * 1:17218 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari LI tag with large VALUE attribute exploit attempt (browser-webkit.rules) * 1:17219 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:1722 <-> DISABLED <-> SERVER-WEBAPP MachineInfo access (server-webapp.rules) * 1:17220 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17221 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17222 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17223 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToURL cross-site scripting attempt (file-flash.rules) * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules) * 1:17225 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon WorldClient invalid user attempt (server-other.rules) * 1:17226 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX initialization via script (browser-plugins.rules) * 1:17227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:17228 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player skin decompression code execution attempt (os-windows.rules) * 1:17229 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:1723 <-> DISABLED <-> SERVER-WEBAPP emumail.cgi NULL attempt (server-webapp.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17231 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:17233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules) * 1:17239 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers CREATE command buffer overflow attempt (server-mail.rules) * 1:1724 <-> DISABLED <-> SERVER-WEBAPP emumail.cgi access (server-webapp.rules) * 1:17240 <-> DISABLED <-> SERVER-MAIL Multiple IMAP server literal CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17243 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 krb5_recvauth double free attempt (server-other.rules) * 1:17244 <-> DISABLED <-> FILE-OTHER Antivirus ACE file handling buffer overflow attempt (file-other.rules) * 1:17245 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox image dragging exploit attempt (browser-firefox.rules) * 1:17249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS integer overflow attempt (os-windows.rules) * 1:1725 <-> DISABLED <-> SERVER-IIS +.htr code fragment attempt (server-iis.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:17252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler arbitrary file write attempt (os-windows.rules) * 1:17254 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules) * 1:17257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and Reader remote code execution attempt (file-flash.rules) * 1:17258 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:1726 <-> DISABLED <-> SERVER-IIS doctodep.btr access (server-iis.rules) * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules) * 1:17261 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17263 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17264 <-> DISABLED <-> SERVER-ORACLE Permission declaration exploit attempt (server-oracle.rules) * 1:17265 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin access control bypass attempt (browser-firefox.rules) * 1:17266 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17267 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17268 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sidebar panel arbitrary code execution attempt (browser-firefox.rules) * 1:17269 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:1727 <-> DISABLED <-> SERVER-WEBAPP SGI InfoSearch fname access (server-webapp.rules) * 1:17270 <-> DISABLED <-> SERVER-ORACLE DBMS_METADATA Package SQL Injection attempt (server-oracle.rules) * 1:17271 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Web View script injection attempt (file-office.rules) * 1:17272 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer AVI parsing buffer overflow attempt (file-multimedia.rules) * 1:17273 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17274 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17275 <-> DISABLED <-> SERVER-MAIL Symantec Brightmail AntiSpam nested Zip handling denial of service attempt (server-mail.rules) * 1:17276 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17279 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17280 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17281 <-> DISABLED <-> FILE-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (file-other.rules) * 1:17282 <-> DISABLED <-> SERVER-OTHER Multiple products RAR archive decompression buffer overflow attempt (server-other.rules) * 1:17283 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:17284 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed routing slip code execution attempt (file-office.rules) * 1:17285 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PPT file parsing memory corruption attempt (file-office.rules) * 1:17286 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic for Applications document properties overflow attempt (file-other.rules) * 1:17287 <-> DISABLED <-> SERVER-WEBAPP Cisco IOS HTTP service HTML injection attempt (server-webapp.rules) * 1:17289 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:1729 <-> DISABLED <-> POLICY-SOCIAL IRC channel join (policy-social.rules) * 1:17291 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded uri data object found (indicator-obfuscation.rules) * 1:17292 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed data record code execution attempt (file-office.rules) * 1:17293 <-> DISABLED <-> SERVER-ORACLE sdo_lrs.convert_to_lrs_layer buffer overflow attempt (server-oracle.rules) * 1:17294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NAT Helper DNS query denial of service attempt (os-windows.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17296 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office Outlook Web Access XSRF attempt (server-webapp.rules) * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules) * 1:17298 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Monitoring Express Universal Agent Buffer Overflow (server-other.rules) * 1:17299 <-> DISABLED <-> SERVER-OTHER ISC BIND RRSIG query denial of service attempt (server-other.rules) * 1:1730 <-> DISABLED <-> SERVER-WEBAPP ustorekeeper.pl directory traversal attempt (server-webapp.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:17302 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:17303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules) * 1:17304 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section header index table stack overflow attempt (file-office.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17306 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine file processing denial of service attempt (os-windows.rules) * 1:17307 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server INSERT Statement Buffer Overflow attempt (server-mssql.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17309 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:1731 <-> DISABLED <-> SERVER-WEBAPP a1stats access (server-webapp.rules) * 1:17310 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:17311 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (browser-ie.rules) * 1:17312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (browser-ie.rules) * 1:17313 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17315 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE file stream buffer overflow attempt (file-office.rules) * 1:17316 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Folder GUID Code Execution attempt (os-windows.rules) * 1:17317 <-> DISABLED <-> SERVER-OTHER OpenSSH sshd identical blocks DoS attempt (server-other.rules) * 1:17318 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17319 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:1732 <-> DISABLED <-> PROTOCOL-RPC portmap rwalld request UDP (protocol-rpc.rules) * 1:17320 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17321 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters name overflow attempt (netbios.rules) * 1:17322 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder (indicator-shellcode.rules) * 1:17323 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder unescaped (indicator-shellcode.rules) * 1:17324 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Linux reverse connect shellcode (indicator-shellcode.rules) * 1:17325 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder variant (indicator-shellcode.rules) * 1:17326 <-> DISABLED <-> SERVER-OTHER Citrix Program Neighborhood Client buffer overflow attempt (server-other.rules) * 1:17327 <-> ENABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:17329 <-> DISABLED <-> PROTOCOL-FTP EPRT overflow attempt (protocol-ftp.rules) * 1:1733 <-> DISABLED <-> PROTOCOL-RPC portmap rwalld request TCP (protocol-rpc.rules) * 1:17330 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GRE WMF Handling Memory Read Exception attempt (file-image.rules) * 1:17331 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML Speed Reader Long URL buffer overflow attempt (server-mail.rules) * 1:17332 <-> ENABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17333 <-> DISABLED <-> SERVER-MAIL Lotus Notes Attachment Viewer UUE file buffer overflow attempt (server-mail.rules) * 1:17334 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:17335 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip byte xor decoder (indicator-shellcode.rules) * 1:17336 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic call geteip byte xor decoder (indicator-shellcode.rules) * 1:17337 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Win32 export table enumeration variant (indicator-shellcode.rules) * 1:17338 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Windows 32-bit SEH get EIP technique (indicator-shellcode.rules) * 1:17339 <-> DISABLED <-> INDICATOR-SHELLCODE x86 generic OS alpha numeric mixed case decoder (indicator-shellcode.rules) * 1:1734 <-> DISABLED <-> PROTOCOL-FTP USER overflow attempt (protocol-ftp.rules) * 1:17340 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder (indicator-shellcode.rules) * 1:17341 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha UTF8 tolower avoidance decoder (indicator-shellcode.rules) * 1:17342 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed case decoder (indicator-shellcode.rules) * 1:17343 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode upper case decoder (indicator-shellcode.rules) * 1:17344 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic xor dword decoder (indicator-shellcode.rules) * 1:17345 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules) * 1:17346 <-> DISABLED <-> SERVER-OTHER IBM Lotus Notes Cross Site Scripting attempt (server-other.rules) * 1:17347 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17348 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17349 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:1735 <-> DISABLED <-> BROWSER-OTHER Mozilla Netscape XMLHttpRequest local file read attempt (browser-other.rules) * 1:17350 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server forms arbitrary system command execution attempt (server-oracle.rules) * 1:17351 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (file-other.rules) * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules) * 1:17353 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd Daemon Arbitrary File Deletion attempt (os-solaris.rules) * 1:17354 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:17356 <-> DISABLED <-> FILE-OTHER NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt (file-other.rules) * 1:17357 <-> DISABLED <-> PUA-OTHER AOL GAIM AIM-ICQ Protocol Handling buffer overflow attempt (pua-other.rules) * 1:17358 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Buffer Overflow attempt (file-executable.rules) * 1:17359 <-> ENABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:1736 <-> DISABLED <-> SERVER-WEBAPP squirrel mail spell-check arbitrary command attempt (server-webapp.rules) * 1:17360 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:17361 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (file-pdf.rules) * 1:17362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel IMDATA buffer overflow attempt (file-office.rules) * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:17364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:17366 <-> DISABLED <-> FILE-OTHER Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP Response Parsing Memory Corruption (browser-ie.rules) * 1:17368 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document stream handling code execution attempt (file-office.rules) * 1:17369 <-> DISABLED <-> SERVER-MAIL MailEnable service APPEND command handling buffer overflow attempt (server-mail.rules) * 1:1737 <-> DISABLED <-> SERVER-WEBAPP squirrel mail theme arbitrary command attempt (server-webapp.rules) * 1:17370 <-> ENABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17372 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom parsing heap overflow vulnerability (file-multimedia.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:17374 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:17376 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Expeditor cai URI handler command execution attempt (server-webapp.rules) * 1:17377 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:1738 <-> DISABLED <-> SERVER-WEBAPP global.inc access (server-webapp.rules) * 1:17380 <-> ENABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17381 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime PDAT Atom parsing buffer overflow attempt (file-multimedia.rules) * 1:17382 <-> DISABLED <-> FILE-OTHER Microsoft Project Invalid Memory Pointer Code Execution attempt (file-other.rules) * 1:17383 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules) * 1:17384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer setRequestHeader overflow attempt (browser-ie.rules) * 1:17386 <-> DISABLED <-> SERVER-WEBAPP Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt (server-webapp.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules) * 1:17389 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMNodeRemoved attack attempt (browser-firefox.rules) * 1:1739 <-> DISABLED <-> SERVER-WEBAPP DNSTools administrator authentication bypass attempt (server-webapp.rules) * 1:17390 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:17391 <-> DISABLED <-> SERVER-OTHER Multiple products UNIX platform backslash directory traversal attempt (server-other.rules) * 1:17392 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var shellcode (indicator-shellcode.rules) * 1:17393 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var heapspray (indicator-shellcode.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17395 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (file-image.rules) * 1:17396 <-> ENABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:1740 <-> DISABLED <-> SERVER-WEBAPP DNSTools authentication bypass attempt (server-webapp.rules) * 1:17400 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:17401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt - unescaped (browser-ie.rules) * 1:17402 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:17403 <-> DISABLED <-> FILE-OFFICE OpenOffice RTF File parsing heap buffer overflow attempt (file-office.rules) * 1:17404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules) * 1:17408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Targa image file heap overflow attempt (os-windows.rules) * 1:17409 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products IDN Spoofing Vulnerability Attempt (browser-firefox.rules) * 1:1741 <-> DISABLED <-> SERVER-WEBAPP DNSTools access (server-webapp.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDF cross-domain scripting attempt (browser-ie.rules) * 1:17412 <-> DISABLED <-> SERVER-MYSQL create function mysql.func arbitrary library injection attempt (server-mysql.rules) * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:17414 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17415 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17416 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17417 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> ENABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17419 <-> DISABLED <-> SERVER-ORACLE Oracle database SQL compiler read-only join auth bypass attempt (server-oracle.rules) * 1:1742 <-> DISABLED <-> SERVER-WEBAPP Blahz-DNS dostuff.php modify user attempt (server-webapp.rules) * 1:17420 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (server-webapp.rules) * 1:17421 <-> DISABLED <-> FILE-OFFICE Microsoft OLE automation string manipulation overflow attempt (file-office.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17423 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Buffer Overflow attempt (server-webapp.rules) * 1:17424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (browser-firefox.rules) * 1:17425 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Import ActiveX clsid access attempt (browser-plugins.rules) * 1:17426 <-> ENABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17427 <-> DISABLED <-> SERVER-ORACLE Oracle database DBMS_Scheduler privilege escalation attempt (server-oracle.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:1743 <-> DISABLED <-> SERVER-WEBAPP Blahz-DNS dostuff.php access (server-webapp.rules) * 1:17430 <-> DISABLED <-> FILE-PDF BitDefender Antivirus PDF processing memory corruption attempt (file-pdf.rules) * 1:17431 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS SChannel improper certificate verification (server-iis.rules) * 1:17432 <-> DISABLED <-> SERVER-WEBAPP Squid Gopher protocol handling buffer overflow attempt (server-webapp.rules) * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules) * 1:17434 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Unicode sequence handling stack corruption attempt (browser-firefox.rules) * 1:17435 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17436 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17437 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17438 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17439 <-> DISABLED <-> OS-WINDOWS Microsoft Distributed Transaction Controller TIP DoS attempt (os-windows.rules) * 1:1744 <-> DISABLED <-> SERVER-WEBAPP SecureSite authentication bypass attempt (server-webapp.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:17441 <-> ENABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17442 <-> DISABLED <-> FILE-OTHER Microsoft Windows download of .lnk file that executes cmd.exe detected (file-other.rules) * 1:17443 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft DirectShow AVI decoder buffer overflow attempt (file-multimedia.rules) * 1:17444 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:17447 <-> ENABLED <-> SERVER-WEBAPP 407 Proxy Authentication Required (server-webapp.rules) * 1:17448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (browser-ie.rules) * 1:17449 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks patch management SQL injection attempt (server-webapp.rules) * 1:1745 <-> DISABLED <-> SERVER-WEBAPP Messagerie supp_membre.php access (server-webapp.rules) * 1:17450 <-> DISABLED <-> SERVER-WEBAPP CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (server-webapp.rules) * 1:17457 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:17458 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17459 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:1746 <-> DISABLED <-> PROTOCOL-RPC portmap cachefsd request UDP (protocol-rpc.rules) * 1:17460 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules) * 1:17462 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer marquee object handling memory corruption attempt (browser-ie.rules) * 1:17463 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer File Download Dialog Box Manipulation (browser-ie.rules) * 1:17464 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:17466 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX exploit attempt (browser-plugins.rules) * 1:17467 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17468 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:17469 <-> DISABLED <-> FILE-MULTIMEDIA Mplayer Real Demuxer stream_read heap overflow attempt (file-multimedia.rules) * 1:1747 <-> DISABLED <-> PROTOCOL-RPC portmap cachefsd request TCP (protocol-rpc.rules) * 1:17470 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:17471 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17472 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:17473 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.EXTEND_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17474 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17475 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17476 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.PURGE_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17477 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.DROP_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17478 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17479 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.SUBSCRIBE arbitrary command execution attempt (server-oracle.rules) * 1:17480 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_ISUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt (server-oracle.rules) * 1:17481 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange and Outlook TNEF Decoding Integer Overflow attempt (server-mail.rules) * 1:17482 <-> DISABLED <-> BROWSER-FIREFOX Mozilla NNTP URL Handling Buffer Overflow attempt (browser-firefox.rules) * 1:17483 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns A record response denial of service attempt (protocol-dns.rules) * 1:17484 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (protocol-dns.rules) * 1:17485 <-> DISABLED <-> PROTOCOL-DNS Symantec Gateway products DNS cache poisoning attempt (protocol-dns.rules) * 1:17486 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Chunked overflow attempt (server-webapp.rules) * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:17488 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:17489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help File Heap Buffer Overflow attempt (file-other.rules) * 1:17490 <-> DISABLED <-> FILE-OTHER Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (file-other.rules) * 1:17491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (file-office.rules) * 1:17492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:17493 <-> DISABLED <-> FILE-OTHER ClamAV UPX FileHandling Heap overflow attempt (file-other.rules) * 1:17494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:17495 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS response spoofing attempt (server-other.rules) * 1:17496 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17497 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17498 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17499 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:1750 <-> DISABLED <-> SERVER-IIS users.xml access (server-iis.rules) * 1:17500 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17501 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17502 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform directory traversal (server-apache.rules) * 1:17503 <-> DISABLED <-> SERVER-MAIL MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN (server-mail.rules) * 1:17504 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Asset Management buffer overflow attempt (server-other.rules) * 1:17505 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17507 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file download request (file-identify.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:1751 <-> DISABLED <-> SERVER-OTHER cachefsd buffer overflow attempt (server-other.rules) * 1:17510 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules) * 1:17511 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Graphic Code Execution (file-office.rules) * 1:17512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:17518 <-> DISABLED <-> PROTOCOL-FTP FlashGet PWD command stack buffer overflow attempt (protocol-ftp.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17520 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup DB Engine Denial of Service (server-other.rules) * 1:17521 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP processing buffer overflow attempt (server-other.rules) * 1:17522 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow (file-java.rules) * 1:17523 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime H.264 Movie File Buffer Overflow (file-multimedia.rules) * 1:17524 <-> DISABLED <-> SERVER-OTHER Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (server-other.rules) * 1:17525 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass (server-iis.rules) * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:17527 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow (file-multimedia.rules) * 1:17528 <-> DISABLED <-> SERVER-WEBAPP nginx URI parsing buffer overflow attempt (server-webapp.rules) * 1:17529 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp Server Arbitrary File Upload and Execute (server-webapp.rules) * 1:1753 <-> DISABLED <-> SERVER-IIS as_web.exe access (server-iis.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17531 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file JVTCompEncodeFrame heap overflow attempt (file-multimedia.rules) * 1:17532 <-> DISABLED <-> FILE-OFFICE Micrsoft Office Excel TXO and OBJ Records Parsing Stack Memory Corruption (file-office.rules) * 1:17533 <-> DISABLED <-> SERVER-APACHE Apache Struts Information Disclosure Attempt (server-apache.rules) * 1:17534 <-> ENABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17537 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:1754 <-> DISABLED <-> SERVER-IIS as_web4.exe access (server-iis.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17541 <-> DISABLED <-> FILE-OTHER Avast Antivirus Engine Remote LHA buffer overflow attempt (file-other.rules) * 1:17542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:17543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Column record handling memory corruption attempt (file-office.rules) * 1:17544 <-> DISABLED <-> SERVER-OTHER Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt (server-other.rules) * 1:17545 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:17546 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:17547 <-> ENABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17548 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL File Handling Integer Overflow attempt (file-multimedia.rules) * 1:17549 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Error Handling Code Execution (browser-ie.rules) * 1:1755 <-> DISABLED <-> PROTOCOL-IMAP partial body buffer overflow attempt (protocol-imap.rules) * 1:17550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Font Parsing Buffer Overflow attempt (file-office.rules) * 1:17551 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:17552 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17553 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules) * 1:17554 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:17555 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX exploit attempt (browser-plugins.rules) * 1:17556 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17558 <-> DISABLED <-> FILE-IMAGE CUPS Gif Decoding Routine Buffer Overflow attempt (file-image.rules) * 1:17559 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (file-other.rules) * 1:1756 <-> DISABLED <-> SERVER-IIS NewsPro administration authentication attempt (server-iis.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:17561 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR Overly Long Filename Code Execution attempt (file-multimedia.rules) * 1:17562 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt (file-java.rules) * 1:17563 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow (file-java.rules) * 1:17564 <-> DISABLED <-> SERVER-IIS WebDAV Request Directory Security Bypass attempt (server-iis.rules) * 1:17565 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules) * 1:17566 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt (browser-ie.rules) * 1:17567 <-> DISABLED <-> SERVER-OTHER LANDesk Management Suite Alerting Service buffer overflow attempt (server-other.rules) * 1:17568 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:17569 <-> DISABLED <-> SERVER-OTHER BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt (server-other.rules) * 1:1757 <-> DISABLED <-> SERVER-WEBAPP b2 arbitrary command execution attempt (server-webapp.rules) * 1:17570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:17571 <-> DISABLED <-> BROWSER-PLUGINS obfuscated instantiation of ActiveX object - likely malicious (browser-plugins.rules) * 1:17572 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services cross-site information disclosure attempt (os-windows.rules) * 1:17573 <-> DISABLED <-> FILE-MULTIMEDIA ffdshow codec URL parsing buffer overflow attempt (file-multimedia.rules) * 1:17574 <-> DISABLED <-> FILE-OFFICE Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (file-office.rules) * 1:17575 <-> DISABLED <-> BROWSER-PLUGINS IBM SizerOne ActiveX clsid access attempt (browser-plugins.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17578 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:17579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing Record msofbtOPT Code Execution attempt (file-office.rules) * 1:17580 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:17581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:17582 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton AntiVirus CcErrDisp ActiveX function call access (browser-plugins.rules) * 1:17584 <-> DISABLED <-> SERVER-ORACLE UTL_FILE directory traversal attempt (server-oracle.rules) * 1:17585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer possible javascript onunload event memory corruption (browser-ie.rules) * 1:17586 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start malicious parameter value (file-java.rules) * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:1759 <-> DISABLED <-> SQL xp_cmdshell program execution 445 (sql.rules) * 1:17590 <-> DISABLED <-> SERVER-ORACLE DBMS_ASSERT.simple_sql_name double quote SQL injection attempt (server-oracle.rules) * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:17592 <-> DISABLED <-> BROWSER-PLUGINS Microsoft MyInfo.dll ActiveX clsid access (browser-plugins.rules) * 1:17593 <-> DISABLED <-> BROWSER-PLUGINS Microsoft msdxm.ocx ActiveX clsid access (browser-plugins.rules) * 1:17594 <-> DISABLED <-> BROWSER-PLUGINS Microsoft creator.dll 1 ActiveX clsid access (browser-plugins.rules) * 1:17595 <-> DISABLED <-> BROWSER-PLUGINS Microsoft creator.dll 2 ActiveX clsid access (browser-plugins.rules) * 1:17596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft ciodm.dll ActiveX clsid access (browser-plugins.rules) * 1:17597 <-> DISABLED <-> SERVER-WEBAPP TikiWiki jhot.php script file upload attempt (server-webapp.rules) * 1:17598 <-> ENABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17599 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database rdbname denial of service attempt (server-other.rules) * 1:17600 <-> ENABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17601 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17602 <-> DISABLED <-> FILE-OTHER ClamAV antivirus CHM file handling DOS (file-other.rules) * 1:17603 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17604 <-> DISABLED <-> SERVER-OTHER Oracle Java AWT ConvolveOp memory corruption attempt (server-other.rules) * 1:17605 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:17606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:17607 <-> DISABLED <-> SERVER-OTHER Xi Software Net Transport eDonkey Protocol Buffer Overflow attempt (server-other.rules) * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:17610 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17611 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17612 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:17614 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX clsid access (browser-plugins.rules) * 1:17616 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX function call access (browser-plugins.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:17619 <-> DISABLED <-> SERVER-ORACLE database server crafted view privelege escalation attempt (server-oracle.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:17620 <-> ENABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:17621 <-> ENABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:17622 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object reference memory corruption attempt (browser-ie.rules) * 1:17623 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17624 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17626 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:17628 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:17629 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:1763 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt (server-webapp.rules) * 1:17630 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products CSSValue array memory corruption attempt (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17633 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-other.rules) * 1:17634 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian object call overflow attempt (netbios.rules) * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian overflow attempt (netbios.rules) * 1:17636 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 object call overflow attempt (netbios.rules) * 1:17637 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 overflow attempt (netbios.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17639 <-> DISABLED <-> SERVER-SAMBA Samba Root File System access bypass attempt (server-samba.rules) * 1:1764 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc DOS attempt (server-webapp.rules) * 1:17640 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opnum 43 overflow attempt (netbios.rules) * 1:17641 <-> DISABLED <-> FILE-PDF CUPS and Xpdf JBIG2 symbol dictionary buffer overflow attempt (file-pdf.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:17643 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServe logger servie null-pointer dereference attempt (server-other.rules) * 1:17644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:17645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS strings parsing memory corruption attempt (browser-ie.rules) * 1:17646 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:17648 <-> DISABLED <-> SERVER-IIS source code disclosure attempt (server-iis.rules) * 1:17649 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word array data handling buffer overflow attempt (file-office.rules) * 1:1765 <-> DISABLED <-> SERVER-WEBAPP Nortel Contivity cgiproc access (server-webapp.rules) * 1:17650 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (file-other.rules) * 1:17651 <-> DISABLED <-> FILE-OTHER Multiple AV vendor invalid archive checksum bypass attempt (file-other.rules) * 1:17652 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17653 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17654 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX exploit attempt (browser-plugins.rules) * 1:17655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed formula parsing code execution attempt (file-office.rules) * 1:17656 <-> DISABLED <-> SERVER-APACHE Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (server-apache.rules) * 1:17657 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup BPCD Daemon exploit attempt (server-other.rules) * 1:17658 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:17659 <-> DISABLED <-> SERVER-ORACLE xdb.dbms_xmlschema buffer overflow attempt (server-oracle.rules) * 1:1766 <-> DISABLED <-> SERVER-WEBAPP search.dll directory listing attempt (server-webapp.rules) * 1:17660 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start arbitrary command execution attempt (server-other.rules) * 1:17661 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:17662 <-> DISABLED <-> SERVER-OTHER VMware Workstation DHCP service integer overflow attempt (server-other.rules) * 1:17663 <-> DISABLED <-> SERVER-OTHER Apple CUPS SGI image decoding buffer overflow attempt (server-other.rules) * 1:17664 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:17666 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer invalid chunk size heap overflow attempt (file-multimedia.rules) * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules) * 1:17668 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:17669 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:1767 <-> DISABLED <-> SERVER-WEBAPP search.dll access (server-webapp.rules) * 1:17670 <-> DISABLED <-> BROWSER-PLUGINS BigAnt Office Manager ActiveX clsid access (browser-plugins.rules) * 1:17672 <-> DISABLED <-> BROWSER-PLUGINS BigAnt Office Manager ActiveX function call access (browser-plugins.rules) * 1:17674 <-> DISABLED <-> BROWSER-PLUGINS Skype Extras Manager ActiveX clsid access (browser-plugins.rules) * 1:17676 <-> DISABLED <-> BROWSER-PLUGINS Skype Extras Manager ActiveX function call access (browser-plugins.rules) * 1:17678 <-> DISABLED <-> FILE-IMAGE Adobe BMP image handler buffer overflow attempt (file-image.rules) * 1:17679 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17680 <-> DISABLED <-> SERVER-OTHER ISC BIND DNSSEC Validation Multiple RRsets DoS (server-other.rules) * 1:17685 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17687 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17688 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:17689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:1769 <-> DISABLED <-> SERVER-WEBAPP .DS_Store access (server-webapp.rules) * 1:17690 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17692 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ExecWB security zone bypass attempt (browser-ie.rules) * 1:17695 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:17696 <-> DISABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules) * 1:17698 <-> DISABLED <-> SERVER-MAIL RealNetworks RealPlayer wav chunk string overflow attempt in email (server-mail.rules) * 1:1770 <-> DISABLED <-> SERVER-WEBAPP .FBCIndex access (server-webapp.rules) * 1:17701 <-> DISABLED <-> BROWSER-PLUGINS Office Viewer ActiveX arbitrary command execution attempt (browser-plugins.rules) * 1:17702 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt (os-windows.rules) * 1:17703 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup title bar spoofing attempt (browser-ie.rules) * 1:17704 <-> DISABLED <-> FILE-OTHER McAfee LHA file parsing buffer overflow attempt (file-other.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS RSA Authentication Agent chunked HTTP request buffer overflow attempt (server-iis.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17708 <-> DISABLED <-> SERVER-OTHER VNC password request URL buffer overflow attempt (server-other.rules) * 1:17709 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:1771 <-> DISABLED <-> POLICY-OTHER IPSec PGPNet connection attempt (policy-other.rules) * 1:17710 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:17711 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASF parsing memory corruption attempt (os-windows.rules) * 1:17712 <-> DISABLED <-> OS-WINDOWS TFTP PUT Microsoft RIS filename overwrite attempt (os-windows.rules) * 1:17713 <-> DISABLED <-> SERVER-OTHER Novell NetMail NMAP STOR buffer overflow attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17716 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:17717 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML input tag buffer overflow attempt (server-mail.rules) * 1:17718 <-> DISABLED <-> SERVER-ORACLE Oracle MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:17719 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:1772 <-> DISABLED <-> SERVER-IIS pbserver access (server-iis.rules) * 1:17720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:17721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:17722 <-> DISABLED <-> SERVER-ORACLE XDB.XDB_PITRIG_PKG buffer overflow attempt (server-oracle.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17724 <-> DISABLED <-> OS-WINDOWS Microsoft IIS malicious ASP file upload attempt (os-windows.rules) * 1:17725 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:17726 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:17727 <-> DISABLED <-> FILE-OTHER Oracle JDK image parsing library ICC buffer overflow attempt (file-other.rules) * 1:17729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:1773 <-> DISABLED <-> SERVER-WEBAPP php.exe access (server-webapp.rules) * 1:17730 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:17731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17734 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel REPT integer underflow attempt (file-office.rules) * 1:17735 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules) * 1:17736 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:17737 <-> DISABLED <-> SERVER-MAIL Microsoft collaboration data objects buffer overflow attempt (server-mail.rules) * 1:17738 <-> DISABLED <-> SERVER-OTHER Linux Kernel SNMP Netfilter Memory Corruption attempt (server-other.rules) * 1:17739 <-> ENABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:1774 <-> DISABLED <-> SERVER-WEBAPP bb_smilies.php access (server-webapp.rules) * 1:17740 <-> DISABLED <-> FILE-IMAGE Apple Quicktime FlashPix processing overflow attempt (file-image.rules) * 1:17742 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17743 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption attempt (file-office.rules) * 1:17745 <-> ENABLED <-> NETBIOS SMB TRANS2 Find_First2 request attempt (netbios.rules) * 1:17746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules) * 1:17747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (browser-ie.rules) * 1:17749 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:1775 <-> DISABLED <-> SERVER-MYSQL root login attempt (server-mysql.rules) * 1:17750 <-> DISABLED <-> SERVER-IIS Microsoft IIS 7.5 client verify null pointer attempt (server-iis.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17753 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (file-multimedia.rules) * 1:17754 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bookmark bound check remote code execution attempt (file-office.rules) * 1:17755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:17756 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (file-office.rules) * 1:17757 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CrErr record integer overflow attempt (file-office.rules) * 1:17758 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:17759 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid SerAr object exploit attempt (file-office.rules) * 1:1776 <-> DISABLED <-> SERVER-MYSQL show databases attempt (server-mysql.rules) * 1:17760 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:17763 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GhostRw record exploit attempt (file-office.rules) * 1:17764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:17766 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt (browser-ie.rules) * 1:17767 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (browser-ie.rules) * 1:17768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 object event handler use after free exploit attempt (browser-ie.rules) * 1:17769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt (browser-ie.rules) * 1:1777 <-> DISABLED <-> PROTOCOL-FTP EXPLOIT STAT asterisk dos attempt (protocol-ftp.rules) * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:17771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain information disclosure attempt (browser-ie.rules) * 1:17772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:17773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules) * 1:17774 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CSS XSRF exploit attempt (browser-ie.rules) * 1:17776 <-> DISABLED <-> FILE-JAVA Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-java.rules) * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules) * 1:17778 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:1778 <-> DISABLED <-> PROTOCOL-FTP EXPLOIT STAT ? dos attempt (protocol-ftp.rules) * 1:17782 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers from external source (protocol-scada.rules) * 1:17783 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single register from external source (protocol-scada.rules) * 1:17784 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil from external source (protocol-scada.rules) * 1:17785 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple coils from external source (protocol-scada.rules) * 1:17786 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record from external source (protocol-scada.rules) * 1:17787 <-> DISABLED <-> PROTOCOL-SCADA Modbus read discrete inputs from external source (protocol-scada.rules) * 1:17788 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coils from external source (protocol-scada.rules) * 1:17789 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register from external source (protocol-scada.rules) * 1:17790 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers from external source (protocol-scada.rules) * 1:17791 <-> DISABLED <-> PROTOCOL-SCADA Modbus read/write multiple registers from external source (protocol-scada.rules) * 1:17792 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo queue from external source (protocol-scada.rules) * 1:17793 <-> DISABLED <-> PROTOCOL-SCADA Modbus read file record from external source (protocol-scada.rules) * 1:17794 <-> DISABLED <-> PROTOCOL-SCADA Modbus read exception status from external source (protocol-scada.rules) * 1:17795 <-> DISABLED <-> PROTOCOL-SCADA Modbus initiate diagnostic from external source (protocol-scada.rules) * 1:17796 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event counter from external source (protocol-scada.rules) * 1:17797 <-> DISABLED <-> PROTOCOL-SCADA Modbus get com event log from external source (protocol-scada.rules) * 1:17798 <-> DISABLED <-> PROTOCOL-SCADA Modbus report slave id from external source (protocol-scada.rules) * 1:17799 <-> DISABLED <-> PROTOCOL-SCADA Modbus read device identification from external source (protocol-scada.rules) * 1:17800 <-> DISABLED <-> PROTOCOL-SCADA Modbus mask write register from external source (protocol-scada.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17803 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:17804 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:17805 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Neeris.BF variant outbound connection (malware-cnc.rules) * 1:17806 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17807 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17808 <-> DISABLED <-> FILE-FLASH Adobe Flash authplay.dll memory corruption attempt (file-flash.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:17810 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of server32.exe (indicator-compromise.rules) * 1:17811 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of svchost.exe (indicator-compromise.rules) * 1:17812 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iexplore.exe (indicator-compromise.rules) * 1:17813 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of iprinp.dll (indicator-compromise.rules) * 1:17814 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware - download of winzf32.dll (indicator-compromise.rules) * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules) * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules) * 1:17817 <-> DISABLED <-> SERVER-OTHER Thinkpoint fake antivirus binary download (server-other.rules) * 1:1787 <-> DISABLED <-> SERVER-WEBAPP csPassword.cgi access (server-webapp.rules) * 1:1788 <-> DISABLED <-> SERVER-WEBAPP csPassword password.cgi.tmp access (server-webapp.rules) * 1:1789 <-> DISABLED <-> POLICY-SOCIAL IRC dns request (policy-social.rules) * 1:17898 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (malware-cnc.rules) * 1:17899 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /reques0.asp?kind=006&mac= (malware-cnc.rules) * 1:1790 <-> DISABLED <-> POLICY-SOCIAL IRC dns response (policy-social.rules) * 1:17900 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /basic/cn3c2/c.*dll (malware-cnc.rules) * 1:17901 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /mybackup21.rar (malware-cnc.rules) * 1:17902 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /?getexe=loader.exe (malware-cnc.rules) * 1:17903 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - stid= (malware-cnc.rules) * 1:17905 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (malware-cnc.rules) * 1:17906 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - 2x/.*php (malware-cnc.rules) * 1:17907 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (malware-cnc.rules) * 1:17908 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /images/crypt_22.exe (malware-cnc.rules) * 1:17909 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /images/css/1.exe (malware-cnc.rules) * 1:17910 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /7xdown.exe (malware-cnc.rules) * 1:17911 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /winhelper.exe (malware-cnc.rules) * 1:17912 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /upopwin/count.asp?mac= (malware-cnc.rules) * 1:17913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /ok.exe (malware-cnc.rules) * 1:17914 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /LjBin/Bin.Dll (malware-cnc.rules) * 1:17915 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1001ns/cfg3n.bin (malware-cnc.rules) * 1:17916 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /dh/stats.bin (malware-cnc.rules) * 1:17917 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /zeus/config.bin (malware-cnc.rules) * 1:17918 <-> DISABLED <-> POLICY-SPAM aaof.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17919 <-> DISABLED <-> POLICY-SPAM akiq.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:1792 <-> DISABLED <-> PROTOCOL-NNTP return code buffer overflow attempt (protocol-nntp.rules) * 1:17920 <-> DISABLED <-> POLICY-SPAM aobuii.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17921 <-> DISABLED <-> POLICY-SPAM argue.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17922 <-> DISABLED <-> POLICY-SPAM ava.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17923 <-> DISABLED <-> POLICY-SPAM axoseb.medicdrugsxck.ru known spam email attempt (policy-spam.rules) * 1:17924 <-> DISABLED <-> POLICY-SPAM azo.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17925 <-> DISABLED <-> POLICY-SPAM back.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17926 <-> DISABLED <-> POLICY-SPAM by.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17927 <-> DISABLED <-> POLICY-SPAM cardinals.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17928 <-> DISABLED <-> POLICY-SPAM chemist.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:17929 <-> DISABLED <-> POLICY-SPAM chula.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:17930 <-> DISABLED <-> POLICY-SPAM classification.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17931 <-> DISABLED <-> POLICY-SPAM compensate.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17932 <-> DISABLED <-> POLICY-SPAM cswjlxey.ru known spam email attempt (policy-spam.rules) * 1:17933 <-> DISABLED <-> POLICY-SPAM current.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17934 <-> DISABLED <-> POLICY-SPAM cyacaz.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17935 <-> DISABLED <-> POLICY-SPAM deepcenter.ru known spam email attempt (policy-spam.rules) * 1:17936 <-> DISABLED <-> POLICY-SPAM delegate.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17937 <-> DISABLED <-> POLICY-SPAM diet.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17938 <-> DISABLED <-> POLICY-SPAM direct.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17939 <-> DISABLED <-> POLICY-SPAM divyo.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17940 <-> DISABLED <-> POLICY-SPAM drugsgeorge65g.ru known spam email attempt (policy-spam.rules) * 1:17941 <-> DISABLED <-> POLICY-SPAM dux.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17942 <-> DISABLED <-> POLICY-SPAM dypoh.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17943 <-> DISABLED <-> POLICY-SPAM eaihar.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17944 <-> DISABLED <-> POLICY-SPAM eeez.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17945 <-> DISABLED <-> POLICY-SPAM egi.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17946 <-> DISABLED <-> POLICY-SPAM ehyw.cumedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17947 <-> DISABLED <-> POLICY-SPAM eka.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17948 <-> DISABLED <-> POLICY-SPAM election.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17949 <-> DISABLED <-> POLICY-SPAM elik.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17950 <-> DISABLED <-> POLICY-SPAM epeno.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17951 <-> DISABLED <-> POLICY-SPAM erectgodart30s.ru known spam email attempt (policy-spam.rules) * 1:17952 <-> DISABLED <-> POLICY-SPAM erol.camedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17953 <-> DISABLED <-> POLICY-SPAM exa.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17954 <-> DISABLED <-> POLICY-SPAM eyu.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:17955 <-> DISABLED <-> POLICY-SPAM fashionchannel.ru known spam email attempt (policy-spam.rules) * 1:17956 <-> DISABLED <-> POLICY-SPAM fauxy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17957 <-> DISABLED <-> POLICY-SPAM food.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17958 <-> DISABLED <-> POLICY-SPAM generality.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17959 <-> DISABLED <-> POLICY-SPAM goyry.ramedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17960 <-> DISABLED <-> POLICY-SPAM gueepa.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17961 <-> DISABLED <-> POLICY-SPAM has.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17962 <-> DISABLED <-> POLICY-SPAM have.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17963 <-> DISABLED <-> POLICY-SPAM headtest.ru known spam email attempt (policy-spam.rules) * 1:17964 <-> DISABLED <-> POLICY-SPAM huhuh.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17965 <-> DISABLED <-> POLICY-SPAM hyem.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17966 <-> DISABLED <-> POLICY-SPAM icysa.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17967 <-> DISABLED <-> POLICY-SPAM iiy.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17968 <-> DISABLED <-> POLICY-SPAM iki.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:17969 <-> DISABLED <-> POLICY-SPAM iner.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17970 <-> DISABLED <-> POLICY-SPAM in.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17971 <-> DISABLED <-> POLICY-SPAM intelpost.ru known spam email attempt (policy-spam.rules) * 1:17972 <-> DISABLED <-> POLICY-SPAM inunuw.medicdrugsxpo.ru known spam email attempt (policy-spam.rules) * 1:17973 <-> DISABLED <-> POLICY-SPAM ipiig.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:17974 <-> DISABLED <-> POLICY-SPAM iqor.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17975 <-> DISABLED <-> POLICY-SPAM is.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:17976 <-> DISABLED <-> POLICY-SPAM itaca.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17977 <-> DISABLED <-> POLICY-SPAM ive.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17978 <-> DISABLED <-> POLICY-SPAM iweqyz.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17979 <-> DISABLED <-> POLICY-SPAM iycyde.medicdrugsxco.ru known spam email attempt (policy-spam.rules) * 1:17980 <-> DISABLED <-> POLICY-SPAM iyw.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17981 <-> DISABLED <-> POLICY-SPAM jaecoh.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17982 <-> DISABLED <-> POLICY-SPAM jael.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:17983 <-> DISABLED <-> POLICY-SPAM jex.remedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:17984 <-> DISABLED <-> POLICY-SPAM john.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:17985 <-> DISABLED <-> POLICY-SPAM joseph.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:17986 <-> DISABLED <-> POLICY-SPAM jyn.medicdrugsxdl.ru known spam email attempt (policy-spam.rules) * 1:17987 <-> DISABLED <-> POLICY-SPAM jyzyv.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:17988 <-> DISABLED <-> POLICY-SPAM koosaf.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:17989 <-> DISABLED <-> POLICY-SPAM lybah.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:17990 <-> DISABLED <-> POLICY-SPAM manila.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:17991 <-> DISABLED <-> POLICY-SPAM masa.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17992 <-> DISABLED <-> POLICY-SPAM medpenny17j.ru known spam email attempt (policy-spam.rules) * 1:17993 <-> DISABLED <-> POLICY-SPAM minionspre.ru known spam email attempt (policy-spam.rules) * 1:17994 <-> DISABLED <-> POLICY-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17995 <-> DISABLED <-> POLICY-SPAM negotiations.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:17996 <-> DISABLED <-> POLICY-SPAM niqiv.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:17997 <-> DISABLED <-> POLICY-SPAM odimys.medicdrugsxlb.ru known spam email attempt (policy-spam.rules) * 1:17998 <-> DISABLED <-> POLICY-SPAM odoog.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:17999 <-> DISABLED <-> POLICY-SPAM oekaka.aimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18000 <-> DISABLED <-> POLICY-SPAM oeqio.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18001 <-> DISABLED <-> POLICY-SPAM of.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18002 <-> DISABLED <-> POLICY-SPAM of.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18003 <-> DISABLED <-> POLICY-SPAM of.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18004 <-> DISABLED <-> POLICY-SPAM oipek.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18005 <-> DISABLED <-> POLICY-SPAM oji.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18006 <-> DISABLED <-> POLICY-SPAM onotye.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18007 <-> DISABLED <-> POLICY-SPAM opy.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18008 <-> DISABLED <-> POLICY-SPAM orderbuzz.ru known spam email attempt (policy-spam.rules) * 1:18009 <-> DISABLED <-> POLICY-SPAM ouu.almedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18010 <-> DISABLED <-> POLICY-SPAM oxuc.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18011 <-> DISABLED <-> POLICY-SPAM pillrolfe64l.ru known spam email attempt (policy-spam.rules) * 1:18012 <-> DISABLED <-> POLICY-SPAM recently.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18013 <-> DISABLED <-> POLICY-SPAM records.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:18014 <-> DISABLED <-> POLICY-SPAM reobaj.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18015 <-> DISABLED <-> POLICY-SPAM research.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18016 <-> DISABLED <-> POLICY-SPAM returning.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18017 <-> DISABLED <-> POLICY-SPAM right.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18018 <-> DISABLED <-> POLICY-SPAM riwaro.erectjefferey85n.ru known spam email attempt (policy-spam.rules) * 1:18019 <-> DISABLED <-> POLICY-SPAM ruuav.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:1802 <-> DISABLED <-> SERVER-IIS .asa HTTP header buffer overflow attempt (server-iis.rules) * 1:18020 <-> DISABLED <-> POLICY-SPAM ryhux.medicdrugsxpa.ru known spam email attempt (policy-spam.rules) * 1:18021 <-> DISABLED <-> POLICY-SPAM software-buyshop-7.ru known spam email attempt (policy-spam.rules) * 1:18022 <-> DISABLED <-> POLICY-SPAM specialyou.ru known spam email attempt (policy-spam.rules) * 1:18023 <-> DISABLED <-> POLICY-SPAM starring.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18024 <-> DISABLED <-> POLICY-SPAM store-softwarebuy-7.ru known spam email attempt (policy-spam.rules) * 1:18025 <-> DISABLED <-> POLICY-SPAM sya.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18026 <-> DISABLED <-> POLICY-SPAM tabdarin80s.ru known spam email attempt (policy-spam.rules) * 1:18027 <-> DISABLED <-> POLICY-SPAM tabgordan13n.ru known spam email attempt (policy-spam.rules) * 1:18028 <-> DISABLED <-> POLICY-SPAM tablangston19a.ru known spam email attempt (policy-spam.rules) * 1:18029 <-> DISABLED <-> POLICY-SPAM tabwebster77c.ru known spam email attempt (policy-spam.rules) * 1:1803 <-> DISABLED <-> SERVER-IIS .cer HTTP header buffer overflow attempt (server-iis.rules) * 1:18030 <-> DISABLED <-> POLICY-SPAM tanuen.dimedicdrugsx.ru known spam email attempt (policy-spam.rules) * 1:18031 <-> DISABLED <-> POLICY-SPAM the.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18032 <-> DISABLED <-> POLICY-SPAM the.onlineruggiero33q.ru known spam email attempt (policy-spam.rules) * 1:18033 <-> DISABLED <-> POLICY-SPAM to.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18034 <-> DISABLED <-> POLICY-SPAM trails.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18035 <-> DISABLED <-> POLICY-SPAM trusting-me.ru known spam email attempt (policy-spam.rules) * 1:18036 <-> DISABLED <-> POLICY-SPAM twodays.ru known spam email attempt (policy-spam.rules) * 1:18037 <-> DISABLED <-> POLICY-SPAM tyqaja.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18038 <-> DISABLED <-> POLICY-SPAM uboi.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18039 <-> DISABLED <-> POLICY-SPAM uf.drugslevy46b.ru known spam email attempt (policy-spam.rules) * 1:1804 <-> DISABLED <-> SERVER-IIS .cdx HTTP header buffer overflow attempt (server-iis.rules) * 1:18040 <-> DISABLED <-> POLICY-SPAM uielij.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18041 <-> DISABLED <-> POLICY-SPAM unasu.medicdrugsxto.ru known spam email attempt (policy-spam.rules) * 1:18042 <-> DISABLED <-> POLICY-SPAM upazo.pilltodd73p.ru known spam email attempt (policy-spam.rules) * 1:18043 <-> DISABLED <-> POLICY-SPAM utuqaj.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18044 <-> DISABLED <-> POLICY-SPAM uuji.refilleldredge89r.ru known spam email attempt (policy-spam.rules) * 1:18045 <-> DISABLED <-> POLICY-SPAM variation.refilldud86o.ru known spam email attempt (policy-spam.rules) * 1:18046 <-> DISABLED <-> POLICY-SPAM via.refillreade47j.ru known spam email attempt (policy-spam.rules) * 1:18047 <-> DISABLED <-> POLICY-SPAM voiceless.pharmroyce83b.ru known spam email attempt (policy-spam.rules) * 1:18048 <-> DISABLED <-> POLICY-SPAM was.medrayner44c.ru known spam email attempt (policy-spam.rules) * 1:18049 <-> DISABLED <-> POLICY-SPAM word.onlinephilbert42f.ru known spam email attempt (policy-spam.rules) * 1:1805 <-> DISABLED <-> SERVER-WEBAPP Oracle Reports CGI access (server-webapp.rules) * 1:18050 <-> DISABLED <-> POLICY-SPAM world.onlinehill21q.ru known spam email attempt (policy-spam.rules) * 1:18051 <-> DISABLED <-> POLICY-SPAM www.buhni.ru known spam email attempt (policy-spam.rules) * 1:18052 <-> DISABLED <-> POLICY-SPAM www.visitcover.ru known spam email attempt (policy-spam.rules) * 1:18053 <-> DISABLED <-> POLICY-SPAM xob.erectnoll24k.ru known spam email attempt (policy-spam.rules) * 1:18054 <-> DISABLED <-> POLICY-SPAM ygy.onlinetommie54y.ru known spam email attempt (policy-spam.rules) * 1:18055 <-> DISABLED <-> POLICY-SPAM yit.medicdrugsxor.ru known spam email attempt (policy-spam.rules) * 1:18056 <-> DISABLED <-> POLICY-SPAM ylum.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18057 <-> DISABLED <-> POLICY-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt (policy-spam.rules) * 1:18058 <-> DISABLED <-> POLICY-SPAM yomy.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:18059 <-> DISABLED <-> POLICY-SPAM yzugez.pillking74s.ru known spam email attempt (policy-spam.rules) * 1:1806 <-> DISABLED <-> SERVER-IIS .htr chunked Transfer-Encoding (server-iis.rules) * 1:18060 <-> DISABLED <-> POLICY-SPAM zeroprices.ru known spam email attempt (policy-spam.rules) * 1:18061 <-> DISABLED <-> POLICY-SPAM zueuz.onlinehamel83i.ru known spam email attempt (policy-spam.rules) * 1:18064 <-> DISABLED <-> BROWSER-PLUGINS Microsoft .NET framework EntityObject execution attempt (browser-plugins.rules) * 1:18065 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:18067 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:18069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Art drawing invalid shape identifier attempt (file-office.rules) * 1:1807 <-> DISABLED <-> POLICY-OTHER Chunked-Encoding transfer with no data attempt (policy-other.rules) * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18071 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules) * 1:18072 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG external redirect attempt (os-windows.rules) * 1:18073 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG arbitrary embedded scripting attempt (os-windows.rules) * 1:18074 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG URL XSS attempt (os-windows.rules) * 1:18076 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG URL XSS alternate attempt (os-windows.rules) * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:18078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:1808 <-> DISABLED <-> SERVER-WEBAPP apache chunked encoding memory corruption exploit attempt (server-webapp.rules) * 1:1809 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules) * 1:18096 <-> DISABLED <-> SERVER-APACHE Apache Tomcat username enumeration attempt (server-apache.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18098 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Carberp (malware-cnc.rules) * 1:18099 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Carberp (malware-cnc.rules) * 1:1810 <-> DISABLED <-> SERVER-OTHER successful gobbles ssh exploit GOBBLE (server-other.rules) * 1:18100 <-> DISABLED <-> MALWARE-CNC Tidserv malware command and control channel traffic (malware-cnc.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:1811 <-> DISABLED <-> SERVER-OTHER successful gobbles ssh exploit uname (server-other.rules) * 1:1812 <-> DISABLED <-> SERVER-OTHER gobbles SSH exploit attempt (server-other.rules) * 1:1813 <-> DISABLED <-> PROTOCOL-ICMP digital island bandwidth query (protocol-icmp.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:1814 <-> DISABLED <-> SERVER-WEBAPP CISCO VoIP DOS ATTEMPT (server-webapp.rules) * 1:1815 <-> DISABLED <-> SERVER-WEBAPP directory.php arbitrary command attempt (server-webapp.rules) * 1:1816 <-> DISABLED <-> SERVER-WEBAPP directory.php access (server-webapp.rules) * 1:18167 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:18168 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:1817 <-> DISABLED <-> SERVER-IIS MS Site Server default login attempt (server-iis.rules) * 1:18170 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt (browser-firefox.rules) * 1:18171 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18172 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18173 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:18174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption attempt (browser-ie.rules) * 1:18175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption attempt (browser-ie.rules) * 1:18176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt (browser-firefox.rules) * 1:18179 <-> DISABLED <-> INDICATOR-SCAN Proxyfire.net anonymous proxy scan (indicator-scan.rules) * 1:1818 <-> DISABLED <-> SERVER-IIS MS Site Server admin attempt (server-iis.rules) * 1:18180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules) * 1:18181 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor activity (protocol-ftp.rules) * 1:18182 <-> DISABLED <-> PROTOCOL-FTP ProFTPd 1.3.3c backdoor help access attempt (protocol-ftp.rules) * 1:18186 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18188 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser marquee tag denial of service attempt (browser-firefox.rules) * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:1819 <-> DISABLED <-> SERVER-OTHER Alcatel PABX 4400 connection attempt (server-other.rules) * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules) * 1:18193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18194 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules) * 1:18196 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18197 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18198 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:1820 <-> DISABLED <-> SERVER-WEBAPP IBM Net.Commerce orderdspc.d2w access (server-webapp.rules) * 1:18200 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:18202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book smmscrpt.dll malicious DLL load (os-windows.rules) * 1:18204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules) * 1:18205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules) * 1:18206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book request for wab32res.dll over SMB attempt (os-windows.rules) * 1:18207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Address Book request for msoeres32.dll over SMB attempt (os-windows.rules) * 1:18208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:18209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdist.dll dll-load exploit attempt (os-windows.rules) * 1:1821 <-> DISABLED <-> SERVER-OTHER LPD dvips remote command execution attempt (server-other.rules) * 1:18210 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18211 <-> DISABLED <-> OS-WINDOWS Microsoft Movie Maker hhctrl.ocx dll-load attempt (os-windows.rules) * 1:18212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules) * 1:18213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules) * 1:18214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 97 conversion remote code execution attempt (file-office.rules) * 1:18215 <-> DISABLED <-> OS-WINDOWS NETAPI RPC interface reboot attempt (os-windows.rules) * 1:18216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6 #default#anim attempt (browser-ie.rules) * 1:18217 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer select element memory corruption attempt (browser-ie.rules) * 1:18218 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer time element memory corruption attempt (browser-ie.rules) * 1:18219 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver remote code execution attempt (file-other.rules) * 1:1822 <-> DISABLED <-> SERVER-WEBAPP AlienForm alienform.cgi directory traversal attempt (server-webapp.rules) * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules) * 1:18221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table remote code execution attempt (browser-ie.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18229 <-> DISABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules) * 1:1823 <-> DISABLED <-> SERVER-WEBAPP AlienForm af.cgi directory traversal attempt (server-webapp.rules) * 1:18230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:18231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher oversized oti length attempt (file-office.rules) * 1:18233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Adobe Font Driver code execution attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18235 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:18236 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFFIM32.FLT filter memory corruption attempt (file-office.rules) * 1:18237 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (file-image.rules) * 1:18238 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint document conversion remote code excution attempt (server-webapp.rules) * 1:18239 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious JavaScript decryption routine (indicator-obfuscation.rules) * 1:1824 <-> DISABLED <-> SERVER-WEBAPP AlienForm alienform.cgi access (server-webapp.rules) * 1:18240 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:18242 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Fax Services Cover Page Editor overflow attempt (os-windows.rules) * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:18249 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Route Information stack buffer overflow attempt (protocol-icmp.rules) * 1:1825 <-> DISABLED <-> SERVER-WEBAPP AlienForm af.cgi access (server-webapp.rules) * 1:18250 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products EscapeAttributeValue integer overflow attempt (browser-firefox.rules) * 1:1826 <-> DISABLED <-> SERVER-WEBAPP WEB-INF access (server-webapp.rules) * 1:18261 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine String.toSource memory corruption attempt (browser-firefox.rules) * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules) * 1:18263 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18264 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript deleted frame or window reference attempt (browser-firefox.rules) * 1:18265 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18266 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18267 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:1827 <-> DISABLED <-> SERVER-APACHE Apache Tomcat servlet mapping cross site scripting attempt (server-apache.rules) * 1:18273 <-> ENABLED <-> FILE-IDENTIFY BAT file download request (file-identify.rules) * 1:18274 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Mail file download request (file-identify.rules) * 1:18276 <-> DISABLED <-> FILE-OTHER Microsoft Data Access Components library attempt (file-other.rules) * 1:18277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules) * 1:18278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool request for fveapi.dll over SMB attempt (os-windows.rules) * 1:18279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karagany.A variant outbound connection (malware-cnc.rules) * 1:1828 <-> DISABLED <-> SERVER-WEBAPP iPlanet Search directory traversal attempt (server-webapp.rules) * 1:18280 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer oversize recordset object cache size exploit attempt (browser-ie.rules) * 1:18281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.njz variant outbound connection (malware-cnc.rules) * 1:18282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer drag-and-drop vulnerability (browser-ie.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18284 <-> DISABLED <-> FILE-OFFICE Microsoft Office XP URL Handling Buffer Overflow attempt (file-office.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18286 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:1829 <-> DISABLED <-> SERVER-APACHE Apache Tomcat TroubleShooter servlet access (server-apache.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18294 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:18295 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:18296 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:18298 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:18299 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer implicit drag and drop file installation attempt (browser-ie.rules) * 1:1830 <-> DISABLED <-> SERVER-APACHE Apache Tomcat SnoopServlet servlet access (server-apache.rules) * 1:18300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP command injection attempt (browser-ie.rules) * 1:18301 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox GeckoActiveXObject memory corruption attempt (browser-firefox.rules) * 1:18302 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox new function garbage collection remote code execution attempt (browser-firefox.rules) * 1:18303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler overflow attempt (browser-ie.rules) * 1:18304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18306 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:18307 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameset memory corruption attempt (browser-ie.rules) * 1:18308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:18309 <-> DISABLED <-> OS-WINDOWS Microsoft Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:1831 <-> DISABLED <-> SERVER-WEBAPP jigsaw dos attempt (server-webapp.rules) * 1:18310 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18312 <-> DISABLED <-> SERVER-OTHER Subversion 1.0.2 get-dated-rev buffer overflow attempt (server-other.rules) * 1:18313 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:18315 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrValidateName2 overflow attempt (os-windows.rules) * 1:18317 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail RCPT TO proxy overflow attempt (server-mail.rules) * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules) * 1:1832 <-> DISABLED <-> POLICY-SOCIAL ICQ forced user addition (policy-social.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18321 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInterrogator ActiveX clsid access (browser-plugins.rules) * 1:18322 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInterrogator ActiveX function call access (browser-plugins.rules) * 1:18323 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX clsid access (browser-plugins.rules) * 1:18324 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX function call access (browser-plugins.rules) * 1:18325 <-> DISABLED <-> BROWSER-PLUGINS Image Viewer CP Gold 6 ActiveX clsid access (browser-plugins.rules) * 1:18326 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_site_misc module directory traversal attempt (protocol-ftp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18329 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18331 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:18332 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JS Web Worker arbitrary code execution attempt (browser-firefox.rules) * 1:18333 <-> DISABLED <-> SERVER-WEBAPP phpBook date command execution attempt (server-webapp.rules) * 1:18334 <-> DISABLED <-> SERVER-WEBAPP phpBook mail command execution attempt (server-webapp.rules) * 1:18335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules) * 1:18336 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string gbot/2.3 (malware-cnc.rules) * 1:18337 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iamx/3.11 (malware-cnc.rules) * 1:18338 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSISDL/1.2 (malware-cnc.rules) * 1:1834 <-> DISABLED <-> SERVER-WEBAPP PHP-Wiki cross site scripting attempt (server-webapp.rules) * 1:18340 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (malware-cnc.rules) * 1:18341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string UtilMind HTTPGet (malware-cnc.rules) * 1:18342 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_DOWNLOAD (malware-cnc.rules) * 1:18343 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WSEnrichment (malware-cnc.rules) * 1:18345 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (malware-cnc.rules) * 1:18346 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18347 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoIt (malware-cnc.rules) * 1:18348 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (malware-cnc.rules) * 1:18349 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flipopia (malware-cnc.rules) * 1:1835 <-> DISABLED <-> SERVER-WEBAPP Macromedia SiteSpring cross site scripting attempt (server-webapp.rules) * 1:18350 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GabPath (malware-cnc.rules) * 1:18351 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPUpdater (malware-cnc.rules) * 1:18352 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (malware-cnc.rules) * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules) * 1:18354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string opera/8.11 (malware-cnc.rules) * 1:18355 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Se2011 (malware-cnc.rules) * 1:18356 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string random (malware-cnc.rules) * 1:18357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Setup Factory (malware-cnc.rules) * 1:18358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_INETLOAD (malware-cnc.rules) * 1:18359 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Shareaza (malware-cnc.rules) * 1:18360 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Oncues (malware-cnc.rules) * 1:18361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Downloader1.1 (malware-cnc.rules) * 1:18362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Search Toolbar 1.1 (malware-cnc.rules) * 1:18363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules) * 1:18364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string msndown (malware-cnc.rules) * 1:18365 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Agentcc (malware-cnc.rules) * 1:18366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCInstaller (malware-cnc.rules) * 1:18367 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPRecover (malware-cnc.rules) * 1:18368 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Our_Agent (malware-cnc.rules) * 1:18369 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexp-get (malware-cnc.rules) * 1:18370 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla Windows MSIE (malware-cnc.rules) * 1:18371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string QvodDown (malware-cnc.rules) * 1:18373 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Installer (malware-cnc.rules) * 1:18374 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SurfBear (malware-cnc.rules) * 1:18375 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTP Wininet (malware-cnc.rules) * 1:18376 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Trololo (malware-cnc.rules) * 1:18377 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string malware (malware-cnc.rules) * 1:18378 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoHotkey (malware-cnc.rules) * 1:18379 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AskInstallChecker (malware-cnc.rules) * 1:1838 <-> DISABLED <-> SERVER-OTHER SSH server banner overflow (server-other.rules) * 1:18380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPUpdater (malware-cnc.rules) * 1:18381 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Travel Update (malware-cnc.rules) * 1:18382 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WMUpdate (malware-cnc.rules) * 1:18383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPInstaller (malware-cnc.rules) * 1:18385 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTPCSDCENTER (malware-cnc.rules) * 1:18386 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AHTTPConnection (malware-cnc.rules) * 1:18387 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dwplayer (malware-cnc.rules) * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules) * 1:18389 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 3653Client (malware-cnc.rules) * 1:1839 <-> DISABLED <-> SERVER-WEBAPP mailman cross site scripting attempt (server-webapp.rules) * 1:18390 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Delphi 5.x (malware-cnc.rules) * 1:18391 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MyLove (malware-cnc.rules) * 1:18392 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string qixi (malware-cnc.rules) * 1:18393 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string vyre32 (malware-cnc.rules) * 1:18394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCRecover (malware-cnc.rules) * 1:18395 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Duckling/1.0 (malware-cnc.rules) * 1:18396 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hypervisor OS-WINDOWS vfd download attempt (os-windows.rules) * 1:18397 <-> DISABLED <-> SERVER-OTHER HP DDMI Agent spoofing - command execution (server-other.rules) * 1:18398 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18399 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules) * 1:1840 <-> DISABLED <-> FILE-JAVA Oracle Javascript document.domain attempt (file-java.rules) * 1:18400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules) * 1:18401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Base64 encoded script overflow attempt (browser-ie.rules) * 1:18402 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD Adobe font driver remote code execution attempt (file-other.rules) * 1:18403 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Data Source Object memory corruption attempt (browser-ie.rules) * 1:18404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer document.insertBefore memory corruption attempt (browser-ie.rules) * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules) * 1:18406 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos executable attempt (file-other.rules) * 1:18407 <-> DISABLED <-> FILE-OTHER Microsoft Windows Server 2003 update service principal name spn dos attempt (file-other.rules) * 1:18408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:1841 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules) * 1:18410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules) * 1:18411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules) * 1:18413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WMI tracing api integer truncation attempt (os-windows.rules) * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules) * 1:18415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio deserialization double free attempt (file-office.rules) * 1:18416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:18417 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:18418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript apply function memory corruption attempt (file-flash.rules) * 1:18419 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ASnative function remote code execution attempt (file-flash.rules) * 1:18421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules) * 1:18426 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-other.rules) * 1:1843 <-> DISABLED <-> MALWARE-BACKDOOR trinity connection attempt (malware-backdoor.rules) * 1:18431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin sqlite.dll dll-load exploit attempt (file-pdf.rules) * 1:18432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-pdf.rules) * 1:18433 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader d3dref9.dll dll-load exploit attempt (file-other.rules) * 1:18434 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-other.rules) * 1:18435 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-other.rules) * 1:18436 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-other.rules) * 1:18437 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-other.rules) * 1:18438 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-other.rules) * 1:18439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin ace.dll dll-load exploit attempt (file-pdf.rules) * 1:1844 <-> DISABLED <-> PROTOCOL-IMAP authenticate overflow attempt (protocol-imap.rules) * 1:18440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin agm.dll dll-load exploit attempt (file-pdf.rules) * 1:18441 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin bibutils.dll dll-load exploit attempt (file-pdf.rules) * 1:18442 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cooltype.dll dll-load exploit attempt (file-pdf.rules) * 1:18443 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader plugin cryptocme2.dll dll-load exploit attempt (file-pdf.rules) * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules) * 1:18445 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18446 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player nvapi.dll dll-load exploit attempt (file-flash.rules) * 1:18447 <-> DISABLED <-> FILE-FLASH Adobe OpenAction crafted URI action thru Firefox attempt (file-flash.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules) * 1:1845 <-> DISABLED <-> PROTOCOL-IMAP list literal overflow attempt (protocol-imap.rules) * 1:18450 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed BMP RGBQUAD attempt (file-pdf.rules) * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules) * 1:18452 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18454 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18455 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed jpeg2000 superbox attempt (file-pdf.rules) * 1:18456 <-> DISABLED <-> FILE-PDF Adobe Acrobat XML entity escape attempt (file-pdf.rules) * 1:18457 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules) * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules) * 1:1846 <-> DISABLED <-> POLICY-MULTIMEDIA vncviewer Java applet download attempt (policy-multimedia.rules) * 1:18460 <-> DISABLED <-> SERVER-WEBAPP Symantec Alert Management System pin number buffer overflow attempt (server-webapp.rules) * 1:18461 <-> DISABLED <-> SERVER-MAIL IBM Lotus Domino nrouter.exe iCalendar MAILTO stack buffer overflow attempt (server-mail.rules) * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18463 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:18464 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion locale directory traversal attempt (server-webapp.rules) * 1:18465 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:18466 <-> DISABLED <-> SERVER-WEBAPP raSMP User-Agent XSS injection attempt (server-webapp.rules) * 1:18467 <-> DISABLED <-> SERVER-WEBAPP raSMP User-Agent XSS injection attempt (server-webapp.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:1847 <-> DISABLED <-> SERVER-WEBAPP webalizer access (server-webapp.rules) * 1:18470 <-> DISABLED <-> SERVER-WEBAPP Java floating point number denial of service - via URI (server-webapp.rules) * 1:18471 <-> DISABLED <-> SERVER-WEBAPP Java floating point number denial of service - via POST (server-webapp.rules) * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules) * 1:18473 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Reply (protocol-icmp.rules) * 1:18474 <-> DISABLED <-> PROTOCOL-ICMP ICMPv6 Echo Request (protocol-icmp.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18476 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:18477 <-> DISABLED <-> SERVER-MAIL Lotus Notes MIF viewer statement data overflow 2 (server-mail.rules) * 1:18478 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php premodDir remote file include attempt (server-webapp.rules) * 1:18479 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php pathToFiles remote file include attempt (server-webapp.rules) * 1:1848 <-> DISABLED <-> SERVER-WEBAPP webcart-lite access (server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer History.go method double free corruption attempt (browser-ie.rules) * 1:18484 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:18485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript handler race condition memory corruption attempt (browser-firefox.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop request for wintab32.dll over SMB attempt (file-other.rules) * 1:1849 <-> DISABLED <-> SERVER-WEBAPP webfind.exe access (server-webapp.rules) * 1:18490 <-> DISABLED <-> BROWSER-PLUGINS Whale Client Components ActiveX clsid access (browser-plugins.rules) * 1:18491 <-> DISABLED <-> BROWSER-PLUGINS Whale Client Components ActiveX ProgID access (browser-plugins.rules) * 1:18493 <-> DISABLED <-> INDICATOR-OBFUSCATION generic PHP code obfuscation attempt (indicator-obfuscation.rules) * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18496 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules) * 1:18497 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension request for ehtrace.dll over SMB attempt (os-windows.rules) * 1:18498 <-> DISABLED <-> FILE-OTHER Microsoft Media Player dvr-ms file parsing remote code execution attempt (file-other.rules) * 1:18499 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:185 <-> DISABLED <-> MALWARE-BACKDOOR CDK (malware-backdoor.rules) * 1:1850 <-> DISABLED <-> SERVER-WEBAPP way-board.cgi access (server-webapp.rules) * 1:18500 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18501 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules) * 1:18502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules) * 1:18503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript flash.geom.Point constructor memory corruption attempt (file-flash.rules) * 1:18504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules) * 1:18505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules) * 1:18506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18507 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18508 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit ParentStyleSheet exploit attempt (browser-webkit.rules) * 1:18509 <-> DISABLED <-> SERVER-OTHER PeerCast format string exploit attempt (server-other.rules) * 1:1851 <-> DISABLED <-> SERVER-WEBAPP active.log access (server-webapp.rules) * 1:18510 <-> DISABLED <-> FILE-IMAGE Apple QuickTime FlashPix Movie file integer overflow attempt (file-image.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules) * 1:18512 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:18513 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (server-mysql.rules) * 1:18514 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:18515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18517 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:18518 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:18519 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:1852 <-> DISABLED <-> SERVER-WEBAPP robots.txt access (server-webapp.rules) * 1:18520 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18521 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML exploit attempt (browser-ie.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18528 <-> DISABLED <-> SERVER-ORACLE Oracle TimesTen In-Memory Database HTTP request denial of service attempt (server-oracle.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:1853 <-> DISABLED <-> MALWARE-BACKDOOR win-trin00 connection attempt (malware-backdoor.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors request for iacenc.dll over SMB attempt (os-windows.rules) * 1:18533 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18534 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules) * 1:18536 <-> DISABLED <-> FILE-OFFICE OpenOffice.org Microsoft Office Word file processing integer underflow attempt (file-office.rules) * 1:18537 <-> DISABLED <-> FILE-OTHER OpenOffice.org XPM file processing integer overflow attempt (file-other.rules) * 1:18538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:18539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:1854 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht handler->agent niggahbitch (protocol-icmp.rules) * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:18542 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknown compression algorithm use after free attempt (browser-plugins.rules) * 1:18543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:18544 <-> DISABLED <-> FILE-FLASH embedded Shockwave dropper in email attachment (file-flash.rules) * 1:18545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules) * 1:18546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules) * 1:18547 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules) * 1:18548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules) * 1:18549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules) * 1:1855 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht agent->handler skillz (protocol-icmp.rules) * 1:18550 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file attachment (file-office.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18556 <-> DISABLED <-> SERVER-WEBAPP Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (server-webapp.rules) * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18559 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:1856 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht handler->agent ficken (protocol-icmp.rules) * 1:18560 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:18561 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules) * 1:18563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaboc variant outbound connection (malware-cnc.rules) * 1:18564 <-> DISABLED <-> MALWARE-CNC RussKill botnet variant outbound connection (malware-cnc.rules) * 1:18565 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for mail.google.com detected (indicator-compromise.rules) * 1:18566 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for www.google.com detected (indicator-compromise.rules) * 1:18567 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18568 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:18569 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.yahoo.com detected (indicator-compromise.rules) * 1:1857 <-> DISABLED <-> SERVER-WEBAPP robot.txt access (server-webapp.rules) * 1:18570 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.skype.com detected (indicator-compromise.rules) * 1:18571 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for addons.mozilla.org detected (indicator-compromise.rules) * 1:18572 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for login.live.com detected (indicator-compromise.rules) * 1:18573 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate for global trustee detected (indicator-compromise.rules) * 1:18574 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:18576 <-> DISABLED <-> INDICATOR-COMPROMISE fraudulent digital certificate from usertrust.com detected (indicator-compromise.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules) * 1:18578 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL cdda URI overflow attempt (browser-plugins.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:1858 <-> DISABLED <-> SERVER-WEBAPP CISCO PIX Firewall Manager directory traversal attempt (server-webapp.rules) * 1:18580 <-> DISABLED <-> PROTOCOL-FTP ACCT overflow attempt (protocol-ftp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18583 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:18585 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:18586 <-> DISABLED <-> SERVER-WEBAPP Visuplay CMS news_article.php unspecified SQL injection attempt (server-webapp.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18588 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XCRC overflow attempt (protocol-ftp.rules) * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:1859 <-> DISABLED <-> SERVER-WEBAPP Oracle JavaServer default password login attempt (server-webapp.rules) * 1:18590 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:18591 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:18592 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:18593 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18594 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18595 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18596 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:18597 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:18598 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP Processing Buffer Overflow (server-other.rules) * 1:18599 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:1860 <-> DISABLED <-> SERVER-WEBAPP Linksys router default password login attempt (server-webapp.rules) * 1:18600 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18601 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:18603 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (server-mail.rules) * 1:18604 <-> DISABLED <-> MALWARE-OTHER lizamoon script injection (malware-other.rules) * 1:18605 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService path overflow attempt (protocol-scada.rules) * 1:18606 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file access attempt (protocol-scada.rules) * 1:18607 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink CSService file information access attempt (protocol-scada.rules) * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules) * 1:1861 <-> DISABLED <-> SERVER-WEBAPP Linksys router default username and password login attempt (server-webapp.rules) * 1:18610 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (protocol-scada.rules) * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18614 <-> DISABLED <-> PROTOCOL-SCADA Tecnomatix FactoryLink vrn.exe file access attempt (protocol-scada.rules) * 1:18615 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18616 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18617 <-> DISABLED <-> SERVER-OTHER Tecnomatix FactoryLink CSService null pointer attempt (server-other.rules) * 1:18618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.dpvy/Parkchicers.A/Delf checkin (malware-cnc.rules) * 1:18619 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:1862 <-> DISABLED <-> SERVER-WEBAPP mrtg.cgi directory traversal attempt (server-webapp.rules) * 1:18620 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18621 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18622 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18623 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18624 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework optimizer escalation attempt (os-windows.rules) * 1:18625 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt (os-windows.rules) * 1:18626 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt (os-windows.rules) * 1:18627 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt (os-windows.rules) * 1:18628 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt (os-windows.rules) * 1:18629 <-> DISABLED <-> OS-WINDOWS Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt (os-windows.rules) * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:18632 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:18633 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:18634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:18635 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:18636 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint SlideAtom record exploit attempt (file-office.rules) * 1:18637 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules) * 1:18638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:1864 <-> DISABLED <-> PROTOCOL-FTP SITE NEWER attempt (protocol-ftp.rules) * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed SupBook record attempt (file-office.rules) * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:18644 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory corruption attempt (file-other.rules) * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:1865 <-> DISABLED <-> SERVER-WEBAPP webdist.cgi arbitrary command attempt (server-webapp.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18652 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (protocol-scada.rules) * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules) * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18658 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:1866 <-> DISABLED <-> PROTOCOL-POP USER overflow attempt (protocol-pop.rules) * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules) * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:18668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX clsid access (browser-plugins.rules) * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules) * 1:1867 <-> DISABLED <-> X11 xdmcp info query (x11.rules) * 1:18670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-ie.rules) * 1:18675 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18678 <-> DISABLED <-> SERVER-WEBAPP osCommerce categories.php Arbitrary File Upload And Code Execution (server-webapp.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:1868 <-> DISABLED <-> SERVER-WEBAPP Interactive Story story.pl arbitrary file read attempt (server-webapp.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18681 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:18683 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded PDF object (file-office.rules) * 1:18684 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:1869 <-> DISABLED <-> SERVER-WEBAPP Interactive Story story.pl access (server-webapp.rules) * 1:18691 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD.SYS null write attempt (os-windows.rules) * 1:1870 <-> DISABLED <-> SERVER-WEBAPP siteUserMod.cgi access (server-webapp.rules) * 1:18700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BHO.argt checkin (malware-cnc.rules) * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18704 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules) * 1:18705 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules) * 1:18706 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules) * 1:1871 <-> DISABLED <-> SERVER-WEBAPP Oracle XSQLConfig.xml access (server-webapp.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules) * 1:18713 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18714 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules) * 1:18719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.CBY variant outbound connection (malware-cnc.rules) * 1:1872 <-> DISABLED <-> SERVER-WEBAPP Oracle Dynamic Monitoring Services dms access (server-webapp.rules) * 1:18720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Terzib.A variant outbound connection (malware-cnc.rules) * 1:18721 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18722 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (protocol-scada.rules) * 1:18723 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.CleanV variant outbound connection (malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules) * 1:18725 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (protocol-scada.rules) * 1:18726 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (protocol-scada.rules) * 1:18727 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (protocol-scada.rules) * 1:18728 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (protocol-scada.rules) * 1:18729 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (protocol-scada.rules) * 1:1873 <-> DISABLED <-> SERVER-WEBAPP globals.jsa access (server-webapp.rules) * 1:18730 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (protocol-scada.rules) * 1:18731 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (protocol-scada.rules) * 1:18732 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18733 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18734 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18735 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18736 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18737 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (protocol-scada.rules) * 1:18738 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (protocol-scada.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules) * 1:1874 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Process Manager access (server-webapp.rules) * 1:18740 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:18741 <-> DISABLED <-> BROWSER-PLUGINS CrystalReports EnterpriseControls ActiveX clsid access (browser-plugins.rules) * 1:18742 <-> DISABLED <-> SERVER-WEBAPP IBM WebSphere Expect header cross-site scripting (server-webapp.rules) * 1:18743 <-> DISABLED <-> SERVER-WEBAPP VLC player web interface format string attack (server-webapp.rules) * 1:18744 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN vlc player subtitle buffer overflow attempt (file-multimedia.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18746 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:18747 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (protocol-scada.rules) * 1:18748 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (protocol-scada.rules) * 1:18749 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (protocol-scada.rules) * 1:1875 <-> DISABLED <-> SERVER-WEBAPP cgicso access (server-webapp.rules) * 1:18750 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (protocol-scada.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18752 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (protocol-scada.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18755 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Data Type Memory Corruption (file-office.rules) * 1:18756 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows 7/Server 2008R2 (indicator-compromise.rules) * 1:18757 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows Vista (indicator-compromise.rules) * 1:18758 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Basic script file download request (file-identify.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:1876 <-> DISABLED <-> SERVER-WEBAPP nph-publish.cgi access (server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18761 <-> DISABLED <-> SERVER-WEBAPP Majordomo2 http directory traversal attempt (server-webapp.rules) * 1:18762 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI /blog.updata?v= - Win32-Agent-GRW (malware-cnc.rules) * 1:18763 <-> DISABLED <-> SERVER-OTHER ActFax Server LPD/LPR Remote Buffer Overflow (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18765 <-> DISABLED <-> SERVER-MAIL Majordomo2 smtp directory traversal attempt (server-mail.rules) * 1:18766 <-> DISABLED <-> SERVER-OTHER OpenSSL CMS structure OriginatorInfo memory corruption attempt (server-other.rules) * 1:18767 <-> DISABLED <-> PROTOCOL-TFTP Multiple TFTP product buffer overflow attempt (protocol-tftp.rules) * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:1877 <-> DISABLED <-> SERVER-WEBAPP printenv access (server-webapp.rules) * 1:18770 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit range object remote code execution attempt (browser-webkit.rules) * 1:18771 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18772 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ADO Object Parsing Code Execution (file-office.rules) * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules) * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules) * 1:18776 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director pamm chunk memory corruption attempt (file-other.rules) * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules) * 1:18778 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:18779 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (protocol-scada.rules) * 1:1878 <-> DISABLED <-> SERVER-WEBAPP sdbsearch.cgi access (server-webapp.rules) * 1:18780 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18781 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (protocol-scada.rules) * 1:18782 <-> DISABLED <-> MALWARE-CNC URI Request for known malicious URI - Chinese Rootkit.Win32.Fisp.a (malware-cnc.rules) * 1:18783 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (protocol-scada.rules) * 1:18784 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (protocol-scada.rules) * 1:18785 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (protocol-scada.rules) * 1:18786 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (protocol-scada.rules) * 1:18787 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (protocol-scada.rules) * 1:18788 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (protocol-scada.rules) * 1:18789 <-> DISABLED <-> PROTOCOL-SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (protocol-scada.rules) * 1:1879 <-> DISABLED <-> SERVER-WEBAPP book.cgi arbitrary command execution attempt (server-webapp.rules) * 1:18790 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe overflow attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18796 <-> DISABLED <-> SERVER-WEBAPP Novell iManager ClassName handling overflow attempt (server-webapp.rules) * 1:18797 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration property_box.php other variable command execution attempt (server-webapp.rules) * 1:18798 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:18799 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:1880 <-> DISABLED <-> SERVER-WEBAPP oracle web application server access (server-webapp.rules) * 1:18800 <-> DISABLED <-> FILE-OTHER Adobe RoboHelp Server Arbitrary File Upload (file-other.rules) * 1:18801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18803 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (server-webapp.rules) * 1:18804 <-> DISABLED <-> SERVER-WEBAPP OpenLDAP Modrdn utf-8 string code execution attempt (server-webapp.rules) * 1:18805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player undefined tag exploit attempt (file-flash.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:18807 <-> DISABLED <-> SERVER-OTHER OpenLDAP Modrdn RDN NULL string denial of service attempt (server-other.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules) * 1:18809 <-> DISABLED <-> BROWSER-FIREFOX Mozilla EnsureCachedAttrParamArrays integer overflow attempt (browser-firefox.rules) * 1:1881 <-> DISABLED <-> SERVER-WEBAPP bad HTTP 1.1 request - potential worm attack (server-webapp.rules) * 1:18811 <-> DISABLED <-> FILE-IDENTIFY .ade attachment file type blocked by Outlook detected (file-identify.rules) * 1:18812 <-> DISABLED <-> FILE-IDENTIFY .adp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18813 <-> DISABLED <-> FILE-IDENTIFY .app attachment file type blocked by Outlook detected (file-identify.rules) * 1:18814 <-> DISABLED <-> FILE-IDENTIFY .asp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18815 <-> DISABLED <-> FILE-IDENTIFY .bas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18816 <-> DISABLED <-> FILE-IDENTIFY .bat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18817 <-> DISABLED <-> FILE-IDENTIFY .cer attachment file type blocked by Outlook detected (file-identify.rules) * 1:18818 <-> DISABLED <-> FILE-IDENTIFY .chm attachment file type blocked by Outlook detected (file-identify.rules) * 1:18819 <-> DISABLED <-> FILE-IDENTIFY .cmd attachment file type blocked by Outlook detected (file-identify.rules) * 1:1882 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned userid (indicator-compromise.rules) * 1:18820 <-> DISABLED <-> FILE-IDENTIFY .cnt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18821 <-> DISABLED <-> FILE-IDENTIFY .com attachment file type blocked by Outlook detected (file-identify.rules) * 1:18822 <-> DISABLED <-> FILE-IDENTIFY .cpl attachment file type blocked by Outlook detected (file-identify.rules) * 1:18823 <-> DISABLED <-> FILE-IDENTIFY .crt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18824 <-> DISABLED <-> FILE-IDENTIFY .csh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18825 <-> DISABLED <-> FILE-IDENTIFY .der attachment file type blocked by Outlook detected (file-identify.rules) * 1:18826 <-> DISABLED <-> FILE-IDENTIFY .exe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18827 <-> DISABLED <-> FILE-IDENTIFY .fxp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18828 <-> DISABLED <-> FILE-IDENTIFY .gadget attachment file type blocked by Outlook detected (file-identify.rules) * 1:18829 <-> DISABLED <-> FILE-IDENTIFY .hlp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18830 <-> DISABLED <-> FILE-IDENTIFY .hpj attachment file type blocked by Outlook detected (file-identify.rules) * 1:18831 <-> DISABLED <-> FILE-IDENTIFY .hta attachment file type blocked by Outlook detected (file-identify.rules) * 1:18832 <-> DISABLED <-> FILE-IDENTIFY .inf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18833 <-> DISABLED <-> FILE-IDENTIFY .ins attachment file type blocked by Outlook detected (file-identify.rules) * 1:18834 <-> DISABLED <-> FILE-IDENTIFY .isp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18835 <-> DISABLED <-> FILE-IDENTIFY .its attachment file type blocked by Outlook detected (file-identify.rules) * 1:18836 <-> DISABLED <-> FILE-IDENTIFY .js attachment file type blocked by Outlook detected (file-identify.rules) * 1:18837 <-> DISABLED <-> FILE-IDENTIFY .jse attachment file type blocked by Outlook detected (file-identify.rules) * 1:18838 <-> DISABLED <-> FILE-IDENTIFY .ksh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18839 <-> DISABLED <-> FILE-IDENTIFY .lnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:18840 <-> DISABLED <-> FILE-IDENTIFY .mad attachment file type blocked by Outlook detected (file-identify.rules) * 1:18841 <-> DISABLED <-> FILE-IDENTIFY .maf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18842 <-> DISABLED <-> FILE-IDENTIFY .mag attachment file type blocked by Outlook detected (file-identify.rules) * 1:18843 <-> DISABLED <-> FILE-IDENTIFY .mam attachment file type blocked by Outlook detected (file-identify.rules) * 1:18844 <-> DISABLED <-> FILE-IDENTIFY .maq attachment file type blocked by Outlook detected (file-identify.rules) * 1:18845 <-> DISABLED <-> FILE-IDENTIFY .mar attachment file type blocked by Outlook detected (file-identify.rules) * 1:18846 <-> DISABLED <-> FILE-IDENTIFY .mas attachment file type blocked by Outlook detected (file-identify.rules) * 1:18847 <-> DISABLED <-> FILE-IDENTIFY .mat attachment file type blocked by Outlook detected (file-identify.rules) * 1:18848 <-> DISABLED <-> FILE-IDENTIFY .mau attachment file type blocked by Outlook detected (file-identify.rules) * 1:18849 <-> DISABLED <-> FILE-IDENTIFY .mav attachment file type blocked by Outlook detected (file-identify.rules) * 1:18850 <-> DISABLED <-> FILE-IDENTIFY .maw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18851 <-> DISABLED <-> FILE-IDENTIFY .mda attachment file type blocked by Outlook detected (file-identify.rules) * 1:18852 <-> DISABLED <-> FILE-IDENTIFY .mdb attachment file type blocked by Outlook detected (file-identify.rules) * 1:18853 <-> DISABLED <-> FILE-IDENTIFY .mde attachment file type blocked by Outlook detected (file-identify.rules) * 1:18854 <-> DISABLED <-> FILE-IDENTIFY .mdt attachment file type blocked by Outlook detected (file-identify.rules) * 1:18855 <-> DISABLED <-> FILE-IDENTIFY .mdw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18856 <-> DISABLED <-> FILE-IDENTIFY .mdz attachment file type blocked by Outlook detected (file-identify.rules) * 1:18857 <-> DISABLED <-> FILE-IDENTIFY .msc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18858 <-> DISABLED <-> FILE-IDENTIFY .msh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18859 <-> DISABLED <-> FILE-IDENTIFY .msh1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18860 <-> DISABLED <-> FILE-IDENTIFY .msh2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18861 <-> DISABLED <-> FILE-IDENTIFY .mshxml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18862 <-> DISABLED <-> FILE-IDENTIFY .msh1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18863 <-> DISABLED <-> FILE-IDENTIFY .msh2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18864 <-> DISABLED <-> FILE-IDENTIFY .msi attachment file type blocked by Outlook detected (file-identify.rules) * 1:18865 <-> DISABLED <-> FILE-IDENTIFY .msp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18866 <-> DISABLED <-> FILE-IDENTIFY .mst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18867 <-> DISABLED <-> FILE-IDENTIFY .ops attachment file type blocked by Outlook detected (file-identify.rules) * 1:18868 <-> DISABLED <-> FILE-IDENTIFY .osd attachment file type blocked by Outlook detected (file-identify.rules) * 1:18869 <-> DISABLED <-> FILE-IDENTIFY .pcd attachment file type blocked by Outlook detected (file-identify.rules) * 1:1887 <-> DISABLED <-> SERVER-OTHER OpenSSL Worm traffic (server-other.rules) * 1:18870 <-> DISABLED <-> FILE-IDENTIFY .pif attachment file type blocked by Outlook detected (file-identify.rules) * 1:18871 <-> DISABLED <-> FILE-IDENTIFY .plg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18872 <-> DISABLED <-> FILE-IDENTIFY .prf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18873 <-> DISABLED <-> FILE-IDENTIFY .prg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18874 <-> DISABLED <-> FILE-IDENTIFY .pst attachment file type blocked by Outlook detected (file-identify.rules) * 1:18875 <-> DISABLED <-> FILE-IDENTIFY .reg attachment file type blocked by Outlook detected (file-identify.rules) * 1:18876 <-> DISABLED <-> FILE-IDENTIFY .scf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18877 <-> DISABLED <-> FILE-IDENTIFY .scr attachment file type blocked by Outlook detected (file-identify.rules) * 1:18878 <-> DISABLED <-> FILE-IDENTIFY .sct attachment file type blocked by Outlook detected (file-identify.rules) * 1:18879 <-> DISABLED <-> FILE-IDENTIFY .shb attachment file type blocked by Outlook detected (file-identify.rules) * 1:1888 <-> DISABLED <-> PROTOCOL-FTP SITE CPWD overflow attempt (protocol-ftp.rules) * 1:18880 <-> DISABLED <-> FILE-IDENTIFY .shs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18881 <-> DISABLED <-> FILE-IDENTIFY .ps1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18882 <-> DISABLED <-> FILE-IDENTIFY .ps1xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18883 <-> DISABLED <-> FILE-IDENTIFY .ps2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18884 <-> DISABLED <-> FILE-IDENTIFY .ps2xml attachment file type blocked by Outlook detected (file-identify.rules) * 1:18885 <-> DISABLED <-> FILE-IDENTIFY .psc1 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18886 <-> DISABLED <-> FILE-IDENTIFY .psc2 attachment file type blocked by Outlook detected (file-identify.rules) * 1:18887 <-> DISABLED <-> FILE-IDENTIFY .tmp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18888 <-> DISABLED <-> FILE-IDENTIFY .url attachment file type blocked by Outlook detected (file-identify.rules) * 1:18889 <-> DISABLED <-> FILE-IDENTIFY .vb attachment file type blocked by Outlook detected (file-identify.rules) * 1:1889 <-> DISABLED <-> MALWARE-CNC slapper worm admin traffic (malware-cnc.rules) * 1:18890 <-> DISABLED <-> FILE-IDENTIFY .vbe attachment file type blocked by Outlook detected (file-identify.rules) * 1:18891 <-> DISABLED <-> FILE-IDENTIFY .vbp attachment file type blocked by Outlook detected (file-identify.rules) * 1:18892 <-> DISABLED <-> FILE-IDENTIFY .vbs attachment file type blocked by Outlook detected (file-identify.rules) * 1:18893 <-> DISABLED <-> FILE-IDENTIFY .vsmacros attachment file type blocked by Outlook detected (file-identify.rules) * 1:18894 <-> DISABLED <-> FILE-IDENTIFY .vsw attachment file type blocked by Outlook detected (file-identify.rules) * 1:18895 <-> DISABLED <-> FILE-IDENTIFY .ws attachment file type blocked by Outlook detected (file-identify.rules) * 1:18896 <-> DISABLED <-> FILE-IDENTIFY .wsc attachment file type blocked by Outlook detected (file-identify.rules) * 1:18897 <-> DISABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules) * 1:18898 <-> DISABLED <-> FILE-IDENTIFY .wsh attachment file type blocked by Outlook detected (file-identify.rules) * 1:18899 <-> DISABLED <-> FILE-IDENTIFY .xnk attachment file type blocked by Outlook detected (file-identify.rules) * 1:1890 <-> DISABLED <-> PROTOCOL-RPC status GHBN format string attack (protocol-rpc.rules) * 1:18900 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (W32.Swizzor -- malware-cnc.rules) * 1:18901 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC Ticket validation double free memory corruption attempt (server-other.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18903 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Rendering Counter Code Execution (browser-webkit.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18905 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18906 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18907 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18908 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18909 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:1891 <-> DISABLED <-> PROTOCOL-RPC status GHBN format string attack (protocol-rpc.rules) * 1:18910 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18911 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18912 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18913 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18914 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18915 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18916 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18917 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18918 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18919 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:1892 <-> DISABLED <-> PROTOCOL-SNMP null community string attempt (protocol-snmp.rules) * 1:18920 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18921 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18922 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18923 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18924 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18925 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18928 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:18929 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration objectname variable command injection attempt (server-oracle.rules) * 1:1893 <-> DISABLED <-> PROTOCOL-SNMP missing community string attempt (protocol-snmp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18931 <-> DISABLED <-> SERVER-APACHE Apache Struts OGNL parameter interception bypass command execution attempt (server-apache.rules) * 1:18932 <-> DISABLED <-> SERVER-WEBAPP Jboss default configuration unauthorized application add attempt (server-webapp.rules) * 1:18933 <-> DISABLED <-> SERVER-OTHER SolarWinds TFTP Server Read request denial of service attempt (server-other.rules) * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18935 <-> DISABLED <-> SERVER-OTHER ISC DHCP server zero length client ID denial of service attempt (server-other.rules) * 1:18936 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.FakeAV (malware-cnc.rules) * 1:18937 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.Krap (malware-cnc.rules) * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:1894 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18940 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Sality (malware-cnc.rules) * 1:18941 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - FakeAV (malware-cnc.rules) * 1:18942 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacProtector (malware-cnc.rules) * 1:18943 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacDefender (malware-cnc.rules) * 1:18945 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Feberr variant outbound connection (malware-cnc.rules) * 1:18946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18948 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:1895 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18950 <-> DISABLED <-> OS-WINDOWS Microsoft WINS service oversize payload exploit attempt (os-windows.rules) * 1:18951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:18953 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18954 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18955 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:18956 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt (server-webapp.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18959 <-> DISABLED <-> SERVER-WEBAPP VMware SpringSource Spring Framework class.classloader remote code execution attempt (server-webapp.rules) * 1:1896 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18960 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise agents HTTP request remote code execution attempt (server-webapp.rules) * 1:18961 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18962 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18963 <-> DISABLED <-> FILE-FLASH Adobe ActionScript 3 addEventListener exploit attempt (file-flash.rules) * 1:18964 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18965 <-> DISABLED <-> FILE-FLASH Adobe Flash file ActionScript 2 ActionJump remote code execution attempt (file-flash.rules) * 1:18966 <-> DISABLED <-> FILE-FLASH Adobe Flash file DefineFont4 remote code execution attempt (file-flash.rules) * 1:18967 <-> DISABLED <-> FILE-FLASH Adobe ActionScript argumentCount download attempt (file-flash.rules) * 1:18968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript3 stack integer overflow attempt (file-flash.rules) * 1:18969 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript ActionIf integer overflow attempt (file-flash.rules) * 1:1897 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18970 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:18971 <-> DISABLED <-> FILE-FLASH Adobe Flash beginGradientfill improper color validation attempt (file-flash.rules) * 1:18972 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration selector variable command injection attempt (server-oracle.rules) * 1:18973 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:18974 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call attempt (browser-plugins.rules) * 1:18975 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call access (browser-plugins.rules) * 1:18976 <-> DISABLED <-> MALWARE-CNC Rogue-Software.AVCare variant outbound connection (malware-cnc.rules) * 1:18977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy variant outbound connection (malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules) * 1:18979 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.fmo variant outbound connection (malware-cnc.rules) * 1:1898 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18980 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18981 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18982 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18984 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win32/Trojanclicker (malware-cnc.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18989 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:1899 <-> DISABLED <-> INDICATOR-SHELLCODE kadmind buffer overflow attempt (indicator-shellcode.rules) * 1:18990 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18991 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player content parsing execution attempt (file-flash.rules) * 1:18993 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager server name exploit attempt (server-webapp.rules) * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules) * 1:18995 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit removeAllRanges use-after-free attempt (browser-webkit.rules) * 1:18996 <-> DISABLED <-> SERVER-ORACLE DBMS_JAVA.SET_OUTPUT_TO_JAVA privilege escalation attempt (server-oracle.rules) * 1:18997 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:1900 <-> DISABLED <-> SERVER-OTHER successful kadmind buffer overflow attempt (server-other.rules) * 1:19000 <-> DISABLED <-> SERVER-MYSQL Database CASE NULL argument denial of service attempt (server-mysql.rules) * 1:19001 <-> DISABLED <-> SERVER-MYSQL IN NULL argument denial of service attempt (server-mysql.rules) * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV integer overflow attempt (file-flash.rules) * 1:19003 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19004 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19005 <-> DISABLED <-> BROWSER-CHROME Apple Safari/Google Chrome Webkit memory corruption attempt (browser-chrome.rules) * 1:19006 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express DtbClsLogin buffer overflow attempt (server-other.rules) * 1:19007 <-> DISABLED <-> SERVER-SAMBA Samba SID parsing overflow attempt (server-samba.rules) * 1:19008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point conversion memory corruption attempt (browser-webkit.rules) * 1:19009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:1901 <-> DISABLED <-> SERVER-OTHER successful kadmind buffer overflow attempt (server-other.rules) * 1:19010 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:19011 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19012 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules) * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules) * 1:19015 <-> DISABLED <-> POLICY-SPAM visiopharm-3d.eu known spam email attempt (policy-spam.rules) * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:1902 <-> DISABLED <-> PROTOCOL-IMAP lsub literal overflow attempt (protocol-imap.rules) * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:19021 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Win32.FraudLoad.dzm variant outbound connection (malware-cnc.rules) * 1:19022 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Win32.FraudLoad.dzm variant outbound connection (malware-cnc.rules) * 1:19023 <-> DISABLED <-> MALWARE-CNC IRC.Zapchast.zwrc variant outbound connection (malware-cnc.rules) * 1:19024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.StartPage variant outbound connection (malware-cnc.rules) * 1:19025 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Banker.Win32.Bancos.etf variant outbound connection (malware-cnc.rules) * 1:19026 <-> DISABLED <-> PUA-ADWARE Smart Protector outbound connection (pua-adware.rules) * 1:19027 <-> DISABLED <-> MALWARE-CNC BrowserModifier.Win32.Kerlofost variant outbound connection (malware-cnc.rules) * 1:19028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mailbot variant outbound connection (malware-cnc.rules) * 1:19029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PcClient.AI variant outbound connection (malware-cnc.rules) * 1:1903 <-> DISABLED <-> PROTOCOL-IMAP rename overflow attempt (protocol-imap.rules) * 1:19030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uloadis variant outbound connection (malware-cnc.rules) * 1:19031 <-> DISABLED <-> MALWARE-CNC iPRIVACY variant outbound connection (malware-cnc.rules) * 1:19032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot.qd variant outbound connection (malware-cnc.rules) * 1:19035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel.baqb variant outbound connection (malware-cnc.rules) * 1:19036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19039 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:1904 <-> DISABLED <-> PROTOCOL-IMAP find overflow attempt (protocol-imap.rules) * 1:19040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:19041 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.C variant outbound connection (malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules) * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection (malware-cnc.rules) * 1:1905 <-> DISABLED <-> PROTOCOL-RPC AMD UDP amqproc_mount plog overflow attempt (protocol-rpc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules) * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisron.nelo variant outbound connection (malware-cnc.rules) * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:1906 <-> DISABLED <-> PROTOCOL-RPC AMD TCP amqproc_mount plog overflow attempt (protocol-rpc.rules) * 1:19060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ponmocup.A variant outbound connection (malware-cnc.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:19063 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:19064 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font index remote code execution attempt (file-other.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19067 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:1907 <-> DISABLED <-> PROTOCOL-RPC CMSD UDP CMSD_CREATE buffer overflow attempt (protocol-rpc.rules) * 1:19070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:19073 <-> DISABLED <-> SERVER-OTHER Squid Proxy Expect header null pointer denial of service attempt (server-other.rules) * 1:19074 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded noop sled attempt (indicator-obfuscation.rules) * 1:19075 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded eval statement (indicator-obfuscation.rules) * 1:19076 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox appendChild use-after-free attempt (browser-firefox.rules) * 1:19077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox appendChild use-after-free attempt (browser-firefox.rules) * 1:19078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:19079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption (browser-ie.rules) * 1:1908 <-> DISABLED <-> PROTOCOL-RPC CMSD TCP CMSD_CREATE buffer overflow attempt (protocol-rpc.rules) * 1:19080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19081 <-> DISABLED <-> INDICATOR-OBFUSCATION known suspicious decryption routine (indicator-obfuscation.rules) * 1:19082 <-> DISABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:19083 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19084 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:19085 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (browser-plugins.rules) * 1:19086 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX function call (browser-plugins.rules) * 1:19087 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19088 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:19089 <-> DISABLED <-> SERVER-OTHER CA Discovery Service Overflow Attempt (server-other.rules) * 1:1909 <-> DISABLED <-> PROTOCOL-RPC CMSD TCP CMSD_INSERT buffer overflow attempt (protocol-rpc.rules) * 1:19090 <-> DISABLED <-> SERVER-OTHER CA Discovery Serice Overflow Attempt (server-other.rules) * 1:19091 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19092 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19093 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19094 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19095 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19096 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19097 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code execution attempt (browser-webkit.rules) * 1:19098 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code exeuction attempt (browser-webkit.rules) * 1:19099 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari CSS font format corruption attempt (browser-webkit.rules) * 1:1910 <-> DISABLED <-> PROTOCOL-RPC CMSD udp CMSD_INSERT buffer overflow attempt (protocol-rpc.rules) * 1:19100 <-> DISABLED <-> FILE-JAVA Oracle Java Soundbank resource name overflow attempt (file-java.rules) * 1:19101 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Server Admin Server denial of service attempt (server-oracle.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19106 <-> DISABLED <-> MALWARE-OTHER Keylogger Ardamax keylogger runtime detection - http (malware-other.rules) * 1:19107 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer code execution attempt (server-apache.rules) * 1:19108 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX clsid access (browser-plugins.rules) * 1:19109 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX function call access (browser-plugins.rules) * 1:1911 <-> DISABLED <-> PROTOCOL-RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (protocol-rpc.rules) * 1:19110 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Quality Manager and Test Lab Manager policy bypass attempt (server-webapp.rules) * 1:19111 <-> DISABLED <-> FILE-FLASH Adobe Flash Media Server memory exhaustion (file-flash.rules) * 1:19112 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D stucture heap overflow (file-other.rules) * 1:19113 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 81 overflow attempt (file-other.rules) * 1:19114 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 45 overflow attempt (file-other.rules) * 1:19115 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 89 overflow attempt (file-other.rules) * 1:19116 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules) * 1:19117 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D integer overflow (file-pdf.rules) * 1:19118 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader script injection vulnerability (file-pdf.rules) * 1:19119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver remote code execution attempt (os-windows.rules) * 1:1912 <-> DISABLED <-> PROTOCOL-RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt (protocol-rpc.rules) * 1:19120 <-> DISABLED <-> SERVER-OTHER IBM Informix DBINFO stack buffer overflow (server-other.rules) * 1:19121 <-> DISABLED <-> SERVER-OTHER IBM Informix EXPLAIN stack buffer overflow attempt (server-other.rules) * 1:19122 <-> DISABLED <-> POLICY-SPAM appledownload.com known spam email attempt (policy-spam.rules) * 1:19123 <-> DISABLED <-> MALWARE-CNC Dropper Win.Trojan.Cefyns.A variant outbound connection (malware-cnc.rules) * 1:19124 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:19125 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:19126 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19127 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:1913 <-> DISABLED <-> PROTOCOL-RPC STATD UDP stat mon_name format string exploit attempt (protocol-rpc.rules) * 1:19130 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint jpeg with malformed SOFx field integer overflow attempt (file-image.rules) * 1:19131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:19134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules) * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:1914 <-> DISABLED <-> PROTOCOL-RPC STATD TCP stat mon_name format string exploit attempt (protocol-rpc.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19141 <-> DISABLED <-> FILE-OFFICE Microsoft Access Wizard control memory corruption ActiveX clsid access (file-office.rules) * 1:19142 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt (server-webapp.rules) * 1:19143 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:19144 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:19145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:19146 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:19148 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (file-multimedia.rules) * 1:19149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:1915 <-> DISABLED <-> PROTOCOL-RPC STATD UDP monitor mon_name format string exploit attempt (protocol-rpc.rules) * 1:19150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules) * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules) * 1:19153 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed index code execution attempt (file-office.rules) * 1:19154 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray parsing attempt (file-office.rules) * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules) * 1:19156 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19159 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager RDS attempt (server-other.rules) * 1:1916 <-> DISABLED <-> PROTOCOL-RPC STATD TCP monitor mon_name format string exploit attempt (protocol-rpc.rules) * 1:19160 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19161 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19162 <-> DISABLED <-> SERVER-ORACLE get_domain_index_metadata privilege escalation attempt (server-oracle.rules) * 1:19163 <-> DISABLED <-> SERVER-ORACLE get_v2_domain_index_tables privilege escalation attempt (server-oracle.rules) * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules) * 1:19168 <-> DISABLED <-> SERVER-WEBAPP Oracle GoldenGate Veridata Server soap request overflow attempt (server-webapp.rules) * 1:19169 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (file-multimedia.rules) * 1:1917 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules) * 1:19170 <-> DISABLED <-> FILE-OTHER Microsoft Windows .NET Framework XAML browser applications stack corruption (file-other.rules) * 1:19171 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19172 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules) * 1:19174 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista feed headlines cross-site scripting attack attempt (os-windows.rules) * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules) * 1:19176 <-> DISABLED <-> SERVER-WEBAPP cookiejacking attempt (server-webapp.rules) * 1:19177 <-> DISABLED <-> SERVER-WEBAPP cookiejacking attempt (server-webapp.rules) * 1:19178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:19179 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site request forgery attempt (file-flash.rules) * 1:1918 <-> DISABLED <-> PROTOCOL-ICMP SolarWinds IP scan attempt (protocol-icmp.rules) * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:19182 <-> DISABLED <-> SERVER-OTHER strongSwan Certificate and Identification payload overflow attempt (server-other.rules) * 1:19183 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:19184 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:19185 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET ArraySegment escape exploit attempt (os-windows.rules) * 1:19186 <-> DISABLED <-> OS-WINDOWS Microsoft Certification service XSS attempt (os-windows.rules) * 1:19188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:19189 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:1919 <-> DISABLED <-> PROTOCOL-FTP CWD overflow attempt (protocol-ftp.rules) * 1:19190 <-> ENABLED <-> NETBIOS SMB-DS Trans2 Distributed File System GET_DFS_REFERRAL request (netbios.rules) * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules) * 1:19192 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:19193 <-> DISABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX clsid access (browser-plugins.rules) * 1:19194 <-> DISABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19195 <-> DISABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD Adobe font driver remote code execution attempt (os-windows.rules) * 1:19197 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX clsid access (browser-plugins.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:19199 <-> DISABLED <-> OS-WINDOWS Smb2Create_Finalize malformed EndOfFile field exploit attempt (os-windows.rules) * 1:1920 <-> DISABLED <-> PROTOCOL-FTP SITE NEWER overflow attempt (protocol-ftp.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules) * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules) * 1:19203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19205 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:19207 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (server-other.rules) * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules) * 1:19209 <-> DISABLED <-> SERVER-WEBAPP Symantec Alert Management System modem string buffer overflow attempt (server-webapp.rules) * 1:1921 <-> DISABLED <-> PROTOCOL-FTP SITE ZIPCHK overflow attempt (protocol-ftp.rules) * 1:19210 <-> DISABLED <-> SERVER-OTHER IBM Informix Dynamic Server set environment buffer overflow attempt (server-other.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server Mailing List Message Subject buffer overflow (server-mail.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19218 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19219 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:1922 <-> DISABLED <-> PROTOCOL-RPC portmap proxy attempt TCP (protocol-rpc.rules) * 1:19220 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:19221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19222 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:19226 <-> DISABLED <-> FILE-OTHER Cisco Webex Player .wrf stack buffer overflow (file-other.rules) * 1:19227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Scenario heap memory overflow (file-office.rules) * 1:19228 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration preauth variable command injection attempt (server-webapp.rules) * 1:19229 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:1923 <-> DISABLED <-> PROTOCOL-RPC portmap proxy attempt UDP (protocol-rpc.rules) * 1:19230 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:19231 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:19232 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel XF record exploit attempt (file-office.rules) * 1:19233 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Visual Studio DISCO file download request (file-identify.rules) * 1:19234 <-> DISABLED <-> OS-WINDOWS Microsoft Visual Studio information disclosure attempt (os-windows.rules) * 1:19235 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer copy/paste memory corruption attempt (browser-ie.rules) * 1:19236 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer drag event memory corruption attempt (browser-ie.rules) * 1:19237 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:19238 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 self remove from markup vulnerability (browser-ie.rules) * 1:19239 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 toStaticHTML XSS attempt (browser-ie.rules) * 1:1924 <-> DISABLED <-> PROTOCOL-RPC mountd UDP export request (protocol-rpc.rules) * 1:19240 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7/8 reload stylesheet attempt (browser-ie.rules) * 1:19241 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19242 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19245 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:19246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:19247 <-> DISABLED <-> FILE-IMAGE Adobe jpeg 2000 image exploit attempt (file-image.rules) * 1:19248 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D texture continuation integer overflow attempt (file-pdf.rules) * 1:19249 <-> DISABLED <-> FILE-FLASH Adobe Universal3D meshes.removeItem exploit attempt (file-flash.rules) * 1:1925 <-> DISABLED <-> PROTOCOL-RPC mountd TCP exportall request (protocol-rpc.rules) * 1:19250 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D file include overflow attempt (file-pdf.rules) * 1:19251 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CIDFont dictionary glyph width corruption attempt (file-pdf.rules) * 1:19252 <-> ENABLED <-> FILE-IDENTIFY language.engtesselate.ln file download request (file-identify.rules) * 1:19253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious language.engtesselate.ln file download attempt (file-pdf.rules) * 1:19254 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript in PDF go-to actions exploit attempt (file-pdf.rules) * 1:19255 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC ProfileDescriptionTag overflow attempt (file-pdf.rules) * 1:19256 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - greenherbalteagirlholdingcup (malware-cnc.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:19259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:1926 <-> DISABLED <-> PROTOCOL-RPC mountd UDP exportall request (protocol-rpc.rules) * 1:19260 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:19261 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 invalid Selection.cref exploit attempt (file-office.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19265 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19266 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:1927 <-> DISABLED <-> PROTOCOL-FTP authorized_keys (protocol-ftp.rules) * 1:1928 <-> DISABLED <-> PROTOCOL-FTP shadow retrieval attempt (protocol-ftp.rules) * 1:19281 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single-byte xor countodwn encoder (indicator-shellcode.rules) * 1:19282 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic cpuid-based context keyed encoder (indicator-shellcode.rules) * 1:19283 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic stat-based context keyed encoder (indicator-shellcode.rules) * 1:19284 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic time-based context keyed encoder (indicator-shellcode.rules) * 1:19285 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic non-alpha/non-upper encoder (indicator-shellcode.rules) * 1:19286 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode uppercase encoder (indicator-shellcode.rules) * 1:19287 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed encoder (indicator-shellcode.rules) * 1:19288 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode tolower encoder (indicator-shellcode.rules) * 1:19289 <-> ENABLED <-> FILE-IDENTIFY MHTML file download request (file-identify.rules) * 1:19290 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitary dll load attempt (file-other.rules) * 1:19292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox appendChild use-after-free attempt (browser-firefox.rules) * 1:19293 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:19295 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:19296 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:19297 <-> ENABLED <-> SERVER-OTHER sidename.js script injection (server-other.rules) * 1:19298 <-> ENABLED <-> SERVER-OTHER cssminibar.js script injection (server-other.rules) * 1:19299 <-> ENABLED <-> SERVER-OTHER banner.txt access - possible compromised multi-mesh injection server (server-other.rules) * 1:1930 <-> DISABLED <-> PROTOCOL-IMAP auth literal overflow attempt (protocol-imap.rules) * 1:19300 <-> DISABLED <-> FILE-OTHER probable multi-mesh injection attack (file-other.rules) * 1:19301 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:19302 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:19303 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:19304 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX clsid access (browser-plugins.rules) * 1:19305 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX function call access (browser-plugins.rules) * 1:19306 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules) * 1:19308 <-> DISABLED <-> FILE-OTHER Microsoft Windows embedded OpenType EOT font integer overflow attempt (file-other.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:1931 <-> DISABLED <-> SERVER-WEBAPP rpc-nlog.pl access (server-webapp.rules) * 1:19310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen3 variant outbound connection (malware-cnc.rules) * 1:19311 <-> DISABLED <-> PUA-ADWARE Keylogger aspy v2.12 runtime detection (pua-adware.rules) * 1:19312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aah variant outbound connection (malware-cnc.rules) * 1:19313 <-> DISABLED <-> SERVER-OTHER Symantec Antivirus Intel Service DoS Attempt (server-other.rules) * 1:19314 <-> DISABLED <-> OS-WINDOWS Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19315 <-> DISABLED <-> OS-WINDOWS Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules) * 1:19318 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC UDP default U dun goofed attack (malware-other.rules) * 1:19319 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:1932 <-> DISABLED <-> SERVER-WEBAPP rpc-smb.pl access (server-webapp.rules) * 1:19320 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:19321 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products nsCSSValue Array Index Integer Overflow (browser-firefox.rules) * 1:19322 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer and SharePoint toStaticHTML information disclosure attempt (browser-ie.rules) * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:19324 <-> ENABLED <-> MALWARE-OTHER Keylogger WL-Keylogger inbound connection (malware-other.rules) * 1:19325 <-> DISABLED <-> MALWARE-OTHER Keylogger WL-Keylogger outbound connection (malware-other.rules) * 1:19326 <-> ENABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19327 <-> DISABLED <-> PUA-ADWARE Classroom Spy Professional outbound connection - initial connection (pua-adware.rules) * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19329 <-> DISABLED <-> MALWARE-CNC Faceback.exe variant outbound connection (malware-cnc.rules) * 1:1933 <-> DISABLED <-> SERVER-WEBAPP cart.cgi access (server-webapp.rules) * 1:19330 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19331 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clampi variant outbound connection (malware-cnc.rules) * 1:19333 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19334 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format too many slashes (protocol-voip.rules) * 1:19335 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19336 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid format missing slash (protocol-voip.rules) * 1:19337 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19338 <-> DISABLED <-> PROTOCOL-VOIP invalid SIP-Version field (protocol-voip.rules) * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules) * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules) * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19349 <-> DISABLED <-> MALWARE-CNC Fakeav Vaccineclear variant outbound connection (malware-cnc.rules) * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules) * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules) * 1:19356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fibbit.ax variant outbound connection (malware-cnc.rules) * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:1936 <-> DISABLED <-> PROTOCOL-POP AUTH overflow attempt (protocol-pop.rules) * 1:19360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules) * 1:19363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot.B variant outbound connection (malware-cnc.rules) * 1:19364 <-> DISABLED <-> PROTOCOL-VOIP Time Stop header invalid value (protocol-voip.rules) * 1:19365 <-> DISABLED <-> PROTOCOL-VOIP Time Stop Header invalid value (protocol-voip.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:1937 <-> DISABLED <-> PROTOCOL-POP LIST overflow attempt (protocol-pop.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.IC variant outbound connection (malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules) * 1:19373 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19374 <-> DISABLED <-> PROTOCOL-VOIP Origin header overflow attempt (protocol-voip.rules) * 1:19375 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19376 <-> DISABLED <-> PROTOCOL-VOIP Origin header format string attempt (protocol-voip.rules) * 1:19377 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19378 <-> DISABLED <-> PROTOCOL-VOIP Origin invalid header (protocol-voip.rules) * 1:19379 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:1938 <-> DISABLED <-> PROTOCOL-POP XTND overflow attempt (protocol-pop.rules) * 1:19380 <-> DISABLED <-> PROTOCOL-VOIP Session Name header overflow attempt (protocol-voip.rules) * 1:19381 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19382 <-> DISABLED <-> PROTOCOL-VOIP Session Name header format string attempt (protocol-voip.rules) * 1:19383 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19384 <-> DISABLED <-> PROTOCOL-VOIP Session Name invalid header attempt (protocol-voip.rules) * 1:19385 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19386 <-> DISABLED <-> PROTOCOL-VOIP Media header description field overflow attempt (protocol-voip.rules) * 1:19387 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19388 <-> DISABLED <-> PROTOCOL-VOIP Media header description field format string attempt (protocol-voip.rules) * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP SIP REGISTER flood attempt (protocol-voip.rules) * 1:1939 <-> DISABLED <-> SERVER-OTHER bootp hardware address length overflow (server-other.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tidserv variant outbound connection (malware-cnc.rules) * 1:19395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Monkif.J inbound connection - dest ip infected (malware-cnc.rules) * 1:19396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beastdoor.b variant outbound connection (malware-cnc.rules) * 1:19397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UltimateDefender.xv variant outbound connection (malware-cnc.rules) * 1:19398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BAT.Shutdown.ef variant outbound connection (malware-cnc.rules) * 1:19399 <-> DISABLED <-> MALWARE-CNC Email Worm Win32.Zhelatin.ch variant outbound connection (malware-cnc.rules) * 1:1940 <-> DISABLED <-> SERVER-OTHER bootp invalid hardware type (server-other.rules) * 1:19400 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19401 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19402 <-> DISABLED <-> MALWARE-CNC P2P Worm.Win32.Malas.r variant outbound connection (malware-cnc.rules) * 1:19403 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI cinepak codec decompression remote code execution attempt (file-multimedia.rules) * 1:19404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ozdok variant outbound connection (malware-cnc.rules) * 1:19405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19408 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:19409 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:1941 <-> DISABLED <-> PROTOCOL-TFTP GET filename overflow attempt (protocol-tftp.rules) * 1:19410 <-> DISABLED <-> PROTOCOL-VOIP INVITE message URI contains global broadcast address (protocol-voip.rules) * 1:19411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Cross-Domain information disclosure attempt (browser-ie.rules) * 1:19412 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record parsing memory corruption (file-office.rules) * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19415 <-> DISABLED <-> MALWARE-CNC vsFTPd 2.3.4 backdoor connection (malware-cnc.rules) * 1:19416 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19417 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPad download attempt (os-mobile.rules) * 1:19418 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPhone download attempt (os-mobile.rules) * 1:19419 <-> DISABLED <-> OS-MOBILE Apple iOS 4.3.3 jailbreak for iPod download attempt (os-mobile.rules) * 1:1942 <-> DISABLED <-> PROTOCOL-FTP RMDIR overflow attempt (protocol-ftp.rules) * 1:19420 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19421 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19422 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> ENABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> ENABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> ENABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Crypter.i variant outbound connection (malware-cnc.rules) * 1:19427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amjz variant outbound connection (malware-cnc.rules) * 1:19428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Adload.BG variant outbound connection (malware-cnc.rules) * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:1943 <-> DISABLED <-> SERVER-WEBAPP /Carello/add.exe access (server-webapp.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19431 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19432 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fujacks.aw variant outbound connection (malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules) * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19436 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (browser-ie.rules) * 1:19437 <-> DISABLED <-> INDICATOR-OBFUSCATION select concat statement - possible sql injection (indicator-obfuscation.rules) * 1:19438 <-> ENABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules) * 1:19439 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:1944 <-> DISABLED <-> SERVER-WEBAPP /ecscripts/ecware.exe access (server-webapp.rules) * 1:19440 <-> ENABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules) * 1:19441 <-> DISABLED <-> SERVER-WEBAPP Oracle Virtual Server Agent command injection attempt (server-webapp.rules) * 1:19442 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 1:19444 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:19445 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:19446 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:19447 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:19448 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:19449 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19450 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19451 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19452 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19454 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWS.Win32.QQPass.IK variant outbound connection (malware-cnc.rules) * 1:19455 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aw variant outbound connection (malware-cnc.rules) * 1:19456 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Klone.bj variant outbound connection (malware-cnc.rules) * 1:19457 <-> DISABLED <-> MALWARE-CNC Trojan-Clicker.Win32.Vesloruki.ajb variant outbound connection (malware-cnc.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:1946 <-> DISABLED <-> SERVER-WEBAPP answerbook2 admin attempt (server-webapp.rules) * 1:19460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS multiple consoles on a single process attempt (os-windows.rules) * 1:19461 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS negative array index code execution attempt (os-windows.rules) * 1:19463 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CSRSS double free attempt (os-windows.rules) * 1:19464 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS integer overflow attempt (os-windows.rules) * 1:19465 <-> DISABLED <-> OS-WINDOWS Visio mfc71 dll-load attempt (os-windows.rules) * 1:19466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio mfc71 dll-load exploit attempt (file-office.rules) * 1:19467 <-> DISABLED <-> OS-WINDOWS Microsoft CSRSS NULL Fontface pointer attempt (os-windows.rules) * 1:19468 <-> DISABLED <-> OS-WINDOWS Microsoft stale data code execution attempt (os-windows.rules) * 1:19469 <-> DISABLED <-> OS-WINDOWS Microsoft invalid message kernel-mode memory disclosure attempt (os-windows.rules) * 1:1947 <-> DISABLED <-> SERVER-WEBAPP answerbook2 arbitrary command execution attempt (server-webapp.rules) * 1:19471 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:19472 <-> DISABLED <-> POLICY-OTHER proxytunnel proxy connection detected (policy-other.rules) * 1:19473 <-> DISABLED <-> POLICY-OTHER stunnel proxy connection detected (policy-other.rules) * 1:19474 <-> DISABLED <-> POLICY-OTHER hamachi VPN outbound traffic detected (policy-other.rules) * 1:19475 <-> DISABLED <-> POLICY-OTHER proxycgi proxy connection detected (policy-other.rules) * 1:19476 <-> DISABLED <-> MALWARE-CNC Exploit.Win32.SqlShell.r variant outbound connection (malware-cnc.rules) * 1:19477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap.af variant outbound connection (malware-cnc.rules) * 1:19478 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Taterf.B variant outbound connection (malware-cnc.rules) * 1:19479 <-> DISABLED <-> MALWARE-CNC Net-Worm.Win32.Piloyd.m variant outbound connection - request html (malware-cnc.rules) * 1:1948 <-> DISABLED <-> PROTOCOL-DNS dns zone transfer via UDP detected (protocol-dns.rules) * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19481 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Agent.bx variant outbound connection (malware-cnc.rules) * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reload.fy variant outbound connection (malware-cnc.rules) * 1:19484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19487 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.kih variant outbound connection (malware-cnc.rules) * 1:19488 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Failnum.A variant outbound connection (malware-cnc.rules) * 1:19489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DeAlfa.fa variant outbound connection (malware-cnc.rules) * 1:1949 <-> DISABLED <-> PROTOCOL-RPC portmap SET attempt TCP 111 (protocol-rpc.rules) * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Genome.vau variant outbound connection (malware-cnc.rules) * 1:19492 <-> DISABLED <-> MALWARE-CNC Windows System Defender variant outbound connection (malware-cnc.rules) * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Licum variant outbound connection (malware-cnc.rules) * 1:19495 <-> DISABLED <-> MALWARE-CNC Win.Worm.Pilleuz variant outbound connection (malware-cnc.rules) * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules) * 1:1950 <-> DISABLED <-> PROTOCOL-RPC portmap SET attempt UDP 111 (protocol-rpc.rules) * 1:1951 <-> DISABLED <-> PROTOCOL-RPC mountd TCP mount request (protocol-rpc.rules) * 1:1952 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount request (protocol-rpc.rules) * 1:1953 <-> DISABLED <-> PROTOCOL-RPC AMD TCP pid request (protocol-rpc.rules) * 1:1954 <-> DISABLED <-> PROTOCOL-RPC AMD UDP pid request (protocol-rpc.rules) * 1:1955 <-> DISABLED <-> PROTOCOL-RPC AMD TCP version request (protocol-rpc.rules) * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules) * 1:19552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:19553 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin session_to_unset session variable injection attempt (server-webapp.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules) * 1:19558 <-> DISABLED <-> SERVER-WEBAPP JBoss expression language actionOutcome remote code execution (server-webapp.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:1956 <-> DISABLED <-> PROTOCOL-RPC AMD UDP version request (protocol-rpc.rules) * 1:19560 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PLS file parsing buffer overflow attempt (file-multimedia.rules) * 1:19561 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer ieframe.dll ActiveX clsid access (browser-plugins.rules) * 1:19562 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealGames InstallerDlg.dll ActiveX clsid access (browser-plugins.rules) * 1:19563 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealGames InstallerDlg.dll ActiveX function call access (browser-plugins.rules) * 1:19564 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealGames InstallerDlg.dll ActiveX clsid access (browser-plugins.rules) * 1:19565 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealGames InstallerDlg.dll ActiveX function call access (browser-plugins.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19568 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.PerfectKeylogger variant outbound connection (malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (malware-cnc.rules) * 1:1957 <-> DISABLED <-> PROTOCOL-RPC sadmind UDP PING (protocol-rpc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (malware-cnc.rules) * 1:19573 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19574 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19575 <-> DISABLED <-> MALWARE-CNC Win.Worm.Emold.U variant outbound connection (malware-cnc.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Dogrobot.E variant outbound connection (malware-cnc.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:1958 <-> DISABLED <-> PROTOCOL-RPC sadmind TCP PING (protocol-rpc.rules) * 1:19580 <-> DISABLED <-> MALWARE-CNC Win.Worm.Basun.wsc inbound connection (malware-cnc.rules) * 1:19581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bumat.rts variant outbound connection (malware-cnc.rules) * 1:19584 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection (malware-cnc.rules) * 1:19585 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection - notification (malware-cnc.rules) * 1:19586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Agent.dlg variant outbound connection (malware-cnc.rules) * 1:19587 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sereki.B variant outbound connection (malware-cnc.rules) * 1:19588 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sereki.B successful connection (malware-cnc.rules) * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:1959 <-> DISABLED <-> PROTOCOL-RPC portmap NFS request UDP (protocol-rpc.rules) * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Powp.pyv variant outbound connection (malware-cnc.rules) * 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19593 <-> DISABLED <-> MALWARE-CNC Win.Worm.Agent.btxm variant outbound connection IRC (malware-cnc.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19596 <-> DISABLED <-> MALWARE-CNC Poison Ivy variant outbound connection (malware-cnc.rules) * 1:19597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cws variant outbound connection (malware-cnc.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19599 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_REMOVE_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:1960 <-> DISABLED <-> PROTOCOL-RPC portmap NFS request TCP (protocol-rpc.rules) * 1:19600 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_SET_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules) * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules) * 1:19603 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspotrc file load exploit attempt (file-java.rules) * 1:19604 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (file-java.rules) * 1:19605 <-> DISABLED <-> SERVER-ORACLE Glass Fish Server malformed username cross site scripting attempt (server-oracle.rules) * 1:19606 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19607 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word STSH record parsing memory corruption (file-office.rules) * 1:19608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wisscmd.A variant outbound connection (malware-cnc.rules) * 1:19609 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management upload directory traversal attempt (server-other.rules) * 1:1961 <-> DISABLED <-> PROTOCOL-RPC portmap RQUOTA request UDP (protocol-rpc.rules) * 1:19610 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX function call access (browser-plugins.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules) * 1:19612 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.bvk variant outbound connection (malware-cnc.rules) * 1:19613 <-> DISABLED <-> MALWARE-CNC Rogue Software Registry Cleaner Pro variant outbound connection (malware-cnc.rules) * 1:19614 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19615 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Win32.Banbra.mcq variant outbound connection (malware-cnc.rules) * 1:19617 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:19618 <-> DISABLED <-> FILE-OTHER Multiple products request for dwmapi.dll over SMB attempt (file-other.rules) * 1:19619 <-> DISABLED <-> FILE-OTHER Adobe Audition assist.dll dll-load exploit attempt (file-other.rules) * 1:1962 <-> DISABLED <-> PROTOCOL-RPC portmap RQUOTA request TCP (protocol-rpc.rules) * 1:19620 <-> DISABLED <-> FILE-OTHER Multiple products dwmapi.dll dll-load exploit attempt (file-other.rules) * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:1963 <-> DISABLED <-> PROTOCOL-RPC RQUOTA getquota overflow attempt UDP (protocol-rpc.rules) * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:1964 <-> DISABLED <-> PROTOCOL-RPC tooltalk UDP overflow attempt (protocol-rpc.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules) * 1:19646 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19647 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19648 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules) * 1:1965 <-> DISABLED <-> PROTOCOL-RPC tooltalk TCP overflow attempt (protocol-rpc.rules) * 1:19650 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:19651 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX function call access (browser-plugins.rules) * 1:19652 <-> DISABLED <-> MALWARE-CNC Teevsock C variant outbound connection (malware-cnc.rules) * 1:19653 <-> DISABLED <-> SERVER-WEBAPP Wordpress timthumb.php theme remote file include attack attempt (server-webapp.rules) * 1:19654 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.wti variant outbound connection (malware-cnc.rules) * 1:19655 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Agent.IK variant outbound connection (malware-cnc.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (malware-cnc.rules) * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soleseq.A variant outbound connection (malware-cnc.rules) * 1:1966 <-> DISABLED <-> SERVER-OTHER GlobalSunTech Access Point Information Disclosure attempt (server-other.rules) * 1:19660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riern.K variant outbound connection (malware-cnc.rules) * 1:19661 <-> DISABLED <-> SERVER-OTHER Alucar php shell download attempt (server-other.rules) * 1:19665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - GET request (os-windows.rules) * 1:19666 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer multi-window access memory corruption attempt (browser-ie.rules) * 1:19667 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain scripting attack (browser-ie.rules) * 1:19668 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:1967 <-> DISABLED <-> SERVER-WEBAPP phpbb quick-reply.php arbitrary command attempt (server-webapp.rules) * 1:19670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:19672 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (browser-ie.rules) * 1:19673 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19674 <-> DISABLED <-> OS-WINDOWS Microsoft Data Access Components bidlab.dll dll-load exploit attempt (os-windows.rules) * 1:19675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules) * 1:19676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLDTOptions object exploit attempt (file-office.rules) * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:19678 <-> DISABLED <-> SERVER-OTHER multiple products blacknurse ICMP denial of service attempt (server-other.rules) * 1:19679 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NDISTAPI Driver code execution attempt (file-executable.rules) * 1:1968 <-> DISABLED <-> SERVER-WEBAPP phpbb quick-reply.php access (server-webapp.rules) * 1:19680 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows CSRSS SrvDeviceEvent exploit attempt (file-executable.rules) * 1:19681 <-> DISABLED <-> OS-WINDOWS Microsoft Report Viewer reflect XSS attempt (os-windows.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:19683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 buffer overflow attempt (file-flash.rules) * 1:19684 <-> DISABLED <-> FILE-OTHER Adobe CFF font storage memory corruption attempt (file-other.rules) * 1:19685 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:19686 <-> DISABLED <-> FILE-FLASH Adobe Flash uninitialized bitmap structure memory corruption attempt (file-flash.rules) * 1:19687 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionStoreRegister instruction length invalidation attempt (file-flash.rules) * 1:19688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript BitmapData buffer overflow attempt (file-flash.rules) * 1:19689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript dynamic calculation double-free attempt (file-flash.rules) * 1:1969 <-> DISABLED <-> SERVER-WEBAPP ion-p access (server-webapp.rules) * 1:19690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript duplicateDoorInputArguments stack overwrite (file-flash.rules) * 1:19691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript File reference buffer overflow attempt (file-flash.rules) * 1:19692 <-> DISABLED <-> FILE-FLASH Adobe Flash cross-site request forgery attempt (file-flash.rules) * 1:19693 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:19694 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET Chart Control directory traversal attempt (server-webapp.rules) * 1:19695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.nec variant outbound connection (malware-cnc.rules) * 1:19696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot.nng inbound connection (malware-cnc.rules) * 1:19697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Win32.VB.btm variant outbound connection (malware-cnc.rules) * 1:19698 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prosti.AG variant outbound connection (malware-cnc.rules) * 1:19699 <-> DISABLED <-> MALWARE-CNC TrojanDownloader.Win32.Korklic.A variant outbound connection (malware-cnc.rules) * 1:1970 <-> DISABLED <-> SERVER-IIS MDAC Content-Type overflow attempt (server-iis.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (malware-cnc.rules) * 1:19701 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hassar.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19707 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:19708 <-> DISABLED <-> SERVER-MAIL Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (server-mail.rules) * 1:19709 <-> DISABLED <-> SERVER-APACHE Apache APR apr_fn match infinite loop denial of service attempt (server-apache.rules) * 1:1971 <-> DISABLED <-> PROTOCOL-FTP SITE EXEC format string attempt (protocol-ftp.rules) * 1:19710 <-> DISABLED <-> BROWSER-CHROME Google Chrome float rendering corruption attempt (browser-chrome.rules) * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.URLZone variant outbound connection (malware-cnc.rules) * 1:19716 <-> DISABLED <-> MALWARE-CNC TrojanSpy.Win32.Banker.OO variant outbound connection (malware-cnc.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19718 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.bkap variant outbound connection (malware-cnc.rules) * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of variant outbound connection (malware-cnc.rules) * 1:1972 <-> DISABLED <-> PROTOCOL-FTP PASS overflow attempt (protocol-ftp.rules) * 1:19720 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Onestage.ws variant outbound connection (malware-cnc.rules) * 1:19721 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.mlh variant outbound connection (malware-cnc.rules) * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules) * 1:19728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (malware-cnc.rules) * 1:19729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (malware-cnc.rules) * 1:1973 <-> DISABLED <-> PROTOCOL-FTP MKD overflow attempt (protocol-ftp.rules) * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.BRU variant outbound connection (malware-cnc.rules) * 1:19735 <-> DISABLED <-> POLICY-OTHER Filesonic file-sharing site contacted (policy-other.rules) * 1:19736 <-> DISABLED <-> POLICY-OTHER Megaupload file-sharing site contacted (policy-other.rules) * 1:19737 <-> DISABLED <-> POLICY-OTHER Rapidshare file-sharing site contacted (policy-other.rules) * 1:19739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Apptom variant outbound connection (malware-cnc.rules) * 1:1974 <-> DISABLED <-> PROTOCOL-FTP REST overflow attempt (protocol-ftp.rules) * 1:19740 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aczu variant outbound connection (malware-cnc.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.atff variant outbound connection (malware-cnc.rules) * 1:19743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.eqlo variant outbound connection (malware-cnc.rules) * 1:19744 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Deecee.a variant outbound connection (malware-cnc.rules) * 1:19745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudLoad.dyl variant outbound connection (malware-cnc.rules) * 1:19746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.biiw variant outbound connection (malware-cnc.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.ULPM.Gen IRC variant outbound connection (malware-cnc.rules) * 1:19749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.chgp variant outbound connection (malware-cnc.rules) * 1:1975 <-> DISABLED <-> PROTOCOL-FTP DELE overflow attempt (protocol-ftp.rules) * 1:19750 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.PJ variant outbound connection (malware-cnc.rules) * 1:19751 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Sohanad.bm variant outbound connection (malware-cnc.rules) * 1:19752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TrojanSpy.Win32.Zbot.gen.C variant outbound connection (malware-cnc.rules) * 1:19754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection (malware-cnc.rules) * 1:19755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alphabet variant outbound connection (malware-cnc.rules) * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.bqlu variant outbound connection (malware-cnc.rules) * 1:19758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.yw variant outbound connection (malware-cnc.rules) * 1:19759 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.FireThief.h variant outbound connection (malware-cnc.rules) * 1:1976 <-> DISABLED <-> PROTOCOL-FTP RMD overflow attempt (protocol-ftp.rules) * 1:19760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arsinfoder variant outbound connection (malware-cnc.rules) * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19766 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (malware-cnc.rules) * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:1977 <-> DISABLED <-> SERVER-WEBAPP xp_regwrite attempt (server-webapp.rules) * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19772 <-> ENABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (malware-cnc.rules) * 1:19773 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (malware-cnc.rules) * 1:19774 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.guy dropper variant outbound connection (malware-cnc.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules) * 1:19779 <-> DISABLED <-> INDICATOR-SCAN sqlmap SQL injection scan attempt (indicator-scan.rules) * 1:1978 <-> DISABLED <-> SERVER-WEBAPP xp_regdeletekey attempt (server-webapp.rules) * 1:19780 <-> DISABLED <-> POLICY-OTHER logmein.com connection attempt (policy-other.rules) * 1:19781 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Agent.aqpn variant outbound connection (malware-cnc.rules) * 1:19782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AVKill.bc variant outbound connection (malware-cnc.rules) * 1:19783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.agcw variant outbound connection (malware-cnc.rules) * 1:19784 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.sde variant outbound connection (malware-cnc.rules) * 1:19785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Malushka.T variant outbound connection (malware-cnc.rules) * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules) * 1:19787 <-> DISABLED <-> MALWARE-CNC Exploit-PDF.t variant outbound connection (malware-cnc.rules) * 1:19788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.pnc variant outbound connection (malware-cnc.rules) * 1:19789 <-> ENABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (malware-cnc.rules) * 1:1979 <-> DISABLED <-> SERVER-WEBAPP perl post attempt (server-webapp.rules) * 1:19790 <-> DISABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (malware-cnc.rules) * 1:19791 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Small.awa variant outbound connection (malware-cnc.rules) * 1:19792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Caxnet.A variant outbound connection (malware-cnc.rules) * 1:19793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.SillyFDC-DS variant outbound connection (malware-cnc.rules) * 1:19794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fnumbot variant outbound connection (malware-cnc.rules) * 1:19795 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV NoAdware variant outbound connection (malware-cnc.rules) * 1:19796 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DL.CashnJoy.A variant outbound connection (malware-cnc.rules) * 1:19797 <-> DISABLED <-> MALWARE-CNC Safety Center variant outbound connection (malware-cnc.rules) * 1:19798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.kxu variant outbound connection (malware-cnc.rules) * 1:19799 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.gen.Q variant outbound connection (malware-cnc.rules) * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules) * 1:19800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pher.ij variant outbound connection (malware-cnc.rules) * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wixud.B variant outbound connection (malware-cnc.rules) * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (malware-cnc.rules) * 1:19804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.ktq variant outbound connection (malware-cnc.rules) * 1:19805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smser.cx variant outbound connection (malware-cnc.rules) * 1:19806 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19807 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit SVG memory corruption attempt (browser-webkit.rules) * 1:19808 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:19809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules) * 1:19810 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportTemplate SQL injection attempt (server-other.rules) * 1:19811 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:19815 <-> DISABLED <-> SERVER-OTHER HP Operations Manager Server Default Credientials in use attempt (server-other.rules) * 1:19816 <-> ENABLED <-> NETBIOS Juniper NeoterisSetupService named pipe access attempt (netbios.rules) * 1:19817 <-> DISABLED <-> NETBIOS Juniper Odyssey Access Client DSSETUPSERVICE_CMD_UNINSTALL overflow attempt (netbios.rules) * 1:19818 <-> DISABLED <-> OS-WINDOWS Microsoft XML core services cross-domain information disclosure attempt (os-windows.rules) * 1:19819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (malware-cnc.rules) * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules) * 1:19820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (malware-cnc.rules) * 1:19821 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Bagle.gen.C variant outbound connection (malware-cnc.rules) * 1:19822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.HH variant outbound connection (malware-cnc.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19824 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (server-apache.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyAgent.B variant outbound connection (malware-cnc.rules) * 1:19829 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbot.gen variant outbound connection (malware-cnc.rules) * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules) * 1:19830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poebot.BP variant outbound connection (malware-cnc.rules) * 1:19831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.SO variant outbound connection (malware-cnc.rules) * 1:19832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veslorn.gen.A variant outbound connection (malware-cnc.rules) * 1:19833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.bda variant outbound connection (malware-cnc.rules) * 1:19834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZBot.RD variant outbound connection (malware-cnc.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19836 <-> DISABLED <-> MALWARE-CNC Spy-Net 0.7 runtime (malware-cnc.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:1985 <-> DISABLED <-> MALWARE-BACKDOOR Doly variant outbound connection attempt (malware-backdoor.rules) * 1:19850 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (malware-cnc.rules) * 1:19851 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (malware-cnc.rules) * 1:19852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Delf.tbv variant outbound connection (malware-cnc.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19856 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Krap.i variant outbound connection (malware-cnc.rules) * 1:19857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - Windows (malware-cnc.rules) * 1:19858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - non-Windows (malware-cnc.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:1986 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN outbound file transfer request (policy-social.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cqcv variant outbound connection (malware-cnc.rules) * 1:19862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.iej variant outbound connection (malware-cnc.rules) * 1:19863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.yi variant outbound connection (malware-cnc.rules) * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arhost.D variant outbound connection (malware-cnc.rules) * 1:19867 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:19868 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden 1x1 div tag - potential malware obfuscation (indicator-obfuscation.rules) * 1:19869 <-> DISABLED <-> MALWARE-TOOLS Anonymous PHP RefRef DoS tool (malware-tools.rules) * 1:1987 <-> DISABLED <-> SERVER-OTHER xfs overflow attempt (server-other.rules) * 1:19870 <-> DISABLED <-> MALWARE-TOOLS Anonymous Perl RefRef DoS tool (malware-tools.rules) * 1:19871 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML buffer overflow attempt (browser-ie.rules) * 1:19872 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC remote code execution attempt (browser-ie.rules) * 1:19873 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:1988 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN outbound file transfer accept (policy-social.rules) * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules) * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (file-multimedia.rules) * 1:19884 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules) * 1:19885 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt (browser-ie.rules) * 1:19887 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:19888 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:19889 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded data object found (indicator-obfuscation.rules) * 1:1989 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN outbound file transfer rejected (policy-social.rules) * 1:19890 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP CA Arcserve Backup directory traversal attempt (netbios.rules) * 1:19892 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System modem string buffer overflow attempt (server-other.rules) * 1:19893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Tabular Control ActiveX overflow by CLSID / param tag (browser-plugins.rules) * 1:19894 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt (file-office.rules) * 1:19895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.jwh variant outbound connection (malware-cnc.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19898 <-> DISABLED <-> MALWARE-CNC Cinmus Variant variant outbound connection (malware-cnc.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:1990 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN user search (policy-social.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.jog variant outbound connection (malware-cnc.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19909 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:1991 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN login attempt (policy-social.rules) * 1:19910 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:19911 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quivoe.A variant outbound connection (malware-cnc.rules) * 1:19915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler.apd variant outbound connection (malware-cnc.rules) * 1:19916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.ACB variant outbound connection (malware-cnc.rules) * 1:19917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sogu.A variant outbound connection (malware-cnc.rules) * 1:19918 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ganelp.B variant outbound connection (malware-cnc.rules) * 1:19919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murcy.A variant outbound connection (malware-cnc.rules) * 1:1992 <-> DISABLED <-> PROTOCOL-FTP LIST directory traversal attempt (protocol-ftp.rules) * 1:19920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reppserv.A outbond connection (malware-cnc.rules) * 1:19921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puprlehzae.A variant outbound connection (malware-cnc.rules) * 1:19922 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz.ivr variant outbound connection (malware-cnc.rules) * 1:19923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Venik.B variant outbound connection (malware-cnc.rules) * 1:19924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spidern.A variant outbound connection (malware-cnc.rules) * 1:19925 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX client browser plugin call-back-url buffer overflow attempt (browser-plugins.rules) * 1:19926 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:1993 <-> DISABLED <-> PROTOCOL-IMAP login literal buffer overflow attempt (protocol-imap.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lineage.Gen.Pac.3 variant outbound connection (malware-cnc.rules) * 1:19932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 pointer dereference attempt (file-office.rules) * 1:19933 <-> DISABLED <-> INDICATOR-SCAN DirBuster brute forcing tool detected (indicator-scan.rules) * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules) * 1:19935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (malware-cnc.rules) * 1:19936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (malware-cnc.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:1994 <-> DISABLED <-> SERVER-WEBAPP vpasswd.cgi access (server-webapp.rules) * 1:19940 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.IRC.TKB variant outbound connection - dir4you (malware-cnc.rules) * 1:19941 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (malware-cnc.rules) * 1:19942 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (malware-cnc.rules) * 1:19943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:19944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.ykl variant outbound connection (malware-cnc.rules) * 1:19945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (malware-cnc.rules) * 1:19949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (malware-cnc.rules) * 1:1995 <-> DISABLED <-> SERVER-WEBAPP alya.cgi access (server-webapp.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:19951 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Defsel variant outbound connection (malware-cnc.rules) * 1:19952 <-> ENABLED <-> MALWARE-CNC Biodox inbound connection (malware-cnc.rules) * 1:19953 <-> DISABLED <-> MALWARE-CNC Biodox variant outbound connection (malware-cnc.rules) * 1:19954 <-> DISABLED <-> MALWARE-CNC Hack Style RAT variant outbound connection (malware-cnc.rules) * 1:19955 <-> DISABLED <-> MALWARE-CNC PaiN RAT 0.1 variant outbound connection (malware-cnc.rules) * 1:19956 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules) * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules) * 1:19958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:1996 <-> DISABLED <-> SERVER-WEBAPP viralator.cgi access (server-webapp.rules) * 1:19960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19961 <-> DISABLED <-> MALWARE-CNC Fouad 1.0 variant outbound connection (malware-cnc.rules) * 1:19962 <-> DISABLED <-> MALWARE-CNC Email-Worm.CryptBox-A variant outbound connection (malware-cnc.rules) * 1:19963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.aajs variant outbound connection (malware-cnc.rules) * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:19965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.avzz variant outbound connection (malware-cnc.rules) * 1:19966 <-> DISABLED <-> MALWARE-CNC Octopus 0.1 inbound connection (malware-cnc.rules) * 1:19967 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.Papras.dm variant outbound connection (malware-cnc.rules) * 1:19968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.QQPass.amx variant outbound connection (malware-cnc.rules) * 1:19969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.CY variant outbound connection (malware-cnc.rules) * 1:1997 <-> DISABLED <-> SERVER-WEBAPP read_body.php access attempt (server-webapp.rules) * 1:19970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smalltroj.MHYR variant outbound connection (malware-cnc.rules) * 1:19971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop.lj variant outbound connection (malware-cnc.rules) * 1:19972 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response paramcount overflow attempt (os-windows.rules) * 1:19973 <-> DISABLED <-> MALWARE-CNC Worm.Win.Trojan.Nebuler.D variant outbound connection (malware-cnc.rules) * 1:19974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.bwj variant outbound connection (malware-cnc.rules) * 1:19975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.vb variant outbound connection (malware-cnc.rules) * 1:19977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LooksLike.Zaplot variant outbound connection (malware-cnc.rules) * 1:19978 <-> DISABLED <-> MALWARE-CNC Viking.JB Worm runtime traffic detected (malware-cnc.rules) * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:1998 <-> DISABLED <-> SERVER-WEBAPP calendar.php access (server-webapp.rules) * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules) * 1:19982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.wwe variant outbound connection (malware-cnc.rules) * 1:19983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolabc.fic variant outbound connection (malware-cnc.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19985 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 runtime traffic detected (pua-adware.rules) * 1:19986 <-> DISABLED <-> PUA-ADWARE AntivirusPC2009 install-time traffic detected (pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19988 <-> DISABLED <-> MALWARE-CNC Asprox variant outbound connection (malware-cnc.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:1999 <-> DISABLED <-> SERVER-WEBAPP edit_image.php access (server-webapp.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PG runtime traffic detected (malware-cnc.rules) * 1:19992 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Farfli.A runtime traffic detected (malware-cnc.rules) * 1:19993 <-> DISABLED <-> MALWARE-CNC Win32 Poebot runtime traffic detected (malware-cnc.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:19996 <-> DISABLED <-> MALWARE-CNC Worm Brontok.C variant outbound connection (malware-cnc.rules) * 1:19997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.Win32.QQPass.gam variant outbound connection (malware-cnc.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:2000 <-> DISABLED <-> SERVER-WEBAPP readmsg.php access (server-webapp.rules) * 1:20000 <-> DISABLED <-> POLICY-OTHER Achievement Unlocked (Billion Dollar Company -- policy-other.rules) * 1:20001 <-> ENABLED <-> MALWARE-CNC Allaple.e variant outbound connection (malware-cnc.rules) * 1:20002 <-> DISABLED <-> MALWARE-CNC Allaple.e variant outbound connection (malware-cnc.rules) * 1:20003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc runtime traffic detected (malware-cnc.rules) * 1:20004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc install-time traffic detected (malware-cnc.rules) * 1:20005 <-> DISABLED <-> MALWARE-CNC Win32 Lecna.cr runtime traffic detected (malware-cnc.rules) * 1:20006 <-> DISABLED <-> MALWARE-CNC Worm Plurp.A runtime traffic detected (malware-cnc.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules) * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:2001 <-> DISABLED <-> SERVER-WEBAPP smartsearch.cgi access (server-webapp.rules) * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules) * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20013 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager webappmon.exe host header buffer overflow attempt (server-webapp.rules) * 1:20014 <-> DISABLED <-> MALWARE-CNC Kaju variant outbound connection - confirmation (malware-cnc.rules) * 1:20015 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:20016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:20017 <-> DISABLED <-> MALWARE-CNC Win.Worm.Koobface.dq variant outbound connection (malware-cnc.rules) * 1:20018 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (malware-cnc.rules) * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules) * 1:2002 <-> DISABLED <-> SERVER-WEBAPP remote include path attempt (server-webapp.rules) * 1:20020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalwareDoctor variant outbound connection (malware-cnc.rules) * 1:20021 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (malware-cnc.rules) * 1:20022 <-> DISABLED <-> MALWARE-CNC Win.Worm.Padobot.z variant outbound connection (malware-cnc.rules) * 1:20023 <-> DISABLED <-> MALWARE-CNC Advanced Virus Remover variant outbound connection (malware-cnc.rules) * 1:20024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dreamy.bc variant outbound connection (malware-cnc.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:20026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banker.abg.b variant outbound connection (malware-cnc.rules) * 1:20028 <-> DISABLED <-> MALWARE-CNC Windows Antivirus Pro variant outbound connection (malware-cnc.rules) * 1:20029 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:2003 <-> DISABLED <-> SQL Worm propagation attempt (sql.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules) * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules) * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules) * 1:2004 <-> DISABLED <-> SQL Worm propagation attempt OUTBOUND (sql.rules) * 1:20040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KSpyPro.A variant outbound connection (malware-cnc.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal outbond connection (malware-cnc.rules) * 1:20043 <-> DISABLED <-> MALWARE-CNC Adware Kraddare.AZ variant outbound connection (malware-cnc.rules) * 1:20044 <-> DISABLED <-> BROWSER-PLUGINS F-Secure Anti-Virus fsresh.dll clsid access (browser-plugins.rules) * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules) * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:20048 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager CasLogDirectInsertHandler.cs cross site request forgery attempt (server-other.rules) * 1:20049 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:2005 <-> DISABLED <-> PROTOCOL-RPC portmap kcms_server request UDP (protocol-rpc.rules) * 1:20050 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory consumption vulnerability (file-flash.rules) * 1:20051 <-> DISABLED <-> SERVER-OTHER SAP MaxDB malformed handshake request buffer overflow attempt (server-other.rules) * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules) * 1:20053 <-> DISABLED <-> SERVER-MYSQL Database SELECT subquery denial of service attempt (server-mysql.rules) * 1:20054 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager denial of service attempt (server-other.rules) * 1:20055 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JPEGImageReader overflow attempt (file-java.rules) * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules) * 1:20058 <-> DISABLED <-> SERVER-OTHER VMWare authorization service user credential parsing DoS attempt (server-other.rules) * 1:20059 <-> DISABLED <-> FILE-IMAGE Apple Quicktime PictureViewer GIF rendering vulnerability (file-image.rules) * 1:2006 <-> DISABLED <-> PROTOCOL-RPC portmap kcms_server request TCP (protocol-rpc.rules) * 1:20060 <-> DISABLED <-> SERVER-OTHER CVS annotate command buffer overflow attempt (server-other.rules) * 1:20061 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23,40, and 41 overflow attempt (netbios.rules) * 1:20062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel File Importing Code Execution (file-office.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules) * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules) * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules) * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules) * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules) * 1:2007 <-> DISABLED <-> PROTOCOL-RPC kcms_server directory traversal attempt (protocol-rpc.rules) * 1:20071 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID access (browser-plugins.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20073 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:20074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.iseee variant outbound connection (malware-cnc.rules) * 1:20075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill.abl variant outbound connection (malware-cnc.rules) * 1:20076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (malware-cnc.rules) * 1:20077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (malware-cnc.rules) * 1:20078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (malware-cnc.rules) * 1:20079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (malware-cnc.rules) * 1:2008 <-> DISABLED <-> INDICATOR-COMPROMISE CVS invalid user authentication response (indicator-compromise.rules) * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inject.raw variant outbound connection (malware-cnc.rules) * 1:20083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucobha.A variant outbound connection (malware-cnc.rules) * 1:20084 <-> DISABLED <-> SERVER-OTHER ALTAP Salamander PE Viewer PDB Filename Buffer Overflow (server-other.rules) * 1:20085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veebuu.BX variant outbound connection (malware-cnc.rules) * 1:20086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.ABY variant outbound connection (malware-cnc.rules) * 1:20087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.FGU variant outbound connection (malware-cnc.rules) * 1:20088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emudbot.A variant outbound connection (malware-cnc.rules) * 1:20089 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:2009 <-> DISABLED <-> INDICATOR-COMPROMISE CVS invalid repository response (indicator-compromise.rules) * 1:20090 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC file transfer request on non-standard port (indicator-compromise.rules) * 1:20091 <-> DISABLED <-> INDICATOR-COMPROMISE IRC DCC chat request on non-standard port (indicator-compromise.rules) * 1:20092 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel join on non-standard port (indicator-compromise.rules) * 1:20093 <-> DISABLED <-> INDICATOR-COMPROMISE IRC channel notice on non-standard port (indicator-compromise.rules) * 1:20094 <-> DISABLED <-> INDICATOR-COMPROMISE IRC message on non-standard port (indicator-compromise.rules) * 1:20095 <-> DISABLED <-> INDICATOR-COMPROMISE IRC dns request on non-standard port (indicator-compromise.rules) * 1:20096 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir variant outbound connection (malware-cnc.rules) * 1:20097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir infected host at destination ip (malware-cnc.rules) * 1:20098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KeyLogger.wav variant outbound connection (malware-cnc.rules) * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:2010 <-> DISABLED <-> INDICATOR-COMPROMISE CVS double free exploit attempt response (indicator-compromise.rules) * 1:20100 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - installation/update (pua-adware.rules) * 1:20101 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - User-Agent (pua-adware.rules) * 1:20102 <-> DISABLED <-> PUA-ADWARE Adware Arcade Web - X-Arcadeweb header (pua-adware.rules) * 1:20103 <-> DISABLED <-> PUA-ADWARE Adware playsushi - User-Agent (pua-adware.rules) * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Small.Cns variant outbound connection (malware-cnc.rules) * 1:20108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Pher variant outbound connection (malware-cnc.rules) * 1:20109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zombie.sm variant outbound connection (malware-cnc.rules) * 1:2011 <-> DISABLED <-> INDICATOR-COMPROMISE CVS invalid directory response (indicator-compromise.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20111 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS vulnerability attempt (server-webapp.rules) * 1:20112 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS vulnerability attempt (server-webapp.rules) * 1:20113 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS vulnerability attempt (server-webapp.rules) * 1:20114 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint hiddenSpanData cross site scripting attempt (server-webapp.rules) * 1:20115 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XML external entity exploit attempt (server-webapp.rules) * 1:20116 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Javascript XSS attempt (server-webapp.rules) * 1:20117 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint XSS (server-webapp.rules) * 1:20118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:20119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows shell extensions deskpan.dll dll-load exploit attempt (os-windows.rules) * 1:2012 <-> DISABLED <-> INDICATOR-COMPROMISE CVS missing cvsroot response (indicator-compromise.rules) * 1:20120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS internal communications on network exploit attempt (os-windows.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:20125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:20127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Conditional Formatting record vulnerability (file-office.rules) * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:20129 <-> DISABLED <-> FILE-OFFICE Microsoft Office BpscBulletProof uninitialized pointer dereference attempt (file-office.rules) * 1:2013 <-> DISABLED <-> INDICATOR-COMPROMISE CVS invalid module response (indicator-compromise.rules) * 1:20131 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista SMB2 zero length write attempt (os-windows.rules) * 1:20133 <-> DISABLED <-> FILE-OTHER MHTML XSS attempt (file-other.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20136 <-> DISABLED <-> POLICY-OTHER Glype proxy usage detected (policy-other.rules) * 1:20137 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible generic javascript heap spray attempt (indicator-obfuscation.rules) * 1:20138 <-> DISABLED <-> SERVER-OTHER Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Attempt (server-other.rules) * 1:20139 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:2014 <-> DISABLED <-> PROTOCOL-RPC portmap UNSET attempt TCP 111 (protocol-rpc.rules) * 1:20140 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20141 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20142 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader app.openDoc path vulnerability (file-pdf.rules) * 1:20143 <-> DISABLED <-> PUA-ADWARE Adware mightymagoo/playpickle/livingplay - User-Agent (pua-adware.rules) * 1:20144 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded TIFF DotRange structure memory corruption attempt (file-pdf.rules) * 1:20145 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20146 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PICT image (file-pdf.rules) * 1:20147 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PICT parsing corruption attempt (file-pdf.rules) * 1:20149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded IFF file RGBA chunk memory corruption attempt (file-pdf.rules) * 1:2015 <-> DISABLED <-> PROTOCOL-RPC portmap UNSET attempt UDP 111 (protocol-rpc.rules) * 1:20150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded PCX parsing corruption attempt (file-pdf.rules) * 1:20151 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded PCX image (file-pdf.rules) * 1:20152 <-> DISABLED <-> FILE-PDF Adobe Acrobat GDI object leak memory corruption attempt (file-pdf.rules) * 1:20153 <-> DISABLED <-> FILE-PDF Adobe Acrobat embedded JPEG file APP0 chunk memory corruption attempt (file-pdf.rules) * 1:20154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:20155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:20156 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getCosObj file overwrite attempt (file-pdf.rules) * 1:20157 <-> DISABLED <-> SERVER-ORACLE Oracle GlassFish Server war file upload attempt (server-oracle.rules) * 1:20158 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Server default credentials login attempt (server-webapp.rules) * 1:20159 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish Server authentication bypass attempt (server-webapp.rules) * 1:2016 <-> DISABLED <-> PROTOCOL-RPC portmap status request TCP (protocol-rpc.rules) * 1:20160 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Server successful authentication bypass attempt (server-webapp.rules) * 1:20162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader sandbox disable attempt (file-pdf.rules) * 1:20168 <-> DISABLED <-> BROWSER-PLUGINS ChemView SaveAsMolFile vulnerability ActiveX clsid access (browser-plugins.rules) * 1:20169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:2017 <-> DISABLED <-> PROTOCOL-RPC portmap espd request UDP (protocol-rpc.rules) * 1:20170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20171 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP parsing corruption attempt (file-pdf.rules) * 1:20172 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:20173 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20174 <-> DISABLED <-> PROTOCOL-SCADA Cogent DataHub server-side information disclosure (protocol-scada.rules) * 1:20175 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20178 <-> DISABLED <-> PROTOCOL-SCADA RSLogix rna protocol denial of service attempt (protocol-scada.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:2018 <-> DISABLED <-> PROTOCOL-RPC mountd TCP dump request (protocol-rpc.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20181 <-> DISABLED <-> FILE-FLASH Adobe Flash Speex-encoded audio buffer underflow attempt (file-flash.rules) * 1:20182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player viewSource blacklist exclusion attempt (file-flash.rules) * 1:20183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setInterval use attempt (file-flash.rules) * 1:20184 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit php meterpreter stub .php file upload (indicator-shellcode.rules) * 1:20185 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_fs_method request/response attempt (indicator-shellcode.rules) * 1:20186 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_process_method request/response attempt (indicator-shellcode.rules) * 1:20187 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_eventlog_method request/response attempt (indicator-shellcode.rules) * 1:20188 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_config_method request/response attempt (indicator-shellcode.rules) * 1:20189 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_ui_method request/response attempt (indicator-shellcode.rules) * 1:2019 <-> DISABLED <-> PROTOCOL-RPC mountd UDP dump request (protocol-rpc.rules) * 1:20190 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_registry_method request/response attempt (indicator-shellcode.rules) * 1:20191 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_net_method request/response attempt (indicator-shellcode.rules) * 1:20192 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter incognito_method request/response attempt (indicator-shellcode.rules) * 1:20193 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter webcam_method request/response attempt (indicator-shellcode.rules) * 1:20194 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter sniffer_method request/response attempt (indicator-shellcode.rules) * 1:20195 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter priv_method request/response attempt (indicator-shellcode.rules) * 1:20196 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter lanattacks_method request/response attempt (indicator-shellcode.rules) * 1:20197 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter espia_method request/response attempt (indicator-shellcode.rules) * 1:20198 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter networkpug_method request/response attempt (indicator-shellcode.rules) * 1:20199 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_railgun_method request/response attempt (indicator-shellcode.rules) * 1:2020 <-> DISABLED <-> PROTOCOL-RPC mountd TCP unmount request (protocol-rpc.rules) * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules) * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules) * 1:20206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcre ActionScript under allocation (file-flash.rules) * 1:20207 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20208 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20209 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:2021 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount request (protocol-rpc.rules) * 1:20210 <-> DISABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20211 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive stack overflow attempt (file-flash.rules) * 1:20212 <-> DISABLED <-> SERVER-OTHER SSL CBC encryption mode weakness brute force attempt (server-other.rules) * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20216 <-> DISABLED <-> PROTOCOL-SCADA Beckhoff TwinCAT DoS (protocol-scada.rules) * 1:20217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (malware-cnc.rules) * 1:20218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (malware-cnc.rules) * 1:20219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ToriaSpy.A variant outbound connection (malware-cnc.rules) * 1:2022 <-> DISABLED <-> PROTOCOL-RPC mountd TCP unmountall request (protocol-rpc.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Payazol.B variant outbound connection (malware-cnc.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:2023 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmountall request (protocol-rpc.rules) * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules) * 1:20235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AdobeReader.Uz runtime traffic detected (malware-cnc.rules) * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules) * 1:20238 <-> DISABLED <-> SERVER-OTHER Oracle Java calendar deserialize vulnerability (server-other.rules) * 1:20239 <-> DISABLED <-> FILE-JAVA Oracle Java GIF LZW minimum code size overflow attempt (file-java.rules) * 1:2024 <-> DISABLED <-> PROTOCOL-RPC RQUOTA getquota overflow attempt TCP (protocol-rpc.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules) * 1:20243 <-> DISABLED <-> POLICY-OTHER Privoxy disabling of x-filter (policy-other.rules) * 1:20244 <-> DISABLED <-> POLICY-OTHER possible forced privoxy disabling (policy-other.rules) * 1:20245 <-> DISABLED <-> POLICY-OTHER remote privoxy config access (policy-other.rules) * 1:20248 <-> DISABLED <-> PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt (protocol-rpc.rules) * 1:20249 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start BasicService arbitrary command execution attempt (server-other.rules) * 1:2025 <-> DISABLED <-> PROTOCOL-RPC yppasswd username overflow attempt UDP (protocol-rpc.rules) * 1:20250 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow (server-other.rules) * 1:20251 <-> DISABLED <-> SERVER-OTHER PointBase 4.6 database DoS (server-other.rules) * 1:20252 <-> DISABLED <-> MALWARE-CNC DroidKungFu check-in (malware-cnc.rules) * 1:20253 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20254 <-> DISABLED <-> OS-WINDOWS Microsoft products oleacc.dll dll-load exploit attempt (os-windows.rules) * 1:20255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules) * 1:20256 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG http response splitting attempt (os-windows.rules) * 1:20257 <-> DISABLED <-> OS-WINDOWS Microsoft ForeFront UAG ExcelTable.asp XSS attempt (os-windows.rules) * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules) * 1:20259 <-> DISABLED <-> FILE-OTHER Microsoft Agent Helper Malicious JAR download attempt (file-other.rules) * 1:2026 <-> DISABLED <-> PROTOCOL-RPC yppasswd username overflow attempt TCP (protocol-rpc.rules) * 1:20260 <-> ENABLED <-> FILE-IDENTIFY Microsoft Client Agent Helper JAR file download request (file-identify.rules) * 1:20261 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (file-executable.rules) * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:20263 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules) * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules) * 1:20265 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:20266 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Javascript negative option index attack attempt (browser-ie.rules) * 1:20267 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer circular reference exploit attempt (browser-ie.rules) * 1:20268 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:2027 <-> DISABLED <-> PROTOCOL-RPC yppasswd old password overflow attempt UDP (protocol-rpc.rules) * 1:20270 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows afd.sys kernel-mode memory corruption attempt (file-executable.rules) * 1:20271 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Host Integration Server SNA length dos attempt (os-windows.rules) * 1:20272 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt (os-windows.rules) * 1:20273 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer jscript9 parsing corruption attempt (browser-ie.rules) * 1:20274 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP NetShareEnumAll request (netbios.rules) * 1:20276 <-> DISABLED <-> INDICATOR-OBFUSCATION standard ASCII encoded with UTF-8 possible evasion detected (indicator-obfuscation.rules) * 1:20277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:20278 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:20279 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:2028 <-> DISABLED <-> PROTOCOL-RPC yppasswd old password overflow attempt TCP (protocol-rpc.rules) * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20282 <-> ENABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules) * 1:20284 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules) * 1:20285 <-> DISABLED <-> BROWSER-PLUGINS Black Ice Barcode SDK ActiveX clsid access (browser-plugins.rules) * 1:20286 <-> DISABLED <-> BROWSER-PLUGINS Black Ice Barcode SDK ActiveX function call access (browser-plugins.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20288 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer QCP parsing buffer overflow attempt (file-multimedia.rules) * 1:20289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A variant outbound connection (malware-cnc.rules) * 1:2029 <-> DISABLED <-> PROTOCOL-RPC yppasswd new password overflow attempt UDP (protocol-rpc.rules) * 1:20290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A inbound connection (malware-cnc.rules) * 1:20291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mybios.A variant outbound connection (malware-cnc.rules) * 1:20292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FresctSpy.A variant outbound connection (malware-cnc.rules) * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20294 <-> DISABLED <-> FILE-IMAGE Adobe Reader and Acrobat Libtiff TIFFFetchShortPair stack buffer overflow attempt (file-image.rules) * 1:20295 <-> DISABLED <-> FILE-IMAGE Public LibTiff Exploit (file-image.rules) * 1:20296 <-> DISABLED <-> PROTOCOL-VOIP inbound INVITE message (protocol-voip.rules) * 1:20297 <-> DISABLED <-> PROTOCOL-VOIP outbound INVITE message (protocol-voip.rules) * 1:20298 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:20299 <-> DISABLED <-> PROTOCOL-VOIP Invalid request spaces at end of request line attempt (protocol-voip.rules) * 1:2030 <-> DISABLED <-> PROTOCOL-RPC yppasswd new password overflow attempt TCP (protocol-rpc.rules) * 1:20300 <-> DISABLED <-> PROTOCOL-VOIP SIP URI type overflow attempt (protocol-voip.rules) * 1:20301 <-> DISABLED <-> PROTOCOL-VOIP TEL URI type overflow attempt (protocol-voip.rules) * 1:20302 <-> DISABLED <-> PROTOCOL-VOIP SIP URI multiple at signs in message (protocol-voip.rules) * 1:20303 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20304 <-> DISABLED <-> PROTOCOL-VOIP SIP URI possible format string attempt (protocol-voip.rules) * 1:20305 <-> DISABLED <-> PROTOCOL-VOIP CSeq header format string attempt (protocol-voip.rules) * 1:20306 <-> DISABLED <-> PROTOCOL-VOIP CSeq header invalid characters detected (protocol-voip.rules) * 1:20307 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20308 <-> DISABLED <-> PROTOCOL-VOIP CSeq header method mismatch attempt (protocol-voip.rules) * 1:20309 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:2031 <-> DISABLED <-> PROTOCOL-RPC yppasswd user update UDP (protocol-rpc.rules) * 1:20310 <-> DISABLED <-> PROTOCOL-VOIP CSeq header multiple CSeq headers (protocol-voip.rules) * 1:20311 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards value over 70 (protocol-voip.rules) * 1:20312 <-> DISABLED <-> PROTOCOL-VOIP Max-Forwards header invalid characters detected (protocol-voip.rules) * 1:20313 <-> DISABLED <-> PROTOCOL-VOIP Via header missing SIP field (protocol-voip.rules) * 1:20314 <-> DISABLED <-> PROTOCOL-VOIP Via header format string attempt (protocol-voip.rules) * 1:20315 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid characters detected (protocol-voip.rules) * 1:20316 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20317 <-> DISABLED <-> PROTOCOL-VOIP Via header invalid seperators (protocol-voip.rules) * 1:20318 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20319 <-> DISABLED <-> PROTOCOL-VOIP From header invalid characters detected (protocol-voip.rules) * 1:2032 <-> DISABLED <-> PROTOCOL-RPC yppasswd user update TCP (protocol-rpc.rules) * 1:20320 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20321 <-> DISABLED <-> PROTOCOL-VOIP From header XSS injection attempt (protocol-voip.rules) * 1:20323 <-> DISABLED <-> PROTOCOL-VOIP From header format string attempt (protocol-voip.rules) * 1:20324 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20325 <-> DISABLED <-> PROTOCOL-VOIP From header whitespace in field attempt (protocol-voip.rules) * 1:20326 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20327 <-> DISABLED <-> PROTOCOL-VOIP From header unquoted tokens in field attempt (protocol-voip.rules) * 1:20328 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:20329 <-> DISABLED <-> PROTOCOL-VOIP From header missing terminating quote (protocol-voip.rules) * 1:2033 <-> DISABLED <-> PROTOCOL-RPC ypserv maplist request UDP (protocol-rpc.rules) * 1:20330 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20331 <-> DISABLED <-> PROTOCOL-VOIP From header multiple From headers (protocol-voip.rules) * 1:20332 <-> DISABLED <-> PROTOCOL-VOIP To header contains recursive URL-encoded data (protocol-voip.rules) * 1:20333 <-> DISABLED <-> PROTOCOL-VOIP To header invalid characters detected (protocol-voip.rules) * 1:20334 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20335 <-> DISABLED <-> PROTOCOL-VOIP To header XSS injection attempt (protocol-voip.rules) * 1:20336 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20337 <-> DISABLED <-> PROTOCOL-VOIP To header format string attempt (protocol-voip.rules) * 1:20338 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:20339 <-> DISABLED <-> PROTOCOL-VOIP To header whitespace in field attempt (protocol-voip.rules) * 1:2034 <-> DISABLED <-> PROTOCOL-RPC ypserv maplist request TCP (protocol-rpc.rules) * 1:20340 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20341 <-> DISABLED <-> PROTOCOL-VOIP To header unquoted tokens in field attempt (protocol-voip.rules) * 1:20342 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20343 <-> DISABLED <-> PROTOCOL-VOIP To header invalid seperators (protocol-voip.rules) * 1:20344 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20345 <-> DISABLED <-> PROTOCOL-VOIP To header missing terminating quote (protocol-voip.rules) * 1:20346 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20347 <-> DISABLED <-> PROTOCOL-VOIP To header multiple To headers (protocol-voip.rules) * 1:20348 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:20349 <-> DISABLED <-> PROTOCOL-VOIP Subject header XSS injection attempt (protocol-voip.rules) * 1:2035 <-> DISABLED <-> PROTOCOL-RPC portmap network-status-monitor request UDP (protocol-rpc.rules) * 1:20350 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20351 <-> DISABLED <-> PROTOCOL-VOIP Subject header format string attempt (protocol-voip.rules) * 1:20352 <-> DISABLED <-> PROTOCOL-VOIP Expires header overflow attempt (protocol-voip.rules) * 1:20353 <-> DISABLED <-> PROTOCOL-VOIP Expires header invalid characters detected (protocol-voip.rules) * 1:20354 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20355 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid characters detected (protocol-voip.rules) * 1:20356 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20357 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header XSS injection attempt (protocol-voip.rules) * 1:20358 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:20359 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header format string attempt (protocol-voip.rules) * 1:2036 <-> DISABLED <-> PROTOCOL-RPC portmap network-status-monitor request TCP (protocol-rpc.rules) * 1:20360 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20361 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header invalid seperators (protocol-voip.rules) * 1:20362 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20363 <-> DISABLED <-> PROTOCOL-VOIP Call-ID header multiple Call-ID headers (protocol-voip.rules) * 1:20364 <-> DISABLED <-> PROTOCOL-VOIP Contact header format string attempt (protocol-voip.rules) * 1:20365 <-> DISABLED <-> PROTOCOL-VOIP Contact header invalid characters detected (protocol-voip.rules) * 1:20366 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:20367 <-> DISABLED <-> PROTOCOL-VOIP Contact header XSS injection attempt (protocol-voip.rules) * 1:2037 <-> DISABLED <-> PROTOCOL-RPC network-status-monitor mon-callback request UDP (protocol-rpc.rules) * 1:20370 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20371 <-> DISABLED <-> PROTOCOL-VOIP Contact header whitespace in field attempt (protocol-voip.rules) * 1:20372 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20373 <-> DISABLED <-> PROTOCOL-VOIP Contact header unquoted tokens in field attempt (protocol-voip.rules) * 1:20374 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20375 <-> DISABLED <-> PROTOCOL-VOIP Contact header missing terminating quote (protocol-voip.rules) * 1:20376 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header format string attempt (protocol-voip.rules) * 1:20377 <-> DISABLED <-> PROTOCOL-VOIP Content-Type header invalid characters detected (protocol-voip.rules) * 1:20378 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:20379 <-> DISABLED <-> PROTOCOL-VOIP Date header invalid characters detected (protocol-voip.rules) * 1:2038 <-> DISABLED <-> PROTOCOL-RPC network-status-monitor mon-callback request TCP (protocol-rpc.rules) * 1:20380 <-> DISABLED <-> PROTOCOL-VOIP Authorization header invalid characters in response parameter (protocol-voip.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20382 <-> DISABLED <-> PROTOCOL-VOIP Media header port field invalid value (protocol-voip.rules) * 1:20383 <-> DISABLED <-> PROTOCOL-VOIP Time header contains negative value (protocol-voip.rules) * 1:20384 <-> DISABLED <-> PROTOCOL-VOIP Time header contains long value (protocol-voip.rules) * 1:20385 <-> DISABLED <-> PROTOCOL-VOIP Version header overflow attempt (protocol-voip.rules) * 1:20386 <-> DISABLED <-> PROTOCOL-VOIP Connection header invalid value (protocol-voip.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20389 <-> DISABLED <-> PROTOCOL-VOIP Attribute header buffer overflow attempt (protocol-voip.rules) * 1:2039 <-> DISABLED <-> SERVER-OTHER bootp hostname format string attempt (server-other.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20393 <-> DISABLED <-> PROTOCOL-VOIP BYE flood (protocol-voip.rules) * 1:20394 <-> DISABLED <-> PROTOCOL-VOIP CANCEL flood (protocol-voip.rules) * 1:20395 <-> DISABLED <-> PROTOCOL-VOIP SIP REGISTER flood attempt (protocol-voip.rules) * 1:20396 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood attempt (protocol-voip.rules) * 1:20397 <-> DISABLED <-> PROTOCOL-VOIP INVITE flood (protocol-voip.rules) * 1:20398 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:20399 <-> DISABLED <-> PROTOCOL-VOIP Response code 420 Bad Extension response flood (protocol-voip.rules) * 1:2040 <-> DISABLED <-> POLICY-OTHER xtacacs login attempt (policy-other.rules) * 1:20400 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20401 <-> DISABLED <-> PROTOCOL-VOIP Response code 415 Unsupported Media Type response flood (protocol-voip.rules) * 1:20402 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20403 <-> DISABLED <-> PROTOCOL-VOIP Response code 405 Method Not Allowed response flood (protocol-voip.rules) * 1:20404 <-> DISABLED <-> PROTOCOL-VOIP inbound 100 Trying message (protocol-voip.rules) * 1:20405 <-> DISABLED <-> PROTOCOL-VOIP inbound 408 Request Timeout message (protocol-voip.rules) * 1:20406 <-> DISABLED <-> PROTOCOL-VOIP inbound 501 Not Implemented message (protocol-voip.rules) * 1:20407 <-> DISABLED <-> PROTOCOL-VOIP inbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20408 <-> DISABLED <-> PROTOCOL-VOIP inbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20409 <-> DISABLED <-> PROTOCOL-VOIP inbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:2041 <-> DISABLED <-> INDICATOR-SCAN xtacacs failed login response (indicator-scan.rules) * 1:20410 <-> DISABLED <-> PROTOCOL-VOIP inbound 401 unauthorized message (protocol-voip.rules) * 1:20411 <-> DISABLED <-> PROTOCOL-VOIP inbound 404 Not Found (protocol-voip.rules) * 1:20412 <-> DISABLED <-> PROTOCOL-VOIP outbound 404 Not Found (protocol-voip.rules) * 1:20413 <-> DISABLED <-> PROTOCOL-VOIP outbound 100 Trying message (protocol-voip.rules) * 1:20414 <-> DISABLED <-> PROTOCOL-VOIP outbound 408 Request Timeout message (protocol-voip.rules) * 1:20415 <-> DISABLED <-> PROTOCOL-VOIP outbound 501 Not Implemented message (protocol-voip.rules) * 1:20416 <-> DISABLED <-> PROTOCOL-VOIP outbound 604 Does Not Exist Anywhere message (protocol-voip.rules) * 1:20417 <-> DISABLED <-> PROTOCOL-VOIP outbound 415 Unsupported Media Type message (protocol-voip.rules) * 1:20418 <-> DISABLED <-> PROTOCOL-VOIP outbound 481 Call/Leg Transaction Does Not Exist (protocol-voip.rules) * 1:20419 <-> DISABLED <-> PROTOCOL-VOIP outbound 401 Unauthorized message (protocol-voip.rules) * 1:2042 <-> DISABLED <-> POLICY-OTHER xtacacs accepted login response (policy-other.rules) * 1:20420 <-> DISABLED <-> PROTOCOL-VOIP INVITE message invalid IP address (protocol-voip.rules) * 1:20421 <-> DISABLED <-> PROTOCOL-VOIP INVITE message Content-Length header size of zero (protocol-voip.rules) * 1:20422 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via field request misplaced - after terminating newline (protocol-voip.rules) * 1:20423 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:20424 <-> DISABLED <-> PROTOCOL-VOIP Sivus scanner detected (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:20426 <-> DISABLED <-> PROTOCOL-VOIP MultiTech INVITE message buffer overflow attempt (protocol-voip.rules) * 1:20427 <-> DISABLED <-> PROTOCOL-VOIP OpenSBC VIA header denial of service attempt (protocol-voip.rules) * 1:20428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zewit.A variant outbound connection (malware-cnc.rules) * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:2043 <-> DISABLED <-> INDICATOR-SCAN isakmp login failed (indicator-scan.rules) * 1:20430 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start BasicServiceImpl security policy bypass attempt (file-java.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules) * 1:20436 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20437 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20438 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:20439 <-> DISABLED <-> MALWARE-TOOLS THC SSL renegotiation DOS attempt (malware-tools.rules) * 1:2044 <-> DISABLED <-> POLICY-OTHER PPTP Start Control Request attempt (policy-other.rules) * 1:20440 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20441 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20442 <-> DISABLED <-> SERVER-OTHER CA BrightStor cheyenneds mailslot overflow (server-other.rules) * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (app-detect.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20445 <-> DISABLED <-> FILE-PDF Foxit Reader title overflow attempt (file-pdf.rules) * 1:20446 <-> DISABLED <-> SERVER-WEBAPP DiskPulseServer GetServerInfo request buffer overflow (server-webapp.rules) * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules) * 1:20448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meciv.A variant outbound connection (malware-cnc.rules) * 1:20449 <-> DISABLED <-> MALWARE-CNC Win.Worm.Busifom.A variant outbound connection (malware-cnc.rules) * 1:2045 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt UDP (protocol-rpc.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20452 <-> DISABLED <-> FILE-IDENTIFY GZip file magic detected (file-identify.rules) * 1:20453 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:20454 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:20455 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20458 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:2046 <-> DISABLED <-> PROTOCOL-IMAP partial body.peek buffer overflow attempt (protocol-imap.rules) * 1:20460 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20461 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:20462 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:2047 <-> DISABLED <-> SERVER-OTHER rsyncd module list access (server-other.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20474 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:20475 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:20476 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:20477 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:20478 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20479 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20484 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:20485 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20487 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:20488 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:20489 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:2049 <-> DISABLED <-> SQL ping attempt (sql.rules) * 1:20490 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:20491 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20495 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:2050 <-> DISABLED <-> SERVER-MSSQL version overflow attempt (server-mssql.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:2051 <-> DISABLED <-> SERVER-WEBAPP cached_feed.cgi moreover shopping cart access (server-webapp.rules) * 1:20511 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:20512 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:20513 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:20514 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20515 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:20516 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20519 <-> ENABLED <-> FILE-IDENTIFY vmd file download request (file-identify.rules) * 1:2052 <-> DISABLED <-> SERVER-WEBAPP overflow.cgi access (server-webapp.rules) * 1:20520 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:20521 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (malware-cnc.rules) * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (server-apache.rules) * 1:20529 <-> DISABLED <-> FILE-JAVA Oracle Java trusted method chaining attempt (file-java.rules) * 1:2053 <-> DISABLED <-> SERVER-WEBAPP Bugtraq process_bug.cgi access (server-webapp.rules) * 1:20530 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules) * 1:20531 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20533 <-> DISABLED <-> SERVER-WEBAPP php tiny shell upload attempt (server-webapp.rules) * 1:20534 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:20535 <-> DISABLED <-> BROWSER-OTHER Opera Config File script access attempt (browser-other.rules) * 1:20536 <-> DISABLED <-> BROWSER-PLUGINS Moxa MediaDBPlayback.DLL ActiveX clsid access (browser-plugins.rules) * 1:20537 <-> DISABLED <-> BROWSER-PLUGINS Phobos.Playlist ActiveX clsid access (browser-plugins.rules) * 1:20538 <-> DISABLED <-> BROWSER-PLUGINS Phobos.Playlist ActiveX function call access (browser-plugins.rules) * 1:2054 <-> DISABLED <-> SERVER-WEBAPP Bugtraq enter_bug.cgi arbitrary command attempt (server-webapp.rules) * 1:20540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded TrueType font (file-office.rules) * 1:20543 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IppRateLimitIcmp integer overflow exploit attempt (os-windows.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF embedded font null pointer attempt (file-flash.rules) * 1:20546 <-> DISABLED <-> SERVER-OTHER BakBone NetVault client heap overflow attempt (server-other.rules) * 1:20547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overlapping record overflow attempt (file-flash.rules) * 1:20548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursive doaction stack exhaustion (file-flash.rules) * 1:20549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion attempt (file-flash.rules) * 1:2055 <-> DISABLED <-> SERVER-WEBAPP Bugtraq enter_bug.cgi access (server-webapp.rules) * 1:20550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Mover3D clipping exploit (file-flash.rules) * 1:20551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Stage 3D texture format overflow attempt (file-flash.rules) * 1:20552 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-multimedia.rules) * 1:20554 <-> ENABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20555 <-> DISABLED <-> FILE-FLASH Adobe Flash MP4 ref_frame allocated buffer overflow attempt (file-flash.rules) * 1:20556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PlaceObjectX null pointer dereference attempt (file-flash.rules) * 1:20557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionDefineFunction2 length overflow attempt (file-flash.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:2056 <-> DISABLED <-> SERVER-WEBAPP TRACE attempt (server-webapp.rules) * 1:20560 <-> DISABLED <-> FILE-FLASH Adobe Flash Player salign null javascript access attempt (file-flash.rules) * 1:20561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules) * 1:20562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules) * 1:20563 <-> ENABLED <-> FILE-IDENTIFY amf file download request (file-identify.rules) * 1:20564 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20567 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF AVM2 namespace lookup deref exploit (file-flash.rules) * 1:20568 <-> DISABLED <-> FILE-FLASH Adobe Flash SWF ActionScript 3 ByteArray class vulnerability (file-flash.rules) * 1:20569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:2057 <-> DISABLED <-> SERVER-WEBAPP helpout.exe access (server-webapp.rules) * 1:20570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:20573 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVueX Control ExportEdaBom ActiveX clsid access (browser-plugins.rules) * 1:20574 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVueX Control ExportEdaBom ActiveX function call access (browser-plugins.rules) * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:20576 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:20577 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules) * 1:20578 <-> DISABLED <-> SERVER-MAIL Qualcomm Eudora url buffer overflow attempt (server-mail.rules) * 1:20579 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:2058 <-> DISABLED <-> SERVER-WEBAPP MsmMask.exe attempt (server-webapp.rules) * 1:20581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (browser-firefox.rules) * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (browser-firefox.rules) * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (browser-firefox.rules) * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (browser-firefox.rules) * 1:20587 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larchik.A variant outbound connection (malware-cnc.rules) * 1:20588 <-> ENABLED <-> FILE-IDENTIFY CDR file download request (file-identify.rules) * 1:20589 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:2059 <-> DISABLED <-> SERVER-WEBAPP MsmMask.exe access (server-webapp.rules) * 1:20590 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:20591 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX clsid access (browser-plugins.rules) * 1:20592 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX function call access (browser-plugins.rules) * 1:20593 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules) * 1:20594 <-> DISABLED <-> SERVER-ORACLE Outside In CorelDRAW file parser integer overflow attempt (server-oracle.rules) * 1:20595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ixeshe.F variant outbound connection (malware-cnc.rules) * 1:20596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:2060 <-> DISABLED <-> SERVER-WEBAPP DB4Web access (server-webapp.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin nobody (protocol-services.rules) * 1:20602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin guest (protocol-services.rules) * 1:20603 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RSH daemon buffer overflow attempt (os-windows.rules) * 1:20604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.isqy variant outbound connection (malware-cnc.rules) * 1:20605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.R2d2.A contact to cnc server (malware-cnc.rules) * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20609 <-> DISABLED <-> SERVER-OTHER Sunway ForceControl SNMP NetDBServer stack buffer overflow attempt (server-other.rules) * 1:2061 <-> DISABLED <-> SERVER-APACHE Apache Tomcat null byte directory listing attempt (server-apache.rules) * 1:20610 <-> DISABLED <-> FILE-FLASH Adobe Shockwave Flash Flex authoring tool XSS exploit attempt (file-flash.rules) * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules) * 1:20612 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Java AJP connector invalid header timeout DOS attempt (server-apache.rules) * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules) * 1:20615 <-> DISABLED <-> SERVER-WEBAPP Wordcircle SQL injection attempt (server-webapp.rules) * 1:20616 <-> DISABLED <-> SERVER-OTHER Peercast Basic HTTP authentication buffer overflow attempt (server-other.rules) * 1:20617 <-> DISABLED <-> SERVER-WEBAPP Sage SalesLogix admin authentication bypass attempt (server-webapp.rules) * 1:20618 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules) * 1:20619 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (server-webapp.rules) * 1:2062 <-> DISABLED <-> SERVER-WEBAPP iPlanet .perf access (server-webapp.rules) * 1:20620 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (server-webapp.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20622 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:20623 <-> DISABLED <-> SERVER-WEBAPP Venom Board SQL injection attempt (server-webapp.rules) * 1:20624 <-> DISABLED <-> SERVER-WEBAPP Venom Board SQL injection attempt (server-webapp.rules) * 1:20625 <-> DISABLED <-> SERVER-WEBAPP Venom Board SQL injection attempt (server-webapp.rules) * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules) * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20629 <-> DISABLED <-> SERVER-WEBAPP geoBlog SQL injection in viewcat.php cat parameter attempt (server-webapp.rules) * 1:2063 <-> DISABLED <-> SERVER-WEBAPP Demarc SQL injection attempt (server-webapp.rules) * 1:20630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winnti.A contact to cnc server (malware-cnc.rules) * 1:20631 <-> DISABLED <-> SERVER-WEBAPP Akarru remote file include in main_content.php bm_content (server-webapp.rules) * 1:20632 <-> DISABLED <-> SERVER-WEBAPP AnnoncesV annonce.php remote file include attempt (server-webapp.rules) * 1:20633 <-> DISABLED <-> SERVER-WEBAPP Boite de News remote file include in inc.php url_index (server-webapp.rules) * 1:20634 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20636 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20637 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20638 <-> DISABLED <-> PROTOCOL-SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (protocol-scada.rules) * 1:20639 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Higest.N variant outbound connection (malware-cnc.rules) * 1:20640 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt (server-webapp.rules) * 1:20641 <-> DISABLED <-> SERVER-WEBAPP TheWebForum SQL injection in login.php username attempt (server-webapp.rules) * 1:20642 <-> DISABLED <-> SERVER-WEBAPP TankLogger SQL injection in showInfo.php livestock_id attempt (server-webapp.rules) * 1:20643 <-> DISABLED <-> SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt (server-webapp.rules) * 1:20644 <-> DISABLED <-> SERVER-WEBAPP Lizard Cart CMS SQL injection in detail.php id attempt (server-webapp.rules) * 1:20645 <-> DISABLED <-> SERVER-WEBAPP Lizard Cart CMS SQL injection in pages.php id attempt (server-webapp.rules) * 1:20646 <-> DISABLED <-> SERVER-WEBAPP Benders Calendar SQL injection in index.php this_day attempt (server-webapp.rules) * 1:20647 <-> DISABLED <-> SERVER-WEBAPP inTouch SQL injection in index.php user attempt (server-webapp.rules) * 1:20648 <-> DISABLED <-> SERVER-WEBAPP Bit 5 Blog SQL injection in processlogin.php username via (server-webapp.rules) * 1:20649 <-> DISABLED <-> SERVER-WEBAPP ADNForum SQL injection in index.php fid attempt (server-webapp.rules) * 1:2065 <-> DISABLED <-> SERVER-WEBAPP Lotus Notes .csp script source download attempt (server-webapp.rules) * 1:20650 <-> DISABLED <-> SERVER-WEBAPP MyNewsGroups remote file include in layersmenu.inc.php myng_root (server-webapp.rules) * 1:20651 <-> DISABLED <-> SERVER-WEBAPP Modernbill remote file include in config.php DIR (server-webapp.rules) * 1:20652 <-> DISABLED <-> SERVER-WEBAPP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (server-webapp.rules) * 1:20653 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player ASX file ref href buffer overflow attempt (file-multimedia.rules) * 1:20654 <-> DISABLED <-> SERVER-WEBAPP GrapAgenda remote file include in index.php page (server-webapp.rules) * 1:20655 <-> DISABLED <-> PUA-OTHER Yahoo Messenger iframe injection status change attempt (pua-other.rules) * 1:20656 <-> DISABLED <-> SERVER-WEBAPP GestArtremote file include in aide.php3 aide (server-webapp.rules) * 1:20657 <-> DISABLED <-> SERVER-WEBAPP Free File Hosting remote file include in forgot_pass.php ad_body_temp (server-webapp.rules) * 1:20658 <-> DISABLED <-> POLICY-OTHER HP Printer firmware update attempt (policy-other.rules) * 1:20659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:2066 <-> DISABLED <-> SERVER-WEBAPP Lotus Notes .pl script source download attempt (server-webapp.rules) * 1:20660 <-> DISABLED <-> SERVER-OTHER sl.php script injection (server-other.rules) * 1:20661 <-> DISABLED <-> MALWARE-CNC Simbda variant outbound connection (malware-cnc.rules) * 1:20662 <-> DISABLED <-> SERVER-OTHER Dameware Mini Remote Control username buffer overflow (server-other.rules) * 1:20663 <-> DISABLED <-> SERVER-WEBAPP Comet WebFileManager remote file include in CheckUpload.php Language (server-webapp.rules) * 1:20664 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20665 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules) * 1:2067 <-> DISABLED <-> SERVER-WEBAPP Lotus Notes .exe script source download attempt (server-webapp.rules) * 1:20670 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules) * 1:20674 <-> DISABLED <-> SERVER-WEBAPP Sourceforge Gallery search engine cross-site scripting attempt (server-webapp.rules) * 1:20675 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services code execution attempt (server-iis.rules) * 1:20676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (malware-cnc.rules) * 1:20677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (malware-cnc.rules) * 1:20678 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.aior variant outbound connection (malware-cnc.rules) * 1:20679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syrutrk variant outbound connection (malware-cnc.rules) * 1:2068 <-> DISABLED <-> SERVER-WEBAPP BitKeeper arbitrary command attempt (server-webapp.rules) * 1:20680 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedating4CMS.php remote file include attempt (server-webapp.rules) * 1:20681 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (malware-cnc.rules) * 1:20682 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (malware-cnc.rules) * 1:20683 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (malware-cnc.rules) * 1:20684 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (malware-cnc.rules) * 1:20685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heloag.A variant outbound connection (malware-cnc.rules) * 1:20686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut.BM connect to client (malware-cnc.rules) * 1:20687 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.akhg variant outbound connection (malware-cnc.rules) * 1:20688 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (malware-cnc.rules) * 1:20689 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (malware-cnc.rules) * 1:2069 <-> DISABLED <-> SERVER-WEBAPP chip.ini access (server-webapp.rules) * 1:20690 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackcontrol.A variant outbound connection (malware-cnc.rules) * 1:20694 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SSonce.A variant outbound connection (malware-cnc.rules) * 1:20695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.GZW connect to cnc server (malware-cnc.rules) * 1:20696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom.CK connect to cnc server (malware-cnc.rules) * 1:20697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom.CK connect to cnc server (malware-cnc.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules) * 1:20699 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSRF timing attack against XSS filter (browser-ie.rules) * 1:2070 <-> DISABLED <-> SERVER-WEBAPP post32.exe arbitrary command attempt (server-webapp.rules) * 1:20700 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules) * 1:20701 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules) * 1:20702 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules) * 1:20703 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules) * 1:20704 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer defaulttime behavior attack attempt (browser-plugins.rules) * 1:20705 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access (browser-plugins.rules) * 1:20706 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access (browser-plugins.rules) * 1:20707 <-> DISABLED <-> BROWSER-PLUGINS Dell IT Assistant ActiveX clsid access (browser-plugins.rules) * 1:20708 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:20709 <-> DISABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:2071 <-> DISABLED <-> SERVER-WEBAPP post32.exe access (server-webapp.rules) * 1:20710 <-> DISABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20711 <-> DISABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20712 <-> DISABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20713 <-> DISABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20714 <-> DISABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20715 <-> DISABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20716 <-> DISABLED <-> BROWSER-PLUGINS Yahoo! CD Player ActiveX clsid access (browser-plugins.rules) * 1:20717 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE versioned stream missing data stream (file-office.rules) * 1:20718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:20719 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:2072 <-> DISABLED <-> SERVER-WEBAPP lyris.pl access (server-webapp.rules) * 1:20720 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:20721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher PLC object memory corruption attempt (file-office.rules) * 1:20722 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules) * 1:20726 <-> DISABLED <-> SERVER-WEBAPP F-Secure web console username overflow attempt (server-webapp.rules) * 1:20727 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox user interface event dispatcher dos attempt (browser-firefox.rules) * 1:20728 <-> DISABLED <-> SERVER-WEBAPP WoW Roster remote file include with hslist.php and conf.php attempt (server-webapp.rules) * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules) * 1:2073 <-> DISABLED <-> SERVER-WEBAPP globals.pl access (server-webapp.rules) * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules) * 1:20731 <-> DISABLED <-> SERVER-WEBAPP TSEP tsep_config absPath parameter PHP remote file include attempt (server-webapp.rules) * 1:20732 <-> DISABLED <-> SERVER-WEBAPP Sabdrimer PHP pluginpath remote file include attempt (server-webapp.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20734 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player digital video recording buffer overflow attempt (file-multimedia.rules) * 1:20735 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:20736 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-man-page URI terminal escape attempt (browser-webkit.rules) * 1:20737 <-> DISABLED <-> SERVER-WEBAPP 427BB cookie-based authentication bypass attempt (server-webapp.rules) * 1:20738 <-> DISABLED <-> SERVER-OTHER Check Point vpn-1 ISAKMP buffer overflow attempt (server-other.rules) * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (browser-firefox.rules) * 1:2074 <-> DISABLED <-> SERVER-WEBAPP Mambo uploadimage.php upload php file attempt (server-webapp.rules) * 1:20740 <-> DISABLED <-> SERVER-WEBAPP Dell OpenManage server application field buffer overflow attempt (server-webapp.rules) * 1:20741 <-> DISABLED <-> SERVER-OTHER SpamAssassin GTube string denial of service attempt (server-other.rules) * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:20743 <-> DISABLED <-> BROWSER-OTHER Multiple web browser window injection attempt (browser-other.rules) * 1:20744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt (os-windows.rules) * 1:20745 <-> DISABLED <-> SERVER-OTHER Ethereal Netflow dissector buffer overflow attempt (server-other.rules) * 1:20746 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20747 <-> DISABLED <-> SERVER-OTHER Ethereal IGAP Dissector Buffer Overflow attempt (server-other.rules) * 1:20748 <-> DISABLED <-> SERVER-OTHER Yahoo Messenger possible file transfer spoofing (server-other.rules) * 1:20749 <-> DISABLED <-> SERVER-OTHER EMC Retrospect client crafted packet buffer overflow attempt (server-other.rules) * 1:2075 <-> DISABLED <-> SERVER-WEBAPP Mambo upload.php upload php file attempt (server-webapp.rules) * 1:20750 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:20751 <-> ENABLED <-> FILE-IDENTIFY webm file download request (file-identify.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules) * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20758 <-> DISABLED <-> POLICY-OTHER Progrea Movicon TCPUploadServer.exe unauthenticated access attempt (policy-other.rules) * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:2076 <-> DISABLED <-> SERVER-WEBAPP Mambo uploadimage.php access (server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules) * 1:20764 <-> DISABLED <-> SERVER-WEBAPP SyBase MBusiness xml closing tag overflow attempt (server-webapp.rules) * 1:20766 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20768 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20769 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:2077 <-> DISABLED <-> SERVER-WEBAPP Mambo upload.php access (server-webapp.rules) * 1:20770 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20771 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20772 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20773 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20774 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20775 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20776 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (file-other.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:2078 <-> DISABLED <-> SERVER-WEBAPP phpBB privmsg.php access (server-webapp.rules) * 1:20780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20786 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20787 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20788 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20789 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:2079 <-> DISABLED <-> PROTOCOL-RPC portmap nlockmgr request UDP (protocol-rpc.rules) * 1:20790 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:208 <-> DISABLED <-> MALWARE-BACKDOOR PhaseZero Server Active on Network (malware-backdoor.rules) * 1:2080 <-> DISABLED <-> PROTOCOL-RPC portmap nlockmgr request TCP (protocol-rpc.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20802 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC file MarkupLinkedItem arbitrary code execution attempt (file-pdf.rules) * 1:20803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20804 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20805 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20806 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20807 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20808 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20809 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:2081 <-> DISABLED <-> PROTOCOL-RPC portmap rpc.xfsmd request UDP (protocol-rpc.rules) * 1:20810 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules) * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules) * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (browser-firefox.rules) * 1:20815 <-> DISABLED <-> SERVER-WEBAPP Vmist Downstat remote file include in chart.php art (server-webapp.rules) * 1:20816 <-> DISABLED <-> SERVER-WEBAPP Vmist Downstat remote file include in admin.php art (server-webapp.rules) * 1:20817 <-> DISABLED <-> SERVER-WEBAPP Vmist Downstat remote file include in modes.php art (server-webapp.rules) * 1:20818 <-> DISABLED <-> SERVER-WEBAPP Vmist Downstat remote file include in stats.php art (server-webapp.rules) * 1:20819 <-> DISABLED <-> SERVER-WEBAPP ACal Calendar Project cookie based authentication bypass attempt (server-webapp.rules) * 1:2082 <-> DISABLED <-> PROTOCOL-RPC portmap rpc.xfsmd request TCP (protocol-rpc.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20821 <-> DISABLED <-> SERVER-APACHE Apache APR header memory corruption attempt (server-apache.rules) * 1:20822 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt malicious string (browser-ie.rules) * 1:20824 <-> DISABLED <-> OS-WINDOWS generic web server hashing collision attack (os-windows.rules) * 1:20826 <-> DISABLED <-> SERVER-WEBAPP OABoard forum script remote file injection attempt (server-webapp.rules) * 1:20827 <-> DISABLED <-> SERVER-WEBAPP phpThumb fltr[] parameter remote command execution attempt (server-webapp.rules) * 1:20828 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (server-iis.rules) * 1:20829 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:2083 <-> DISABLED <-> PROTOCOL-RPC rpc.xfsmd xfs_export attempt UDP (protocol-rpc.rules) * 1:20830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.amdu variant outbound connection (malware-cnc.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules) * 1:20832 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager administrator interface SQL injection attempt (server-webapp.rules) * 1:20834 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:20835 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules) * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:2084 <-> DISABLED <-> PROTOCOL-RPC rpc.xfsmd xfs_export attempt TCP (protocol-rpc.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules) * 1:20845 <-> DISABLED <-> SERVER-WEBAPP HP Network Node Manager cross site scripting attempt (server-webapp.rules) * 1:20846 <-> DISABLED <-> BROWSER-PLUGINS Oracle Hyperion Strategic Finance Client SetDevNames ActiveX clsid access attempt (browser-plugins.rules) * 1:20847 <-> DISABLED <-> BROWSER-PLUGINS Oracle Hyperion Strategic Finance Client SetDevNames ActiveX clsid access attempt (browser-plugins.rules) * 1:20848 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:20849 <-> ENABLED <-> FILE-IDENTIFY MAKI file attachment detected (file-identify.rules) * 1:2085 <-> DISABLED <-> SERVER-WEBAPP parse_xml.cgi access (server-webapp.rules) * 1:20850 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules) * 1:20851 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows EMF metafile file attachment detected (file-identify.rules) * 1:20852 <-> ENABLED <-> FILE-IDENTIFY DAZ Studio script download request (file-identify.rules) * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20858 <-> DISABLED <-> FILE-JAVA Oracle Java getSoundBank overflow Attempt malicious jar file (file-java.rules) * 1:20859 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya embedded language script download request (file-identify.rules) * 1:2086 <-> DISABLED <-> SERVER-WEBAPP streaming server parse_xml.cgi access (server-webapp.rules) * 1:20860 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (file-other.rules) * 1:20862 <-> DISABLED <-> SERVER-WEBAPP Jive Software Openfire logviewer.jsp XSS attempt (server-webapp.rules) * 1:20863 <-> DISABLED <-> SERVER-WEBAPP Jive Software Openfire log.jsp XSS attempt (server-webapp.rules) * 1:20864 <-> DISABLED <-> SERVER-WEBAPP Jive Software Openfire group-summary.jsp XSS attempt (server-webapp.rules) * 1:20865 <-> DISABLED <-> SERVER-WEBAPP Jive Software Openfire user-properties.jsp XSS attempt (server-webapp.rules) * 1:20866 <-> DISABLED <-> SERVER-WEBAPP Jive Software Openfire audit-policy.jsp XSS attempt (server-webapp.rules) * 1:20867 <-> DISABLED <-> SERVER-WEBAPP Jive Software Openfire server-properties.jsp XSS attempt (server-webapp.rules) * 1:20868 <-> DISABLED <-> SERVER-WEBAPP Jive Software Openfire muc-room-edit-form.jsp XSS attempt (server-webapp.rules) * 1:20869 <-> ENABLED <-> FILE-IDENTIFY Autodesk 3D Studio Maxscript download request (file-identify.rules) * 1:2087 <-> DISABLED <-> SERVER-MAIL From comment overflow attempt (server-mail.rules) * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (file-other.rules) * 1:20871 <-> ENABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20872 <-> DISABLED <-> SERVER-WEBAPP Worldweaver DX Studio Player shell.execute command execution attempt (server-webapp.rules) * 1:20873 <-> DISABLED <-> POLICY-OTHER TRACE attempt (policy-other.rules) * 1:20874 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:20875 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX clsid access (browser-plugins.rules) * 1:20876 <-> DISABLED <-> SERVER-OTHER IBM solidDB solid.exe authentication bypass attempt (server-other.rules) * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules) * 1:20878 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:20879 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Embedded Package Object packager.exe file load exploit attempt (os-windows.rules) * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules) * 1:20880 <-> DISABLED <-> FILE-OFFICE Microsoft DirectShow Line 21 decoder exploit attempt (file-office.rules) * 1:20882 <-> ENABLED <-> FILE-OFFICE Microsoft Windows embedded packager object identifier (file-office.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:20884 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:20885 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20886 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20887 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:20888 <-> ENABLED <-> FILE-IDENTIFY Video Spirit visprj download attempt (file-identify.rules) * 1:20889 <-> DISABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (file-other.rules) * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules) * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules) * 1:20893 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20894 <-> ENABLED <-> FILE-IDENTIFY Video Spirit file attachment detected (file-identify.rules) * 1:20895 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20896 <-> ENABLED <-> FILE-IDENTIFY AutoDesk 3D Studio Maxscript file attachment detected (file-identify.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:209 <-> DISABLED <-> MALWARE-BACKDOOR w00w00 attempt (malware-backdoor.rules) * 1:2090 <-> DISABLED <-> SERVER-IIS WEBDAV exploit attempt (server-iis.rules) * 1:20900 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:20901 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Works WkImgSrv.dll ActiveX control exploit attempt (browser-plugins.rules) * 1:20902 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20903 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20904 <-> DISABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:2091 <-> DISABLED <-> SERVER-IIS WEBDAV nessus safe scan attempt (server-iis.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20911 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20912 <-> ENABLED <-> FILE-IDENTIFY EPS file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20915 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20916 <-> ENABLED <-> FILE-IDENTIFY caff file attachment detected (file-identify.rules) * 1:20917 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20918 <-> ENABLED <-> FILE-IDENTIFY BAK file attachment detected (file-identify.rules) * 1:20919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader BMP color unused corruption (file-pdf.rules) * 1:2092 <-> DISABLED <-> PROTOCOL-RPC portmap proxy integer overflow attempt UDP (protocol-rpc.rules) * 1:20920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DCT dequantizer memory corruption attempt (file-pdf.rules) * 1:20921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP colors used integer overflow attempt (file-pdf.rules) * 1:20922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded BMP bit count integer overflow attempt (file-pdf.rules) * 1:20924 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:20928 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:2093 <-> DISABLED <-> PROTOCOL-RPC portmap proxy integer overflow attempt TCP (protocol-rpc.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:2094 <-> DISABLED <-> PROTOCOL-RPC CMSD UDP CMSD_CREATE array buffer overflow attempt (protocol-rpc.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20949 <-> DISABLED <-> BROWSER-PLUGINS Autodesk iDrop ActiveX clsid access (browser-plugins.rules) * 1:2095 <-> DISABLED <-> PROTOCOL-RPC CMSD TCP CMSD_CREATE array buffer overflow attempt (protocol-rpc.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> ENABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> ENABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> ENABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> ENABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ZmEu - vulnerability scanner (malware-cnc.rules) * 1:20989 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single_static_bit encoder (indicator-shellcode.rules) * 1:20990 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower encoder (indicator-shellcode.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20997 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit Display box rendering corruption attempt (browser-webkit.rules) * 1:20998 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript submitform memory corruption attempt (file-pdf.rules) * 1:20999 <-> DISABLED <-> BROWSER-WEBKIT Microsoft Windows 7 x64 Apple Safari abnormally long iframe exploit attempt (browser-webkit.rules) * 1:210 <-> DISABLED <-> MALWARE-BACKDOOR attempt (malware-backdoor.rules) * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules) * 1:21000 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX clsid access (protocol-scada.rules) * 1:21001 <-> DISABLED <-> PROTOCOL-SCADA Microsys PROMOTIC ActiveX function call access (protocol-scada.rules) * 1:21002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:21003 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html request (malware-cnc.rules) * 1:21004 <-> DISABLED <-> MALWARE-CNC Cute Pack cute-ie.html landing page (malware-cnc.rules) * 1:21005 <-> ENABLED <-> MALWARE-CNC Yang Pack yg.htm download request (malware-cnc.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21007 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:21008 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file download request (file-identify.rules) * 1:21009 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:2101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:21010 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file attachment detected (file-identify.rules) * 1:21011 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:21012 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file download request (file-identify.rules) * 1:21013 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21014 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cy3 file attachment detected (file-identify.rules) * 1:21015 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:21016 <-> ENABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21018 <-> ENABLED <-> FILE-IDENTIFY cyb Cytel Studio file download request (file-identify.rules) * 1:21019 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules) * 1:21020 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules) * 1:21021 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules) * 1:21022 <-> DISABLED <-> BROWSER-PLUGINS Viscom Software Image Viewer ActiveX clsid access (browser-plugins.rules) * 1:21023 <-> DISABLED <-> BROWSER-PLUGINS Viscom Software Image Viewer ActiveX function call access (browser-plugins.rules) * 1:21024 <-> DISABLED <-> BROWSER-PLUGINS McAfee Security as a Service ActiveX clsid access attempt (browser-plugins.rules) * 1:21025 <-> DISABLED <-> BROWSER-PLUGINS McAfee Security as a Service ActiveX function call attempt (browser-plugins.rules) * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:1008 <-> DISABLED <-> SERVER-IIS del attempt (server-iis.rules) * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules) * 1:10084 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioFile2 ActiveX clsid access (browser-plugins.rules) * 1:10086 <-> DISABLED <-> BROWSER-PLUGINS NCTAudioFile2 ActiveX function call access (browser-plugins.rules) * 1:10087 <-> DISABLED <-> SERVER-OTHER VNC password request buffer overflow attempt (server-other.rules) * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules) * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules) * 1:1009 <-> DISABLED <-> SERVER-IIS directory listing (server-iis.rules) * 1:10090 <-> DISABLED <-> PUA-ADWARE Trickler zango easymessenger outbound connection (pua-adware.rules) * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules) * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules) * 1:10093 <-> DISABLED <-> PUA-TOOLBARS Hijacker kuaiso toolbar runtime detection (pua-toolbars.rules) * 1:10094 <-> DISABLED <-> PUA-ADWARE Adware borlan runtime detection (pua-adware.rules) * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules) * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules) * 1:10097 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules) * 1:10099 <-> ENABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection (malware-other.rules) * 1:1010 <-> DISABLED <-> SERVER-IIS encoding access (server-iis.rules) * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules) * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules) * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules) * 1:10103 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10104 <-> ENABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules) * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules) * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules) * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules) * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules) * 1:1011 <-> DISABLED <-> SERVER-IIS exec-src access (server-iis.rules) * 1:10110 <-> ENABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules) * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules) * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules) * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:10116 <-> DISABLED <-> POLICY-SOCIAL AIM GoChat URL access attempt (policy-social.rules) * 1:10117 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules) * 1:1012 <-> DISABLED <-> SERVER-IIS fpcount attempt (server-iis.rules) * 1:10123 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone default password attempt (protocol-voip.rules) * 1:10124 <-> DISABLED <-> PROTOCOL-VOIP PA168 chipset based IP phone authentication bypass (protocol-voip.rules) * 1:10125 <-> DISABLED <-> SERVER-OTHER bomberclone buffer overflow attempt (server-other.rules) * 1:10126 <-> DISABLED <-> FILE-IMAGE Apple QuickTime JPEG Huffman Table integer underflow attempt (file-image.rules) * 1:10128 <-> DISABLED <-> BROWSER-PLUGINS Aliplay ActiveX clsid access (browser-plugins.rules) * 1:1013 <-> DISABLED <-> SERVER-IIS fpcount access (server-iis.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules) * 1:10132 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules) * 1:10133 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules) * 1:10134 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service buffer overflow attempt (server-other.rules) * 1:10135 <-> DISABLED <-> SERVER-OTHER Squid proxy FTP denial of service attempt (server-other.rules) * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules) * 1:10137 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor ActiveX clsid access (browser-plugins.rules) * 1:10139 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor ActiveX function call access (browser-plugins.rules) * 1:10140 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 2 ActiveX clsid access attempt (browser-plugins.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:1015 <-> DISABLED <-> SERVER-IIS getdrvs.exe access (server-iis.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10156 <-> DISABLED <-> BROWSER-PLUGINS ActiveX Soft DVD Tools ActiveX clsid access (browser-plugins.rules) * 1:1016 <-> DISABLED <-> SERVER-IIS global.asa access (server-iis.rules) * 1:10162 <-> DISABLED <-> BROWSER-PLUGINS BrowseDialog ActiveX clsid access (browser-plugins.rules) * 1:10164 <-> DISABLED <-> PUA-ADWARE Adware adclicker-ej runtime detection (pua-adware.rules) * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules) * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules) * 1:10167 <-> DISABLED <-> MALWARE-OTHER Keylogger radar spy 1.0 runtime detection - send html log (malware-other.rules) * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules) * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules) * 1:1017 <-> DISABLED <-> SERVER-IIS idc-srch attempt (server-iis.rules) * 1:10170 <-> DISABLED <-> BROWSER-PLUGINS Verisign ConfigCHK ActiveX clsid access (browser-plugins.rules) * 1:10172 <-> DISABLED <-> SERVER-WEBAPP uTorrent announce buffer overflow attempt (server-webapp.rules) * 1:10173 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro OfficeScan Client ActiveX clsid access (browser-plugins.rules) * 1:10175 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro OfficeScan Client ActiveX function call access (browser-plugins.rules) * 1:10176 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Shell User Enumeration Object ActiveX clsid access (browser-plugins.rules) * 1:10178 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Shell User Enumeration Object ActiveX function call access (browser-plugins.rules) * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules) * 1:1018 <-> DISABLED <-> SERVER-IIS iisadmpwd attempt (server-iis.rules) * 1:10180 <-> DISABLED <-> PUA-TOOLBARS Adware eqiso runtime detection (pua-toolbars.rules) * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules) * 1:10182 <-> DISABLED <-> PUA-ADWARE Adware newweb runtime detection (pua-adware.rules) * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules) * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules) * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules) * 1:10186 <-> DISABLED <-> SERVER-MAIL ClamAV mime parsing directory traversal (server-mail.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10188 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XMD5 overflow attempt (protocol-ftp.rules) * 1:10189 <-> DISABLED <-> BROWSER-PLUGINS DivXBrowserPlugin ActiveX clsid access (browser-plugins.rules) * 1:1019 <-> DISABLED <-> SERVER-IIS Malformed Hit-Highlighting Argument File Access Attempt (server-iis.rules) * 1:10191 <-> DISABLED <-> BROWSER-PLUGINS DivXBrowserPlugin ActiveX function call access (browser-plugins.rules) * 1:10192 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access (browser-plugins.rules) * 1:10193 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules) * 1:10194 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules) * 1:10195 <-> DISABLED <-> SERVER-WEBAPP Content-Length buffer overflow attempt (server-webapp.rules) * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules) * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules) * 1:1020 <-> DISABLED <-> SERVER-IIS isc$data attempt (server-iis.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:1021 <-> DISABLED <-> SERVER-IIS ism.dll attempt (server-iis.rules) * 1:10214 <-> DISABLED <-> BROWSER-PLUGINS Shockwave ActiveX Control clsid access (browser-plugins.rules) * 1:10216 <-> DISABLED <-> BROWSER-PLUGINS Shockwave ActiveX Control ActiveX function call access (browser-plugins.rules) * 1:1022 <-> DISABLED <-> SERVER-IIS jet vba access (server-iis.rules) * 1:1023 <-> DISABLED <-> SERVER-IIS msadcs.dll access (server-iis.rules) * 1:1024 <-> DISABLED <-> SERVER-IIS newdsn.exe access (server-iis.rules) * 1:1025 <-> DISABLED <-> SERVER-IIS perl access (server-iis.rules) * 1:1026 <-> DISABLED <-> SERVER-IIS perl-browse newline attempt (server-iis.rules) * 1:1027 <-> DISABLED <-> SERVER-IIS perl-browse space attempt (server-iis.rules) * 1:1028 <-> DISABLED <-> SERVER-IIS query.asp access (server-iis.rules) * 1:10285 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP svcctl ChangeServiceConfig2A attempt (netbios.rules) * 1:1029 <-> DISABLED <-> SERVER-IIS scripts-browse access (server-iis.rules) * 1:1030 <-> DISABLED <-> SERVER-IIS search97.vts access (server-iis.rules) * 1:1031 <-> DISABLED <-> SERVER-IIS /SiteServer/Publishing/viewcode.asp access (server-iis.rules) * 1:1032 <-> DISABLED <-> SERVER-IIS showcode access (server-iis.rules) * 1:1033 <-> DISABLED <-> SERVER-IIS viewcode access (server-iis.rules) * 1:1034 <-> DISABLED <-> SERVER-IIS viewcode access (server-iis.rules) * 1:1035 <-> DISABLED <-> SERVER-IIS viewcode access (server-iis.rules) * 1:1036 <-> DISABLED <-> SERVER-IIS viewcode access (server-iis.rules) * 1:1037 <-> DISABLED <-> SERVER-IIS showcode.asp access (server-iis.rules) * 1:1038 <-> DISABLED <-> SERVER-IIS site server config access (server-iis.rules) * 1:10387 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX clsid access attempt (browser-plugins.rules) * 1:10389 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX function call access attempt (browser-plugins.rules) * 1:1039 <-> DISABLED <-> SERVER-IIS srch.htm access (server-iis.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:1040 <-> DISABLED <-> SERVER-IIS srchadm access (server-iis.rules) * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules) * 1:10404 <-> DISABLED <-> BROWSER-PLUGINS SignKorea SKCommAX ActiveX clsid access (browser-plugins.rules) * 1:10406 <-> DISABLED <-> BROWSER-PLUGINS SignKorea SKCommAX ActiveX function call access (browser-plugins.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:10408 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10409 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:1041 <-> DISABLED <-> SERVER-IIS uploadn.asp access (server-iis.rules) * 1:10410 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD tcp request (protocol-rpc.rules) * 1:10411 <-> DISABLED <-> PROTOCOL-RPC portmap HP-UX Single Logical Screen SLSD udp request (protocol-rpc.rules) * 1:10412 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus SameTime STJNILoader ActiveX clsid access attempt (browser-plugins.rules) * 1:10414 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus SameTime STJNILoader Alt CLSID ActiveX function call access (browser-plugins.rules) * 1:10415 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus SameTime STJNILoader ActiveX clsid access attempt (browser-plugins.rules) * 1:10417 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus SameTime STJNILoader ActiveX function call access (browser-plugins.rules) * 1:10418 <-> DISABLED <-> OS-SOLARIS Oracle Solaris lpd unlink file attempt (os-solaris.rules) * 1:10419 <-> DISABLED <-> BROWSER-PLUGINS HP Mercury Quality Center SPIDERLib ProgColor ActiveX clsid access (browser-plugins.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:10421 <-> DISABLED <-> BROWSER-PLUGINS HP Mercury Quality Center SPIDERLib ActiveX function call access (browser-plugins.rules) * 1:10423 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Audio Conferencing ActiveX clsid access (browser-plugins.rules) * 1:10425 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Audio Conferencing ActiveX function call access (browser-plugins.rules) * 1:10427 <-> DISABLED <-> BROWSER-PLUGINS Kaspersky AntiVirus SysInfo ActiveX clsid access (browser-plugins.rules) * 1:10429 <-> DISABLED <-> BROWSER-PLUGINS Kaspersky AntiVirus SysInfo ActiveX function call access (browser-plugins.rules) * 1:1043 <-> DISABLED <-> SERVER-IIS viewcode.asp access (server-iis.rules) * 1:10431 <-> DISABLED <-> BROWSER-PLUGINS Kaspersky AntiVirus KAV60Info ActiveX clsid access (browser-plugins.rules) * 1:10433 <-> DISABLED <-> BROWSER-PLUGINS Kaspersky AntiVirus KAV60Info ActiveX function call access (browser-plugins.rules) * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules) * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules) * 1:10437 <-> DISABLED <-> PUA-ADWARE Hijacker bazookabar outbound connection (pua-adware.rules) * 1:10439 <-> DISABLED <-> PUA-ADWARE Adware mokead runtime detection (pua-adware.rules) * 1:1044 <-> DISABLED <-> SERVER-IIS webhits access (server-iis.rules) * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules) * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules) * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules) * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules) * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules) * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules) * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules) * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b variant outbound connection icq notification (malware-cnc.rules) * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules) * 1:1045 <-> DISABLED <-> SERVER-IIS Unauthorized IP Access Attempt (server-iis.rules) * 1:10450 <-> ENABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules) * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules) * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:10455 <-> ENABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules) * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules) * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules) * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules) * 1:1046 <-> DISABLED <-> SERVER-IIS site/iisamples access (server-iis.rules) * 1:10460 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules) * 1:10462 <-> ENABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules) * 1:10464 <-> DISABLED <-> PROTOCOL-TELNET kerberos login environment variable authentication bypass attempt (protocol-telnet.rules) * 1:10466 <-> DISABLED <-> BROWSER-PLUGINS iPIX Image Well ActiveX clsid access (browser-plugins.rules) * 1:10468 <-> DISABLED <-> BROWSER-PLUGINS iPIX Image Well ActiveX function call access (browser-plugins.rules) * 1:1047 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise DOS (server-webapp.rules) * 1:10470 <-> DISABLED <-> BROWSER-PLUGINS iPIX Media Send Class ActiveX clsid access (browser-plugins.rules) * 1:10472 <-> DISABLED <-> BROWSER-PLUGINS iPIX Media Send Class ActiveX function call access (browser-plugins.rules) * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules) * 1:10476 <-> DISABLED <-> BROWSER-PLUGINS MarkAny MaPrintModule_WORK ActiveX clsid access (browser-plugins.rules) * 1:10478 <-> DISABLED <-> BROWSER-PLUGINS MarkAny MaPrintModule_WORK ActiveX function call access (browser-plugins.rules) * 1:1048 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise directory listing attempt (server-webapp.rules) * 1:10482 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp request (protocol-rpc.rules) * 1:10483 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp request (protocol-rpc.rules) * 1:10484 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (protocol-rpc.rules) * 1:10485 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 191 attempt (protocol-rpc.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:105 <-> DISABLED <-> MALWARE-BACKDOOR - Dagger_1.4.0 (malware-backdoor.rules) * 1:1050 <-> DISABLED <-> SERVER-WEBAPP iPlanet GETPROPERTIES attempt (server-webapp.rules) * 1:10504 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:10505 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:1051 <-> DISABLED <-> FILE-OTHER technote main.cgi file directory traversal attempt (file-other.rules) * 1:1052 <-> DISABLED <-> SERVER-WEBAPP technote print.cgi directory traversal attempt (server-webapp.rules) * 1:1053 <-> DISABLED <-> SERVER-WEBAPP ads.cgi command execution attempt (server-webapp.rules) * 1:1054 <-> DISABLED <-> SERVER-WEBAPP weblogic/tomcat .jsp view source attempt (server-webapp.rules) * 1:1056 <-> DISABLED <-> SERVER-APACHE Apache Tomcat view source attempt (server-apache.rules) * 1:1057 <-> DISABLED <-> SQL ftp attempt (sql.rules) * 1:1058 <-> DISABLED <-> SQL xp_enumdsn attempt (sql.rules) * 1:1059 <-> DISABLED <-> SQL xp_filelist attempt (sql.rules) * 1:1060 <-> DISABLED <-> SQL xp_availablemedia attempt (sql.rules) * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules) * 1:1061 <-> DISABLED <-> SQL xp_cmdshell attempt (sql.rules) * 1:1062 <-> DISABLED <-> SERVER-WEBAPP nc.exe attempt (server-webapp.rules) * 1:1064 <-> DISABLED <-> SERVER-WEBAPP wsh attempt (server-webapp.rules) * 1:1065 <-> DISABLED <-> SERVER-WEBAPP rcmd attempt (server-webapp.rules) * 1:1066 <-> DISABLED <-> SERVER-WEBAPP telnet attempt (server-webapp.rules) * 1:1067 <-> DISABLED <-> SERVER-WEBAPP net attempt (server-webapp.rules) * 1:1068 <-> DISABLED <-> SERVER-WEBAPP tftp attempt (server-webapp.rules) * 1:1069 <-> DISABLED <-> SQL xp_regread attempt (sql.rules) * 1:1070 <-> DISABLED <-> SERVER-WEBAPP WebDAV search access (server-webapp.rules) * 1:1071 <-> DISABLED <-> SERVER-WEBAPP .htpasswd access attempt (server-webapp.rules) * 1:1072 <-> DISABLED <-> SERVER-WEBAPP Lotus Domino directory traversal (server-webapp.rules) * 1:1073 <-> DISABLED <-> SERVER-WEBAPP webhits.exe access (server-webapp.rules) * 1:1075 <-> DISABLED <-> SERVER-IIS postinfo.asp access (server-iis.rules) * 1:1076 <-> DISABLED <-> SERVER-IIS repost.asp access (server-iis.rules) * 1:1077 <-> DISABLED <-> SQL queryhit.htm access (sql.rules) * 1:1078 <-> DISABLED <-> SQL counter.exe access (sql.rules) * 1:1079 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV propfind access (os-windows.rules) * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules) * 1:1080 <-> DISABLED <-> SERVER-WEBAPP unify eWave ServletExec upload (server-webapp.rules) * 1:1081 <-> DISABLED <-> SERVER-WEBAPP Netscape Servers suite DOS (server-webapp.rules) * 1:1082 <-> DISABLED <-> SERVER-WEBAPP amazon 1-click cookie theft (server-webapp.rules) * 1:1083 <-> DISABLED <-> SERVER-WEBAPP unify eWave ServletExec DOS (server-webapp.rules) * 1:1084 <-> DISABLED <-> SERVER-WEBAPP Allaire JRUN DOS attempt (server-webapp.rules) * 1:1085 <-> DISABLED <-> SERVER-WEBAPP strings overflow (server-webapp.rules) * 1:1086 <-> DISABLED <-> SERVER-WEBAPP strings overflow (server-webapp.rules) * 1:1088 <-> DISABLED <-> SERVER-WEBAPP eXtropia webstore directory traversal (server-webapp.rules) * 1:1089 <-> DISABLED <-> SERVER-WEBAPP shopping cart directory traversal (server-webapp.rules) * 1:1090 <-> DISABLED <-> SERVER-WEBAPP Allaire Pro Web Shell attempt (server-webapp.rules) * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules) * 1:1091 <-> DISABLED <-> SERVER-WEBAPP ICQ Webfront HTTP DOS (server-webapp.rules) * 1:1092 <-> DISABLED <-> SERVER-WEBAPP Armada Style Master Index directory traversal (server-webapp.rules) * 1:1093 <-> DISABLED <-> SERVER-WEBAPP cached_feed.cgi moreover shopping cart directory traversal (server-webapp.rules) * 1:1095 <-> DISABLED <-> SERVER-WEBAPP Talentsoft Web+ Source Code view access (server-webapp.rules) * 1:1096 <-> DISABLED <-> SERVER-WEBAPP Talentsoft Web+ internal IP Address access (server-webapp.rules) * 1:1097 <-> DISABLED <-> SERVER-WEBAPP Talentsoft Web+ exploit attempt (server-webapp.rules) * 1:10978 <-> DISABLED <-> BROWSER-PLUGINS Second Sight Software ActiveGS ActiveX clsid access (browser-plugins.rules) * 1:1098 <-> DISABLED <-> SERVER-WEBAPP SmartWin CyberOffice Shopping Cart access (server-webapp.rules) * 1:10980 <-> DISABLED <-> BROWSER-PLUGINS Second Sight Software ActiveGS ActiveX function call access (browser-plugins.rules) * 1:10982 <-> DISABLED <-> BROWSER-PLUGINS Second Sight Software ActiveMod ActiveX clsid access (browser-plugins.rules) * 1:10984 <-> DISABLED <-> BROWSER-PLUGINS Second Sight Software ActiveMod ActiveX function call access (browser-plugins.rules) * 1:10986 <-> DISABLED <-> BROWSER-PLUGINS GraceNote CDDB ActiveX clsid access (browser-plugins.rules) * 1:10988 <-> DISABLED <-> BROWSER-PLUGINS GraceNote CDDB ActiveX function call access (browser-plugins.rules) * 1:1099 <-> DISABLED <-> SERVER-WEBAPP cybercop scan (server-webapp.rules) * 1:10990 <-> DISABLED <-> SERVER-WEBAPP encoded cross site scripting HTML Image tag attempt (server-webapp.rules) * 1:10991 <-> DISABLED <-> BROWSER-PLUGINS Microgaming Download Helper ActiveX clsid access (browser-plugins.rules) * 1:10993 <-> DISABLED <-> BROWSER-PLUGINS Microgaming Download Helper ActiveX function call access (browser-plugins.rules) * 1:10997 <-> DISABLED <-> SERVER-WEBAPP SSLv2 OpenSSl KEY_ARG buffer overflow attempt (server-webapp.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:10999 <-> DISABLED <-> SERVER-WEBAPP chetcpasswd access (server-webapp.rules) * 1:110 <-> DISABLED <-> MALWARE-BACKDOOR netbus getinfo (malware-backdoor.rules) * 1:1100 <-> DISABLED <-> INDICATOR-SCAN L3retriever HTTP Probe (indicator-scan.rules) * 1:11000 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11001 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11002 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11003 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:1101 <-> DISABLED <-> INDICATOR-SCAN Webtrends HTTP probe (indicator-scan.rules) * 1:1102 <-> DISABLED <-> SERVER-WEBAPP nessus 1.X 404 probe (server-webapp.rules) * 1:1103 <-> DISABLED <-> SERVER-WEBAPP Netscape admin passwd (server-webapp.rules) * 1:1105 <-> DISABLED <-> SERVER-WEBAPP BigBrother access (server-webapp.rules) * 1:1106 <-> DISABLED <-> SERVER-WEBAPP Poll-it access (server-webapp.rules) * 1:1107 <-> DISABLED <-> SERVER-WEBAPP ftp.pl access (server-webapp.rules) * 1:11073 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:11074 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss _RemoteGetClassObject attempt (os-windows.rules) * 1:1108 <-> DISABLED <-> SERVER-APACHE Apache Tomcat server snoop access (server-apache.rules) * 1:1109 <-> DISABLED <-> SERVER-WEBAPP ROXEN directory list attempt (server-webapp.rules) * 1:1110 <-> DISABLED <-> SERVER-WEBAPP apache source.asp file access (server-webapp.rules) * 1:1111 <-> DISABLED <-> SERVER-APACHE Apache Tomcat server exploit access (server-apache.rules) * 1:1115 <-> DISABLED <-> SERVER-WEBAPP ICQ webserver DOS (server-webapp.rules) * 1:1116 <-> DISABLED <-> SERVER-WEBAPP Lotus DelDoc attempt (server-webapp.rules) * 1:1117 <-> DISABLED <-> SERVER-WEBAPP Lotus EditDoc attempt (server-webapp.rules) * 1:11175 <-> DISABLED <-> SERVER-ORACLE dbms_cdc_ipublish.chgtab_cache buffer overflow attempt (server-oracle.rules) * 1:11176 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office PowerPoint Viewer ActiveX clsid access (browser-plugins.rules) * 1:11178 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office PowerPoint Viewer ActiveX function call access (browser-plugins.rules) * 1:1118 <-> DISABLED <-> SERVER-WEBAPP ls 20-l (server-webapp.rules) * 1:11180 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie ftyp buffer underflow (file-multimedia.rules) * 1:11181 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Viewer ActiveX clsid access (browser-plugins.rules) * 1:11183 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Viewer ActiveX function call access (browser-plugins.rules) * 1:11185 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos via username attempt (server-other.rules) * 1:11186 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos (password -- server-other.rules) * 1:11187 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Word Viewer ActiveX clsid access (browser-plugins.rules) * 1:11189 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Word Viewer ActiveX function call access (browser-plugins.rules) * 1:1119 <-> DISABLED <-> SERVER-WEBAPP mlog.phtml access (server-webapp.rules) * 1:11191 <-> DISABLED <-> SERVER-IIS Microsoft Content Management Server memory corruption (server-iis.rules) * 1:11192 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:11193 <-> DISABLED <-> SERVER-WEBAPP Oracle iSQL Plus cross site scripting attempt (server-webapp.rules) * 1:11194 <-> DISABLED <-> SERVER-WEBAPP Oracle iSQL Plus cross site scripting attempt (server-webapp.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11197 <-> DISABLED <-> BROWSER-PLUGINS ActiveX Soft DVD Tools ActiveX function call access (browser-plugins.rules) * 1:11199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer ActiveX clsid access (browser-plugins.rules) * 1:1120 <-> DISABLED <-> SERVER-WEBAPP mylog.phtml access (server-webapp.rules) * 1:11201 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer ActiveX function call access (browser-plugins.rules) * 1:11203 <-> DISABLED <-> SERVER-ORACLE sys.dbms_apply_user_agent.set_registration_handler access attempt (server-oracle.rules) * 1:11204 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt (server-oracle.rules) * 1:11205 <-> DISABLED <-> SERVER-ORACLE sys.dbms_upgrade_internal access attempt (server-oracle.rules) * 1:11206 <-> DISABLED <-> BROWSER-PLUGINS East Wind Software ADVDAUDIO ActiveX clsid access (browser-plugins.rules) * 1:11208 <-> DISABLED <-> BROWSER-PLUGINS East Wind Software ADVDAUDIO ActiveX function call access (browser-plugins.rules) * 1:11210 <-> DISABLED <-> BROWSER-PLUGINS Sienzo Digital Music Mentor ActiveX clsid access (browser-plugins.rules) * 1:11212 <-> DISABLED <-> BROWSER-PLUGINS Sienzo Digital Music Mentor ActiveX function call access (browser-plugins.rules) * 1:11214 <-> DISABLED <-> BROWSER-PLUGINS VeralSoft HTTP File Uploader ActiveX clsid access (browser-plugins.rules) * 1:11216 <-> DISABLED <-> BROWSER-PLUGINS VeralSoft HTTP File Uploader ActiveX function call access (browser-plugins.rules) * 1:11218 <-> DISABLED <-> BROWSER-PLUGINS SmartCode VNC Manager ActiveX clsid access (browser-plugins.rules) * 1:1122 <-> DISABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules) * 1:11220 <-> DISABLED <-> BROWSER-PLUGINS SmartCode VNC Manager ActiveX function call access (browser-plugins.rules) * 1:11223 <-> DISABLED <-> SERVER-WEBAPP google proxystylesheet arbitrary command execution attempt (server-webapp.rules) * 1:11224 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSAuth ActiveX clsid access (browser-plugins.rules) * 1:11226 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSAuth ActiveX function call access (browser-plugins.rules) * 1:11228 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX clsid access (browser-plugins.rules) * 1:1123 <-> DISABLED <-> SERVER-WEBAPP ?PageServices access (server-webapp.rules) * 1:11230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Cryptographic API COM 1 ActiveX clsid access (browser-plugins.rules) * 1:11232 <-> DISABLED <-> BROWSER-PLUGINS Microsoft CAPICOM CAPICOM.Certificates ActiveX clsid access attempt (browser-plugins.rules) * 1:11234 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Cryptographic API COM 2 ActiveX clsid access (browser-plugins.rules) * 1:11236 <-> DISABLED <-> BROWSER-PLUGINS OutlookExpress.AddressBook ActiveX clsid access (browser-plugins.rules) * 1:11239 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.Redirect ActiveX clsid access (browser-plugins.rules) * 1:1124 <-> DISABLED <-> SERVER-WEBAPP Ecommerce check.txt access (server-webapp.rules) * 1:11241 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.Redirect ActiveX function call access (browser-plugins.rules) * 1:11243 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAstatics ActiveX clsid access (browser-plugins.rules) * 1:11245 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAstatics ActiveX function call access (browser-plugins.rules) * 1:11247 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Research In Motion TeamOn Import ActiveX clsid access (browser-plugins.rules) * 1:1125 <-> DISABLED <-> SERVER-WEBAPP webcart access (server-webapp.rules) * 1:11250 <-> DISABLED <-> BROWSER-PLUGINS Sony Rootkit Uninstaller ActiveX clsid access (browser-plugins.rules) * 1:11252 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Address ActiveX clsid access (browser-plugins.rules) * 1:11253 <-> DISABLED <-> BROWSER-PLUGINS Microsoft MciWndx ActiveX clsid access (browser-plugins.rules) * 1:11255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft MciWndx ActiveX function call access (browser-plugins.rules) * 1:11257 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:11258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Named Graph Information unicode overflow attempt (file-office.rules) * 1:11259 <-> DISABLED <-> BROWSER-PLUGINS BarcodeWiz ActiveX clsid access (browser-plugins.rules) * 1:1126 <-> DISABLED <-> SERVER-WEBAPP AuthChangeUrl access (server-webapp.rules) * 1:11261 <-> DISABLED <-> BROWSER-PLUGINS BarcodeWiz ActiveX function call access (browser-plugins.rules) * 1:11263 <-> DISABLED <-> SERVER-APACHE Apache mod_ssl non-SSL connection to SSL port denial of service attempt (server-apache.rules) * 1:11264 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server 2000 Server hello buffer overflow attempt (server-mssql.rules) * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules) * 1:11266 <-> DISABLED <-> SERVER-OTHER Kerio Personal Firewall authentication buffer overflow attempt (server-other.rules) * 1:11267 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop PNG file handling stack buffer overflow attempt (file-image.rules) * 1:11268 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton AntiVirus ActiveX clsid access (browser-plugins.rules) * 1:1127 <-> DISABLED <-> SERVER-WEBAPP convert.bas access (server-webapp.rules) * 1:11270 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton AntiVirus ActiveX function call access (browser-plugins.rules) * 1:11272 <-> DISABLED <-> SERVER-APACHE Apache newline exploit attempt (server-apache.rules) * 1:11273 <-> DISABLED <-> SERVER-APACHE Apache header parsing space saturation denial of service attempt (server-apache.rules) * 1:11274 <-> DISABLED <-> BROWSER-PLUGINS RControl ActiveX clsid access (browser-plugins.rules) * 1:11276 <-> DISABLED <-> BROWSER-PLUGINS GDivX Zenith Player AVI Fixer ActiveX clsid access (browser-plugins.rules) * 1:11278 <-> DISABLED <-> BROWSER-PLUGINS GDivX Zenith Player AVI Fixer ActiveX function call access (browser-plugins.rules) * 1:1128 <-> DISABLED <-> SERVER-WEBAPP cpshost.dll access (server-webapp.rules) * 1:11280 <-> DISABLED <-> BROWSER-PLUGINS FlexLabel ActiveX clsid access (browser-plugins.rules) * 1:11282 <-> DISABLED <-> BROWSER-PLUGINS FlexLabel ActiveX function call access (browser-plugins.rules) * 1:11284 <-> DISABLED <-> BROWSER-PLUGINS AudioCDRipper ActiveX clsid access (browser-plugins.rules) * 1:11286 <-> DISABLED <-> BROWSER-PLUGINS AudioCDRipper ActiveX function call access (browser-plugins.rules) * 1:11288 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp request (protocol-rpc.rules) * 1:11289 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp zero-length payload denial of service attempt (protocol-rpc.rules) * 1:1129 <-> DISABLED <-> SERVER-WEBAPP .htaccess access (server-webapp.rules) * 1:11290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed named graph information ascii overflow attempt (file-office.rules) * 1:11291 <-> DISABLED <-> BROWSER-PLUGINS Hewlett Packard HPQVWOCX.DL ActiveX clsid access (browser-plugins.rules) * 1:11293 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation Linear Bar Code ActiveX clsid access (browser-plugins.rules) * 1:11295 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation Linear Bar Code ActiveX function call access (browser-plugins.rules) * 1:11297 <-> DISABLED <-> BROWSER-PLUGINS Clever Database Comparer ActiveX clsid access (browser-plugins.rules) * 1:11299 <-> DISABLED <-> BROWSER-PLUGINS Clever Database Comparer ActiveX function call access (browser-plugins.rules) * 1:1130 <-> DISABLED <-> SERVER-WEBAPP .wwwacl access (server-webapp.rules) * 1:11301 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DB Software Laboratory DeWizardX ActiveX clsid access (browser-plugins.rules) * 1:11303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DB Software Laboratory DeWizardX ActiveX function call access (browser-plugins.rules) * 1:11305 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - send log through smtp (pua-adware.rules) * 1:11306 <-> DISABLED <-> PUA-ADWARE Snoopware childwebguardian outbound connection - udp broadcast (pua-adware.rules) * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules) * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules) * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules) * 1:1131 <-> DISABLED <-> SERVER-WEBAPP .wwwacl access (server-webapp.rules) * 1:11310 <-> DISABLED <-> PUA-ADWARE Trickler iowa webdownloader - icq notification (pua-adware.rules) * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules) * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules) * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules) * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules) * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules) * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules) * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules) * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules) * 1:1132 <-> DISABLED <-> SERVER-WEBAPP Netscape Unixware overflow (server-webapp.rules) * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules) * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules) * 1:11322 <-> ENABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules) * 1:1133 <-> DISABLED <-> INDICATOR-SCAN cybercop os probe (indicator-scan.rules) * 1:1134 <-> DISABLED <-> SERVER-WEBAPP Phorum admin access (server-webapp.rules) * 1:1136 <-> DISABLED <-> SERVER-WEBAPP cd.. (server-webapp.rules) * 1:1137 <-> DISABLED <-> SERVER-WEBAPP Phorum authentication access (server-webapp.rules) * 1:1139 <-> DISABLED <-> SERVER-WEBAPP whisker HEAD/./ (server-webapp.rules) * 1:1140 <-> DISABLED <-> SERVER-WEBAPP guestbook.pl access (server-webapp.rules) * 1:1141 <-> DISABLED <-> SERVER-WEBAPP handler access (server-webapp.rules) * 1:1142 <-> DISABLED <-> SERVER-WEBAPP /.... access (server-webapp.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:1145 <-> DISABLED <-> SERVER-WEBAPP root access (server-webapp.rules) * 1:1146 <-> DISABLED <-> SERVER-WEBAPP Ecommerce import.txt access (server-webapp.rules) * 1:1147 <-> DISABLED <-> SERVER-WEBAPP cat_ access (server-webapp.rules) * 1:1148 <-> DISABLED <-> SERVER-WEBAPP Ecommerce import.txt access (server-webapp.rules) * 1:1149 <-> DISABLED <-> SERVER-WEBAPP count.cgi access (server-webapp.rules) * 1:115 <-> DISABLED <-> MALWARE-BACKDOOR NetBus Pro 2.0 connection established (malware-backdoor.rules) * 1:1150 <-> DISABLED <-> SERVER-WEBAPP Domino catalog.nsf access (server-webapp.rules) * 1:1151 <-> DISABLED <-> SERVER-WEBAPP Domino domcfg.nsf access (server-webapp.rules) * 1:1152 <-> DISABLED <-> SERVER-WEBAPP Domino domlog.nsf access (server-webapp.rules) * 1:1153 <-> DISABLED <-> SERVER-WEBAPP Domino log.nsf access (server-webapp.rules) * 1:1154 <-> DISABLED <-> SERVER-WEBAPP Domino names.nsf access (server-webapp.rules) * 1:1155 <-> DISABLED <-> SERVER-WEBAPP Ecommerce checks.txt access (server-webapp.rules) * 1:1156 <-> DISABLED <-> SERVER-WEBAPP apache directory disclosure attempt (server-webapp.rules) * 1:1157 <-> DISABLED <-> SERVER-WEBAPP Netscape PublishingXpert access (server-webapp.rules) * 1:1158 <-> DISABLED <-> SERVER-WEBAPP windmail.exe access (server-webapp.rules) * 1:1159 <-> DISABLED <-> SERVER-WEBAPP webplus access (server-webapp.rules) * 1:1160 <-> DISABLED <-> SERVER-WEBAPP Netscape dir index wp (server-webapp.rules) * 1:1161 <-> DISABLED <-> SERVER-WEBAPP piranha passwd.php3 access (server-webapp.rules) * 1:11616 <-> DISABLED <-> SERVER-WEBAPP Symantec Sygate Policy Manager SQL injection (server-webapp.rules) * 1:1162 <-> DISABLED <-> SERVER-WEBAPP cart 32 AdminPwd access (server-webapp.rules) * 1:11620 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.Chroma ActiveX function call access (browser-plugins.rules) * 1:11622 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000 OUACTR ActiveX clsid access (browser-plugins.rules) * 1:11624 <-> DISABLED <-> BROWSER-PLUGINS LeadTools ISIS ActiveX clsid access (browser-plugins.rules) * 1:11626 <-> DISABLED <-> BROWSER-PLUGINS LeadTools ISIS ActiveX function call access (browser-plugins.rules) * 1:11628 <-> DISABLED <-> BROWSER-PLUGINS LeadTools JPEG 2000 COM Object ActiveX function call access (browser-plugins.rules) * 1:1163 <-> DISABLED <-> SERVER-WEBAPP webdist.cgi access (server-webapp.rules) * 1:11630 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Dialog File Object ActiveX clsid access (browser-plugins.rules) * 1:11632 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Dialog File Object ActiveX function call access (browser-plugins.rules) * 1:11634 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Dialog File_D Object ActiveX clsid access (browser-plugins.rules) * 1:11636 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Dialog File_D Object ActiveX function call access (browser-plugins.rules) * 1:11638 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Document Object Library ActiveX clsid access (browser-plugins.rules) * 1:1164 <-> DISABLED <-> SERVER-WEBAPP shopping cart access (server-webapp.rules) * 1:11640 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Document Object Library ActiveX function call access (browser-plugins.rules) * 1:11642 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster ISIS Object ActiveX clsid access (browser-plugins.rules) * 1:11644 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster ISIS Object ActiveX function call access (browser-plugins.rules) * 1:11646 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Thumbnail Object Library ActiveX clsid access (browser-plugins.rules) * 1:11648 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Thumbnail Object Library ActiveX function call access (browser-plugins.rules) * 1:1165 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise gwweb.exe access (server-webapp.rules) * 1:11650 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Variant Object Library ActiveX clsid access (browser-plugins.rules) * 1:11652 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Raster Variant Object Library ActiveX function call access (browser-plugins.rules) * 1:11654 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Thumbnail Browser Control ActiveX clsid access (browser-plugins.rules) * 1:11656 <-> DISABLED <-> BROWSER-PLUGINS LeadTools Thumbnail Browser Control ActiveX function call access (browser-plugins.rules) * 1:11658 <-> DISABLED <-> BROWSER-PLUGINS Dart ZipLite Compression ActiveX clsid access (browser-plugins.rules) * 1:1166 <-> DISABLED <-> SERVER-WEBAPP ws_ftp.ini access (server-webapp.rules) * 1:11660 <-> DISABLED <-> BROWSER-PLUGINS EDraw Office Viewer ActiveX clsid access (browser-plugins.rules) * 1:11662 <-> DISABLED <-> BROWSER-PLUGINS EDraw Office Viewer ActiveX function call access (browser-plugins.rules) * 1:11664 <-> DISABLED <-> SERVER-WEBAPP sphpblog password.txt access attempt (server-webapp.rules) * 1:11665 <-> DISABLED <-> SERVER-WEBAPP sphpblog install03_cgi access attempt (server-webapp.rules) * 1:11666 <-> DISABLED <-> SERVER-WEBAPP sphpblog upload_img_cgi access attempt (server-webapp.rules) * 1:11667 <-> DISABLED <-> SERVER-WEBAPP sphpblog arbitrary file delete attempt (server-webapp.rules) * 1:11668 <-> DISABLED <-> SERVER-WEBAPP vbulletin php code injection (server-webapp.rules) * 1:1167 <-> DISABLED <-> SERVER-WEBAPP rpm_query access (server-webapp.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11673 <-> DISABLED <-> BROWSER-PLUGINS Zenturi ProgramChecker ActiveX clsid access (browser-plugins.rules) * 1:11675 <-> DISABLED <-> BROWSER-PLUGINS Zenturi ProgramChecker ActiveX function call access (browser-plugins.rules) * 1:11677 <-> DISABLED <-> BROWSER-PLUGINS Provideo Camimage Class ISSCamControl ActiveX clsid access (browser-plugins.rules) * 1:11679 <-> DISABLED <-> SERVER-APACHE Apache mod_rewrite buffer overflow attempt (server-apache.rules) * 1:1168 <-> DISABLED <-> SERVER-WEBAPP mall log order access (server-webapp.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11681 <-> DISABLED <-> SERVER-OTHER Openview Omni II command bypass attempt (server-other.rules) * 1:11682 <-> DISABLED <-> SERVER-OTHER niprint_lpd module attack attempt (server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11685 <-> DISABLED <-> SERVER-WEBAPP Oracle iSQL Plus cross site scripting attempt (server-webapp.rules) * 1:11687 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:117 <-> DISABLED <-> MALWARE-BACKDOOR Infector.1.x (malware-backdoor.rules) * 1:1172 <-> DISABLED <-> SERVER-WEBAPP bigconf.cgi access (server-webapp.rules) * 1:1173 <-> DISABLED <-> SERVER-WEBAPP architext_query.pl access (server-webapp.rules) * 1:1174 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/jj access (server-webapp.rules) * 1:1175 <-> DISABLED <-> SERVER-WEBAPP wwwboard.pl access (server-webapp.rules) * 1:1177 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:1178 <-> DISABLED <-> SERVER-WEBAPP Phorum read access (server-webapp.rules) * 1:1179 <-> DISABLED <-> SERVER-WEBAPP Phorum violation access (server-webapp.rules) * 1:118 <-> DISABLED <-> MALWARE-BACKDOOR SatansBackdoor.2.0.Beta (malware-backdoor.rules) * 1:1180 <-> DISABLED <-> SERVER-WEBAPP get32.exe access (server-webapp.rules) * 1:1181 <-> DISABLED <-> SERVER-WEBAPP Annex Terminal DOS attempt (server-webapp.rules) * 1:11816 <-> DISABLED <-> NETBIOS Session Service NetDDE attack (netbios.rules) * 1:11818 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Viewer Wrapper ActiveX clsid access (browser-plugins.rules) * 1:11820 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Viewer Wrapper ActiveX function call access (browser-plugins.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:11823 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid unicode access (browser-plugins.rules) * 1:11824 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call access (browser-plugins.rules) * 1:11825 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX function call unicode access (browser-plugins.rules) * 1:11826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control Recognition ActiveX clsid access attempt (browser-plugins.rules) * 1:11828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control ActiveX function call access (browser-plugins.rules) * 1:1183 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:11830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX clsid access attempt (browser-plugins.rules) * 1:11832 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX function call access (browser-plugins.rules) * 1:11834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navcancl.htm url spoofing attempt (browser-ie.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11836 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:11837 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:11838 <-> DISABLED <-> OS-WINDOWS Microsoft Windows API res buffer overflow attempt (os-windows.rules) * 1:11839 <-> DISABLED <-> BROWSER-PLUGINS TEC-IT TBarCode ActiveX clsid access (browser-plugins.rules) * 1:1184 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:11841 <-> DISABLED <-> BROWSER-PLUGINS TEC-IT TBarCode ActiveX function call access (browser-plugins.rules) * 1:11843 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinter overflow attempt (os-windows.rules) * 1:1185 <-> DISABLED <-> SERVER-WEBAPP bizdbsearch attempt (server-webapp.rules) * 1:1186 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:1187 <-> DISABLED <-> SERVER-WEBAPP SalesLogix Eviewer web command attempt (server-webapp.rules) * 1:1188 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:1189 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:119 <-> DISABLED <-> MALWARE-BACKDOOR Doly 2.0 access (malware-backdoor.rules) * 1:1190 <-> DISABLED <-> SERVER-WEBAPP Netscape Enterprise Server directory view (server-webapp.rules) * 1:12255 <-> DISABLED <-> SERVER-WEBAPP CSGuestbook setup attempt (server-webapp.rules) * 1:12256 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:12257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectX Media SDK ActiveX clsid access (browser-plugins.rules) * 1:12259 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectX Media SDK ActiveX function call access (browser-plugins.rules) * 1:1226 <-> DISABLED <-> X11 xopen (x11.rules) * 1:12261 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access (browser-plugins.rules) * 1:12263 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 PDWizard.File ActiveX function call access (browser-plugins.rules) * 1:12265 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX clsid access (browser-plugins.rules) * 1:12267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 SearchHelper ActiveX function call access (browser-plugins.rules) * 1:12269 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (browser-plugins.rules) * 1:12270 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX function call (browser-plugins.rules) * 1:12273 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access (browser-plugins.rules) * 1:12275 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access (browser-plugins.rules) * 1:12277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS memory corruption exploit (browser-ie.rules) * 1:12278 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:12279 <-> DISABLED <-> OS-WINDOWS Microsoft XML substringData integer overflow attempt (os-windows.rules) * 1:12280 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:12287 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - ebrss request (pua-toolbars.rules) * 1:12288 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - hijack ie searches (pua-toolbars.rules) * 1:12289 <-> DISABLED <-> PUA-TOOLBARS Hijacker scn toolbar runtime detection - get updates (pua-toolbars.rules) * 1:1229 <-> DISABLED <-> PROTOCOL-FTP CWD ... (protocol-ftp.rules) * 1:12290 <-> DISABLED <-> PUA-ADWARE Hijacker newdotnet quick! search outbound connection (pua-adware.rules) * 1:12291 <-> DISABLED <-> PUA-TOOLBARS Trackware vmn toolbar runtime detection (pua-toolbars.rules) * 1:12292 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - hijack/search (pua-toolbars.rules) * 1:12293 <-> DISABLED <-> PUA-TOOLBARS Hijacker morpheus toolbar runtime detection - get cfg info (pua-toolbars.rules) * 1:12294 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - counter (pua-toolbars.rules) * 1:12295 <-> DISABLED <-> PUA-ADWARE Hijacker 3search outbound connection - hijacking (pua-adware.rules) * 1:12296 <-> DISABLED <-> PUA-TOOLBARS Hijacker 3search runtime detection - update (pua-toolbars.rules) * 1:12297 <-> ENABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules) * 1:12299 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:1230 <-> DISABLED <-> SERVER-WEBAPP VirusWall FtpSave access (server-webapp.rules) * 1:12300 <-> DISABLED <-> OS-OTHER Cisco NHRP incorrect packet size (os-other.rules) * 1:12301 <-> DISABLED <-> BROWSER-PLUGINS eCentrex VOIP Client Module ActiveX clsid access (browser-plugins.rules) * 1:12303 <-> DISABLED <-> POLICY-SOCIAL Google Chat web client connection (policy-social.rules) * 1:12304 <-> DISABLED <-> POLICY-SOCIAL AOL Instant Messenger web client connection (policy-social.rules) * 1:12305 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger web client connection (policy-social.rules) * 1:12306 <-> DISABLED <-> POLICY-SOCIAL Microsoft Messenger web client connection (policy-social.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:1231 <-> DISABLED <-> SERVER-WEBAPP VirusWall catinfo access (server-webapp.rules) * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules) * 1:1232 <-> DISABLED <-> SERVER-WEBAPP VirusWall catinfo access (server-webapp.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:1234 <-> DISABLED <-> SERVER-WEBAPP VirusWall FtpSaveCSP access (server-webapp.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:1235 <-> DISABLED <-> SERVER-WEBAPP VirusWall FtpSaveCVP access (server-webapp.rules) * 1:12357 <-> DISABLED <-> SERVER-OTHER Apple mDNSresponder excessive HTTP headers (server-other.rules) * 1:12358 <-> DISABLED <-> SERVER-OTHER Helix DNA Server RTSP require tag heap overflow attempt (server-other.rules) * 1:12359 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk data length field overflow attempt (protocol-voip.rules) * 1:12360 <-> DISABLED <-> SERVER-WEBAPP PHP function CRLF injection attempt (server-webapp.rules) * 1:12361 <-> DISABLED <-> PUA-ADWARE Infostealer.Monstres outbound connection (pua-adware.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12363 <-> DISABLED <-> PUA-ADWARE Other-Technologies malware-stopper outbound connection (pua-adware.rules) * 1:12364 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - get cfg information (pua-toolbars.rules) * 1:12365 <-> DISABLED <-> PUA-ADWARE Hijacker proventactics 3.5 outbound connection - redirect searches (pua-adware.rules) * 1:12366 <-> DISABLED <-> PUA-TOOLBARS Hijacker proventactics 3.5 runtime detection - toolbar search function (pua-toolbars.rules) * 1:12367 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie searches (pua-adware.rules) * 1:12368 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - hijack ie side search (pua-adware.rules) * 1:12369 <-> DISABLED <-> PUA-ADWARE Hijacker imesh mediabar outbound connection - collect user information (pua-adware.rules) * 1:12370 <-> DISABLED <-> PUA-TOOLBARS Hijacker imesh mediabar runtime detection - auto update (pua-toolbars.rules) * 1:12371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpamBlockerUtility (malware-cnc.rules) * 1:12372 <-> DISABLED <-> MALWARE-OTHER Keylogger mg-shadow 2.0 runtime detection (malware-other.rules) * 1:12373 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules) * 1:12375 <-> ENABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules) * 1:12377 <-> ENABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules) * 1:12379 <-> DISABLED <-> MALWARE-OTHER Keylogger PaqKeylogger 5.1 runtime detection - ftp (malware-other.rules) * 1:12380 <-> DISABLED <-> BROWSER-PLUGINS Oracle JInitiator ActiveX clsid access (browser-plugins.rules) * 1:12382 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail Objects ActiveX clsid access (browser-plugins.rules) * 1:12384 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Messenger YVerInfo ActiveX clsid access (browser-plugins.rules) * 1:12386 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Messenger YVerInfo ActiveX function call access (browser-plugins.rules) * 1:12388 <-> DISABLED <-> BROWSER-PLUGINS PPStream PowerPlayer ActiveX clsid access (browser-plugins.rules) * 1:1239 <-> DISABLED <-> OS-WINDOWS RFParalyze Attempt (os-windows.rules) * 1:12390 <-> DISABLED <-> POLICY-SOCIAL Yahoo Webmail client chat applet (policy-social.rules) * 1:12391 <-> DISABLED <-> POLICY-SOCIAL Google Webmail client chat applet (policy-social.rules) * 1:21026 <-> DISABLED <-> BROWSER-PLUGINS McAfee Security as a Service ActiveX clsid access attempt (browser-plugins.rules) * 1:21027 <-> DISABLED <-> BROWSER-PLUGINS McAfee Security as a Service ActiveX function call attempt (browser-plugins.rules) * 1:21028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usinec connect to server (malware-cnc.rules) * 1:21029 <-> DISABLED <-> BROWSER-PLUGINS Bennet-Tec TList saveData arbitrary file creation ActiveX clsid access (browser-plugins.rules) * 1:2103 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:21030 <-> DISABLED <-> BROWSER-PLUGINS Bennet-Tec TList saveData arbitrary file creation ActiveX function call access (browser-plugins.rules) * 1:21031 <-> DISABLED <-> BROWSER-PLUGINS Bennet-Tec TList saveData arbitrary file creation ActiveX clsid access (browser-plugins.rules) * 1:21032 <-> DISABLED <-> BROWSER-PLUGINS Bennet-Tec TList saveData arbitrary file creation ActiveX function call access (browser-plugins.rules) * 1:21033 <-> DISABLED <-> BROWSER-PLUGINS Bennet-Tec TList saveData arbitrary file creation ActiveX clsid access (browser-plugins.rules) * 1:21034 <-> DISABLED <-> BROWSER-PLUGINS Bennet-Tec TList saveData arbitrary file creation ActiveX function call access (browser-plugins.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:21038 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules) * 1:21039 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:2104 <-> DISABLED <-> INDICATOR-COMPROMISE rexec username too long response (indicator-compromise.rules) * 1:21040 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21041 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules) * 1:21042 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?f= (exploit-kit.rules) * 1:21043 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit post-compromise download attempt - .php?e= (exploit-kit.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules) * 1:2105 <-> DISABLED <-> PROTOCOL-IMAP authenticate literal overflow attempt (protocol-imap.rules) * 1:21050 <-> DISABLED <-> SERVER-OTHER HP Diagnostics Server magentservice.exe stack overflow attempt (server-other.rules) * 1:21051 <-> DISABLED <-> SERVER-WEBAPP Apple OSX software update command execution attempt (server-webapp.rules) * 1:21052 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file download request (file-identify.rules) * 1:21053 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21054 <-> ENABLED <-> FILE-IDENTIFY UltraISO CUE file attachment detected (file-identify.rules) * 1:21055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utka.A variant outbound connection (malware-cnc.rules) * 1:21056 <-> DISABLED <-> FILE-JAVA Oracle Java attempt to write in system32 (file-java.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:2106 <-> DISABLED <-> PROTOCOL-IMAP lsub overflow attempt (protocol-imap.rules) * 1:21060 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Administrator console site injection attempt (server-webapp.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21063 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:21064 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:21065 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Edituser cross site scripting attempt (server-webapp.rules) * 1:21066 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Systemdashboard cross site scripting attempt (server-webapp.rules) * 1:21067 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager TOC_simple cross site scripting attempt (server-webapp.rules) * 1:21068 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit landing page (exploit-kit.rules) * 1:21069 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit exploit fetch request (exploit-kit.rules) * 1:2107 <-> DISABLED <-> PROTOCOL-IMAP create buffer overflow attempt (protocol-imap.rules) * 1:21070 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit pdf exploit page request (exploit-kit.rules) * 1:21071 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit post-exploit page request (exploit-kit.rules) * 1:21072 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (server-apache.rules) * 1:21073 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:21075 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - DebuggingInterceptor (server-apache.rules) * 1:21076 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:21077 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules) * 1:21078 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow GraphEdt closed captioning memory corruption (file-multimedia.rules) * 1:21079 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC HMI Administrator cookie detected (protocol-scada.rules) * 1:2108 <-> DISABLED <-> PROTOCOL-POP CAPA overflow attempt (protocol-pop.rules) * 1:21080 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access (browser-plugins.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21084 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function buffer overflow attempt (server-mssql.rules) * 1:21085 <-> DISABLED <-> SERVER-MSSQL MSSQL CONVERT function unicode buffer overflow attempt (server-mssql.rules) * 1:21086 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption (browser-ie.rules) * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules) * 1:21088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop denial of service attempt (os-windows.rules) * 1:21089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote desktop oversized cookie attempt (os-windows.rules) * 1:2109 <-> DISABLED <-> PROTOCOL-POP TOP overflow attempt (protocol-pop.rules) * 1:21090 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21091 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp player mp4 memory corruption attempt (file-multimedia.rules) * 1:21092 <-> ENABLED <-> MALWARE-TOOLS JavaScript LOIC attack (malware-tools.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules) * 1:21094 <-> DISABLED <-> BROWSER-PLUGINS McAfee Remediation Agent ActiveX function call access (browser-plugins.rules) * 1:21095 <-> DISABLED <-> FILE-PDF Foxit Reader malicious pdf file write access (file-pdf.rules) * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules) * 1:21097 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit post-exploit download request (exploit-kit.rules) * 1:21098 <-> DISABLED <-> EXPLOIT-KIT Crimepack exploit kit landing page (exploit-kit.rules) * 1:21099 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit malicious pdf request (exploit-kit.rules) * 1:211 <-> DISABLED <-> MALWARE-BACKDOOR MISC r00t attempt (malware-backdoor.rules) * 1:2110 <-> DISABLED <-> PROTOCOL-POP STAT overflow attempt (protocol-pop.rules) * 1:21100 <-> DISABLED <-> PROTOCOL-RPC Novell Netware xdr decode string length buffer overflow attempt (protocol-rpc.rules) * 1:21101 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21102 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21103 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21104 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:21105 <-> DISABLED <-> SERVER-OTHER Avaya WinPDM Unite host router buffer overflow attempt (server-other.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules) * 1:21108 <-> DISABLED <-> EXPLOIT-KIT unknown exploit kit obfuscated landing page (exploit-kit.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:2111 <-> DISABLED <-> PROTOCOL-POP DELE overflow attempt (protocol-pop.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21116 <-> DISABLED <-> FILE-OTHER Cisco Webex selector and size2 subrecords corruption attempt (file-other.rules) * 1:21117 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell (indicator-compromise.rules) * 1:21118 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell security information display (indicator-compromise.rules) * 1:21119 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive file system information display (indicator-compromise.rules) * 1:2112 <-> DISABLED <-> PROTOCOL-POP RSET overflow attempt (protocol-pop.rules) * 1:21120 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive console display (indicator-compromise.rules) * 1:21121 <-> DISABLED <-> INDICATOR-COMPROMISE WSO web shell interactive SQL display (indicator-compromise.rules) * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules) * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules) * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules) * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules) * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules) * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules) * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules) * 1:21129 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell (indicator-compromise.rules) * 1:2113 <-> DISABLED <-> PROTOCOL-SERVICES rexec username overflow attempt (protocol-services.rules) * 1:21130 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell enumeration page (indicator-compromise.rules) * 1:21131 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell domain lookup page (indicator-compromise.rules) * 1:21132 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell sql interaction page (indicator-compromise.rules) * 1:21133 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell encoder page (indicator-compromise.rules) * 1:21134 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security information page (indicator-compromise.rules) * 1:21135 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell password cracking page (indicator-compromise.rules) * 1:21136 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell security bypass page (indicator-compromise.rules) * 1:21137 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell tools page (indicator-compromise.rules) * 1:21138 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell database parsing page (indicator-compromise.rules) * 1:21139 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell spread shell page (indicator-compromise.rules) * 1:2114 <-> DISABLED <-> PROTOCOL-SERVICES rexec password overflow attempt (protocol-services.rules) * 1:21140 <-> DISABLED <-> INDICATOR-COMPROMISE Mulcishell web shell kill shell page (indicator-compromise.rules) * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules) * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules) * 1:21146 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21147 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21148 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:21149 <-> DISABLED <-> PROTOCOL-SCADA Sunway ForceControl SNMP NetDBServer integer signedness buffer overflow attempt (protocol-scada.rules) * 1:2115 <-> DISABLED <-> SERVER-WEBAPP album.pl access (server-webapp.rules) * 1:21150 <-> DISABLED <-> PROTOCOL-VOIP Grandstream networks denial of service (protocol-voip.rules) * 1:21151 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stegae.A runtime traffic detected (malware-cnc.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules) * 1:21156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:21159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:2116 <-> DISABLED <-> SERVER-WEBAPP chipcfg.cgi access (server-webapp.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21162 <-> DISABLED <-> FILE-PDF Adobe Acrobat file extension overflow attempt (file-pdf.rules) * 1:21163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook VEVENT overflow attempt (file-office.rules) * 1:21164 <-> DISABLED <-> SERVER-SAMBA Samba username map script command injection attempt (server-samba.rules) * 1:21165 <-> DISABLED <-> FILE-OTHER multiple products GeckoActiveX COM object recon attempt (file-other.rules) * 1:21166 <-> DISABLED <-> BROWSER-CHROME Google Chrome https spoofing attempt (browser-chrome.rules) * 1:21167 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:21168 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules) * 1:2117 <-> DISABLED <-> SERVER-IIS Battleaxe Forum login.asp access (server-iis.rules) * 1:21170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules) * 1:21173 <-> DISABLED <-> FILE-EXECUTABLE APP-CONTROL Thunder p2p application download detection (file-executable.rules) * 1:21174 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules) * 1:21177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ganipin.A inbound connection (malware-cnc.rules) * 1:21178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Chekafe.A variant outbound connection (malware-cnc.rules) * 1:21179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coofus.RFM variant outbound connection (malware-cnc.rules) * 1:2118 <-> DISABLED <-> PROTOCOL-IMAP list overflow attempt (protocol-imap.rules) * 1:21180 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Magania.clfv variant outbound connection (malware-cnc.rules) * 1:21181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.czgu variant outbound connection (malware-cnc.rules) * 1:21182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MeSub.ac variant outbound connection (malware-cnc.rules) * 1:21183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.alfu variant outbound connection (malware-cnc.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules) * 1:21185 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Kufgal.A inbound connection (malware-cnc.rules) * 1:21186 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:21187 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xlahlah.A variant outbound connection (malware-cnc.rules) * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules) * 1:21189 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari innerHTML use after free exploit attempt (browser-webkit.rules) * 1:2119 <-> DISABLED <-> PROTOCOL-IMAP rename literal overflow attempt (protocol-imap.rules) * 1:21190 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules) * 1:21191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules) * 1:21192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syswrt.dvd variant outbound connection (malware-cnc.rules) * 1:21193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalbot.A variant outbound connection (malware-cnc.rules) * 1:21194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst.A variant outbound connection (malware-cnc.rules) * 1:21195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Protux.B variant outbound connection (malware-cnc.rules) * 1:21196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw.A variant outbound connection (malware-cnc.rules) * 1:21197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw.A variant outbound connection (malware-cnc.rules) * 1:21198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qinubot.A variant outbound connection (malware-cnc.rules) * 1:21199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qinubot.A variant outbound connection (malware-cnc.rules) * 1:212 <-> DISABLED <-> MALWARE-BACKDOOR MISC rewt attempt (malware-backdoor.rules) * 1:2120 <-> DISABLED <-> PROTOCOL-IMAP create literal buffer overflow attempt (protocol-imap.rules) * 1:21200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes.cmu variant outbound connection (malware-cnc.rules) * 1:21201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes.cmu variant outbound connection (malware-cnc.rules) * 1:21202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scapzilla.A variant outbound connection (malware-cnc.rules) * 1:21203 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21204 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21205 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dekara.A variant outbound connection (malware-cnc.rules) * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enviserv.A variant outbound connection (malware-cnc.rules) * 1:2121 <-> DISABLED <-> PROTOCOL-POP DELE negative argument attempt (protocol-pop.rules) * 1:21210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rallovs.A variant outbound connection (malware-cnc.rules) * 1:21211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.slrj variant outbound connection (malware-cnc.rules) * 1:21212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.nkor variant outbound connection (malware-cnc.rules) * 1:21213 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Cridex.B variant outbound connection (malware-cnc.rules) * 1:21214 <-> DISABLED <-> SERVER-APACHE Apache server mod_proxy reverse proxy bypass attempt (server-apache.rules) * 1:21215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules) * 1:21219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysckbc variant outbound connection (malware-cnc.rules) * 1:2122 <-> DISABLED <-> PROTOCOL-POP UIDL negative argument attempt (protocol-pop.rules) * 1:21220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Susnatache.A inbound connection (malware-cnc.rules) * 1:21221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Susnatache.A variant outbound connection (malware-cnc.rules) * 1:21222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kcahneila.A variant outbound connection (malware-cnc.rules) * 1:21223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gyplit.A variant outbound connection (malware-cnc.rules) * 1:21224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MacOS.DevilRobber.A variant outbound connection (malware-cnc.rules) * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Louisdreyfu.A variant outbound connection (malware-cnc.rules) * 1:21227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulknet variant outbound connection (malware-cnc.rules) * 1:21228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerberat variant outbound connection (malware-cnc.rules) * 1:21229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Synljdos variant outbound connection (malware-cnc.rules) * 1:2123 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner (indicator-compromise.rules) * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedobot variant outbound connection (malware-cnc.rules) * 1:21232 <-> DISABLED <-> SERVER-OTHER Remote Desktop Protocol brute force attempt (server-other.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules) * 1:21235 <-> DISABLED <-> SERVER-WEBAPP LOCK WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules) * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:2124 <-> DISABLED <-> MALWARE-BACKDOOR Remote PC Access connection (malware-backdoor.rules) * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules) * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules) * 1:21243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:21244 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:21246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DataCha0s (malware-cnc.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:2125 <-> DISABLED <-> PROTOCOL-FTP CWD Root directory traversal attempt (protocol-ftp.rules) * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21251 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sirefef.P variant outbound connection (malware-cnc.rules) * 1:21252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sirefef.P variant outbound connection (malware-cnc.rules) * 1:21253 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules) * 1:21255 <-> ENABLED <-> MALWARE-OTHER known malicious FTP login banner - 0wns j0 (malware-other.rules) * 1:21256 <-> ENABLED <-> MALWARE-OTHER known malicious FTP quit banner - Goodbye happy r00ting (malware-other.rules) * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules) * 1:21258 <-> DISABLED <-> INDICATOR-SHELLCODE Feng-Shui heap grooming using Oleaut32 (indicator-shellcode.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:2126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PPTP Start Control Request buffer overflow attempt (os-windows.rules) * 1:21260 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:21261 <-> DISABLED <-> SERVER-OTHER Xitami if-modified-since header buffer overflow attempt (server-other.rules) * 1:21262 <-> DISABLED <-> OS-WINDOWS DCERPC ISystemActivate flood attempt (os-windows.rules) * 1:21263 <-> DISABLED <-> SERVER-OTHER Embarcadero Interbase connect request buffer overflow attempt (server-other.rules) * 1:21264 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Internet Security 2004 ActiveX function call (browser-plugins.rules) * 1:21265 <-> DISABLED <-> INDICATOR-SHELLCODE Piecemeal exploit and shellcode construction (indicator-shellcode.rules) * 1:21266 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Morfeus Scanner (malware-cnc.rules) * 1:21267 <-> DISABLED <-> POLICY-OTHER TRENDnet IP Camera anonymous access attempt (policy-other.rules) * 1:21268 <-> DISABLED <-> SERVER-OTHER Oracle Java RMI services remote object execution attempt (server-other.rules) * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:2127 <-> DISABLED <-> SERVER-WEBAPP ikonboard.cgi access (server-webapp.rules) * 1:21270 <-> DISABLED <-> SERVER-WEBAPP Devellion CubeCart multiple parameter XSS vulnerability (server-webapp.rules) * 1:21271 <-> DISABLED <-> SERVER-WEBAPP Devellion CubeCart searchStr parameter SQL injection (server-webapp.rules) * 1:21272 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer orphan DOM objects memory corruption attempt (browser-ie.rules) * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21275 <-> DISABLED <-> MALWARE-CNC Hupigon.hddn runtime traffic detected (malware-cnc.rules) * 1:21276 <-> DISABLED <-> MALWARE-CNC Hupigon.hddn install time traffic detected (malware-cnc.rules) * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules) * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot.s runtime traffic detected (malware-cnc.rules) * 1:2128 <-> DISABLED <-> SERVER-WEBAPP swsrv.cgi access (server-webapp.rules) * 1:21280 <-> DISABLED <-> MALWARE-CNC Win32 Turkojan.C runtime traffic detected (malware-cnc.rules) * 1:21281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21289 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:2129 <-> DISABLED <-> SERVER-IIS nsiislog.dll access (server-iis.rules) * 1:21290 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid row option attempt (file-office.rules) * 1:21292 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:21293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio corrupted compressed data memory corruption attempt (file-office.rules) * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules) * 1:21295 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21296 <-> ENABLED <-> FILE-IDENTIFY FON file attachment detected (file-identify.rules) * 1:21297 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint themeweb.aspx XSS attempt (server-webapp.rules) * 1:21298 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint chart webpart XSS attempt (server-webapp.rules) * 1:21299 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight privilege escalation attempt (browser-plugins.rules) * 1:213 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt (malware-backdoor.rules) * 1:2130 <-> DISABLED <-> SERVER-IIS IISProtect siteadmin.asp access (server-iis.rules) * 1:21300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:21301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:21302 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_OLEChunk code execution attempt (file-office.rules) * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules) * 1:21305 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules) * 1:21307 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:21308 <-> DISABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:21309 <-> DISABLED <-> OS-WINDOWS Microsoft product request for fputlsat.dll over SMB attempt (os-windows.rules) * 1:2131 <-> DISABLED <-> SERVER-IIS IISProtect access (server-iis.rules) * 1:21310 <-> DISABLED <-> OS-WINDOWS Microsoft product fputlsat.dll dll-load exploit attempt (os-windows.rules) * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:21314 <-> DISABLED <-> SERVER-WEBAPP HP Insight Diagnostics XSS attempt (server-webapp.rules) * 1:21315 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll DOS attempt (server-other.rules) * 1:21316 <-> DISABLED <-> FILE-OTHER Adobe shockwave director tSAC string termination memory corruption attempt (file-other.rules) * 1:21317 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products request for version.dll over SMB attempt (file-other.rules) * 1:2132 <-> DISABLED <-> SERVER-IIS Synchrologic Email Accelerator userid list access attempt (server-iis.rules) * 1:21320 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for atl.dll over SMB attempt (file-flash.rules) * 1:21321 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player request for uxtheme.dll over SMB attempt (file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-other.rules) * 1:21323 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player atl.dll dll-load exploit attempt (file-flash.rules) * 1:21324 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Flash Player uxtheme.dll dll-load exploit attempt (file-flash.rules) * 1:21325 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross site request forgery attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules) * 1:21328 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21329 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:2133 <-> DISABLED <-> SERVER-IIS MS BizTalk server access (server-iis.rules) * 1:21330 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format server integer overflow attempt (server-other.rules) * 1:21331 <-> DISABLED <-> SERVER-OTHER Synergy clipboard format client integer overflow attempt (server-other.rules) * 1:21332 <-> ENABLED <-> APP-DETECT Synergy network kvm usage detected (app-detect.rules) * 1:21333 <-> DISABLED <-> SERVER-WEBAPP Openswan/Strongswan Pluto IKE daemon ISAKMP DPD malformed packet DOS attempt (server-webapp.rules) * 1:21334 <-> DISABLED <-> SERVER-WEBAPP Openswan/Strongswan Pluto IKE daemon ISAKMP DPD malformed packet DOS attempt (server-webapp.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21337 <-> DISABLED <-> SERVER-APACHE Apache XML HMAC truncation authentication bypass attempt (server-apache.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21339 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom auth field attempt (file-multimedia.rules) * 1:2134 <-> DISABLED <-> SERVER-IIS register.asp access (server-iis.rules) * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom titl field attempt (file-multimedia.rules) * 1:21341 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'dscp' field attempt (file-multimedia.rules) * 1:21342 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom cprt field attempt (file-multimedia.rules) * 1:21343 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21345 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar request (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21347 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - .php?page= (exploit-kit.rules) * 1:21348 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:2135 <-> DISABLED <-> SERVER-WEBAPP philboard.mdb access (server-webapp.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli kuddb2 denial of service attempt (server-other.rules) * 1:21353 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mouse drag hijack (browser-ie.rules) * 1:21356 <-> DISABLED <-> SERVER-APACHE Apache URI directory traversal attempt (server-apache.rules) * 1:21357 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:21358 <-> DISABLED <-> SERVER-WEBAPP iPlanet Webserver command injection attempt (server-webapp.rules) * 1:21359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.jju runtime traffic detected (malware-cnc.rules) * 1:2136 <-> DISABLED <-> SERVER-WEBAPP philboard_admin.asp authentication bypass attempt (server-webapp.rules) * 1:21360 <-> DISABLED <-> MALWARE-CNC Win32 Agent.dbzx runtime traffic detected (malware-cnc.rules) * 1:21361 <-> DISABLED <-> MALWARE-CNC Worm.Win32.TDownland.ca runtime traffic detected (malware-cnc.rules) * 1:21362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.aa runtime traffic detected (malware-cnc.rules) * 1:21363 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox appendChild use-after-free attempt (browser-firefox.rules) * 1:21364 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules) * 1:21365 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules) * 1:21366 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y INSTALL traffic detected (malware-cnc.rules) * 1:21367 <-> DISABLED <-> MALWARE-CNC Win32 VB.abcl runtime traffic detected (malware-cnc.rules) * 1:21368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules) * 1:21369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules) * 1:2137 <-> DISABLED <-> SERVER-WEBAPP philboard_admin.asp access (server-webapp.rules) * 1:21370 <-> DISABLED <-> SERVER-SAMBA Samba name mangling buffer overflow attempt (server-samba.rules) * 1:21371 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director KEY chunk buffer overflow attempt (file-other.rules) * 1:21372 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules) * 1:21373 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules) * 1:21374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose.EF runtime traffic detected (malware-cnc.rules) * 1:21375 <-> DISABLED <-> SERVER-WEBAPP Remote Execution Backdoor Attempt Against Horde (server-webapp.rules) * 1:21376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Microjoin activity detected (malware-cnc.rules) * 1:21377 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Communications Manager sql injection attempt (server-webapp.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules) * 1:2138 <-> DISABLED <-> SERVER-WEBAPP logicworks.ini access (server-webapp.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules) * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules) * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules) * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules) * 1:21385 <-> DISABLED <-> SERVER-WEBAPP Cisco Common Services Help servlet XSS attempt (server-webapp.rules) * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules) * 1:21389 <-> DISABLED <-> SERVER-WEBAPP Cisco Common Services Device Center XSS attempt (server-webapp.rules) * 1:2139 <-> DISABLED <-> SERVER-WEBAPP /*.shtml access (server-webapp.rules) * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules) * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules) * 1:21392 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer writing-mode property memory corruption attempt (browser-ie.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules) * 1:21394 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox null byte file remote code execution attempt (browser-firefox.rules) * 1:21395 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21396 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules) * 1:21398 <-> ENABLED <-> FILE-IDENTIFY MPPL file download request (file-identify.rules) * 1:21399 <-> DISABLED <-> BROWSER-OTHER Opera Web Browser History Search Input validation vulnerability (browser-other.rules) * 1:214 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt lrkr0x (malware-backdoor.rules) * 1:2140 <-> DISABLED <-> SERVER-WEBAPP p-news.php access (server-webapp.rules) * 1:21400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kenzor.B variant outbound connection (malware-cnc.rules) * 1:21401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kenzor.B variant outbound connection (malware-cnc.rules) * 1:21402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ponfoy.A variant outbound connection (malware-cnc.rules) * 1:21403 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Vobfus.DL variant outbound connection (malware-cnc.rules) * 1:21404 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Vobfus.DL variant outbound connection cont (malware-cnc.rules) * 1:21405 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:21406 <-> DISABLED <-> BROWSER-PLUGINS McAfee Security Center ActiveX clsid access (browser-plugins.rules) * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules) * 1:2141 <-> DISABLED <-> SERVER-WEBAPP shoutbox.php directory traversal attempt (server-webapp.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules) * 1:21414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch authentication string detected (malware-cnc.rules) * 1:21417 <-> DISABLED <-> FILE-PDF hostile PDF associated with Laik exploit kit (file-pdf.rules) * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:2142 <-> DISABLED <-> SERVER-WEBAPP shoutbox.php access (server-webapp.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21421 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:21422 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:21423 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:21424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ghodow.A connect to cnc (malware-cnc.rules) * 1:21425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ghodow.A exe file download (malware-cnc.rules) * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules) * 1:21429 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules) * 1:2143 <-> DISABLED <-> SERVER-WEBAPP b2 cafelog gm-2-b2.php remote file include attempt (server-webapp.rules) * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules) * 1:21431 <-> DISABLED <-> FILE-PDF Possible malicious pdf - new pdf exploit (file-pdf.rules) * 1:21432 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21433 <-> ENABLED <-> FILE-IDENTIFY MPPL file attachment detected (file-identify.rules) * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules) * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules) * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules) * 1:21437 <-> DISABLED <-> FILE-OTHER WordPerfect WP3TablesGroup heap overflow attempt (file-other.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules) * 1:2144 <-> DISABLED <-> SERVER-WEBAPP b2 cafelog gm-2-b2.php access (server-webapp.rules) * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules) * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:21442 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - base64 encoded (malware-cnc.rules) * 1:21444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21446 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject clsid access (browser-chrome.rules) * 1:21447 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject function call (browser-chrome.rules) * 1:21448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Webmoner.zu connect to server (malware-cnc.rules) * 1:21449 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Obitel install (malware-cnc.rules) * 1:2145 <-> DISABLED <-> SERVER-WEBAPP TextPortal admin.php default password admin attempt (server-webapp.rules) * 1:21450 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Obitel connect to cnc server (malware-cnc.rules) * 1:21451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.djvk malicious hosts file download (malware-cnc.rules) * 1:21452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.djvk connect to server (malware-cnc.rules) * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules) * 1:21454 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.vec variant outbound connection (malware-cnc.rules) * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules) * 1:21456 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkComet variant outbound connection (malware-cnc.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (malware-tools.rules) * 1:2146 <-> DISABLED <-> SERVER-WEBAPP TextPortal admin.php default password 12345 attempt (server-webapp.rules) * 1:21460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkComet inbound connection (malware-cnc.rules) * 1:21461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkComet variant outbound connection - post infection (malware-cnc.rules) * 1:21462 <-> DISABLED <-> FILE-JAVA Oracle Java Plugin security bypass (file-java.rules) * 1:21463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bibei variant inbound connection (malware-cnc.rules) * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules) * 1:21465 <-> DISABLED <-> SERVER-WEBAPP HTTP response splitting attempt (server-webapp.rules) * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules) * 1:21467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:21468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dama variant outbound connection (malware-cnc.rules) * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:2147 <-> DISABLED <-> SERVER-WEBAPP BLNews objects.inc.php4 remote file include attempt (server-webapp.rules) * 1:21470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap.Gy connect to server (malware-cnc.rules) * 1:21471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:21472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.tzp download (malware-cnc.rules) * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules) * 1:21474 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lancafdo.A variant outbound connection (malware-cnc.rules) * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules) * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules) * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules) * 1:21478 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules) * 1:21479 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules) * 1:2148 <-> DISABLED <-> SERVER-WEBAPP BLNews objects.inc.php4 access (server-webapp.rules) * 1:21480 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:21483 <-> DISABLED <-> PROTOCOL-SCADA Moxa Device Manager buffer overflow attempt (protocol-scada.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21485 <-> DISABLED <-> SERVER-OTHER EMC RepliStor denial of service attempt (server-other.rules) * 1:21486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:21487 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo variant outbound connection (malware-cnc.rules) * 1:21488 <-> DISABLED <-> APP-DETECT User-Agent known user agent - GetRight (app-detect.rules) * 1:21489 <-> DISABLED <-> FILE-OTHER Microsoft Windows chm file malware related exploit (file-other.rules) * 1:2149 <-> DISABLED <-> SERVER-WEBAPP Turba status.php access (server-webapp.rules) * 1:21490 <-> DISABLED <-> PROTOCOL-SCADA General Electric d20me configuration retrieval attempt (protocol-scada.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21493 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows DRM technology msnetobj.dll ActiveX clsid access (browser-plugins.rules) * 1:21494 <-> DISABLED <-> PROTOCOL-SCADA General Electric D20ME backdoor attempt (protocol-scada.rules) * 1:21495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel variant outbound connection (malware-cnc.rules) * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21498 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:215 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt (malware-backdoor.rules) * 1:2150 <-> DISABLED <-> SERVER-WEBAPP ttCMS header.php remote file include attempt (server-webapp.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21501 <-> DISABLED <-> FILE-JAVA Oracle JavaScript file upload keystroke hijack attempt (file-java.rules) * 1:21502 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBbot.V connect to server (malware-cnc.rules) * 1:21503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption (file-office.rules) * 1:21504 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21505 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21506 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21507 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21508 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21509 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit rhino jar request (exploit-kit.rules) * 1:2151 <-> DISABLED <-> SERVER-WEBAPP ttCMS header.php access (server-webapp.rules) * 1:21510 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit logo transfer (exploit-kit.rules) * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules) * 1:21512 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zegost.B runtime detection (malware-backdoor.rules) * 1:21513 <-> DISABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra connect to server (malware-cnc.rules) * 1:21515 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Web Application Manager access (server-apache.rules) * 1:21516 <-> ENABLED <-> SERVER-WEBAPP JBoss JMX console access attempt (server-webapp.rules) * 1:21517 <-> ENABLED <-> SERVER-WEBAPP JBoss admin-console access (server-webapp.rules) * 1:21518 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-59544 connect to server (malware-cnc.rules) * 1:21519 <-> DISABLED <-> INDICATOR-OBFUSCATION Dadongs obfuscated javascript (indicator-obfuscation.rules) * 1:2152 <-> DISABLED <-> SERVER-WEBAPP test.php access (server-webapp.rules) * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules) * 1:21522 <-> DISABLED <-> SERVER-APACHE Apache Struts parameters interceptor remote code execution attempt (server-apache.rules) * 1:21523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21524 <-> DISABLED <-> FILE-OFFICE Microsoft Windows object packager dialogue code execution attempt (file-office.rules) * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules) * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules) * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules) * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules) * 1:2153 <-> DISABLED <-> SERVER-WEBAPP autohtml.php directory traversal attempt (server-webapp.rules) * 1:21530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action script 3 bitmap malicious rectangle attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:2154 <-> DISABLED <-> SERVER-WEBAPP autohtml.php access (server-webapp.rules) * 1:21540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus application download (malware-cnc.rules) * 1:21541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus connect to server (malware-cnc.rules) * 1:21542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus firefox extension download (malware-cnc.rules) * 1:21543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus html page download (malware-cnc.rules) * 1:21544 <-> DISABLED <-> MALWARE-CNC Possible host infection - excessive DNS queries for .eu (malware-cnc.rules) * 1:21545 <-> DISABLED <-> MALWARE-CNC Possible host infection - excessive DNS queries for .ru (malware-cnc.rules) * 1:21546 <-> DISABLED <-> MALWARE-CNC Possible host infection - excessive DNS queries for .cn (malware-cnc.rules) * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:2155 <-> DISABLED <-> SERVER-WEBAPP ttforum remote file include attempt (server-webapp.rules) * 1:21550 <-> ENABLED <-> MALWARE-BACKDOOR ToolsPack PHP Backdoor access (malware-backdoor.rules) * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules) * 1:21553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cpze connect to server (malware-cnc.rules) * 1:21554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waledac.exe download (malware-cnc.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 1:21556 <-> DISABLED <-> POLICY-OTHER Microsoft Windows 98 User-Agent string (policy-other.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules) * 1:21558 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Antivirus ActiveX clsid access (browser-plugins.rules) * 1:21559 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Antivirus ActiveX clsid access (browser-plugins.rules) * 1:2156 <-> DISABLED <-> SERVER-WEBAPP mod_gzip_status access (server-webapp.rules) * 1:21560 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Antivirus ActiveX clsid access (browser-plugins.rules) * 1:21561 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Antivirus ActiveX function call access (browser-plugins.rules) * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design request for wintab32.dll over SMB attempt (os-windows.rules) * 1:21567 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules) * 1:21569 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer toStaticHTML XSS attempt (browser-ie.rules) * 1:2157 <-> DISABLED <-> SERVER-IIS IISProtect globaladmin.asp access (server-iis.rules) * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules) * 1:21573 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file download request (file-identify.rules) * 1:21574 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21575 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio addin file attachment detected (file-identify.rules) * 1:21576 <-> DISABLED <-> FILE-OTHER Microsoft Windows Visual Studio .addin file access (file-other.rules) * 1:21577 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - charcode (indicator-obfuscation.rules) * 1:21578 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:21579 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:2158 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:21580 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:21581 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - BBB (exploit-kit.rules) * 1:21582 <-> DISABLED <-> FILE-PDF PDF obfuscation attempt (file-pdf.rules) * 1:21583 <-> DISABLED <-> FILE-PDF Possible malicious pdf detection - qwe123 (file-pdf.rules) * 1:21584 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file download request (file-identify.rules) * 1:21585 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21586 <-> ENABLED <-> FILE-IDENTIFY VisiWave VWR file attachment detected (file-identify.rules) * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (file-other.rules) * 1:21589 <-> DISABLED <-> BROWSER-PLUGINS IBM eGatherer ActiveX clsid access (browser-plugins.rules) * 1:2159 <-> DISABLED <-> SERVER-OTHER BGP invalid type 0 (server-other.rules) * 1:21590 <-> DISABLED <-> BROWSER-PLUGINS IBM eGatherer ActiveX function call access (browser-plugins.rules) * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules) * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:21594 <-> DISABLED <-> SERVER-WEBAPP Gravity GTD objectname parameter injection attempt (server-webapp.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules) * 1:21599 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:216 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit satori attempt (malware-backdoor.rules) * 1:21600 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21601 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21602 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21603 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21604 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21605 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21606 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 6 multiple executable extension access attempt (server-iis.rules) * 1:21607 <-> DISABLED <-> FILE-OTHER IBM Installation Manager iim uri code execution attempt (file-other.rules) * 1:21608 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 call number denial of service (protocol-voip.rules) * 1:21609 <-> DISABLED <-> SERVER-WEBAPP SurgeMail webmail.exe page format string exploit attempt (server-webapp.rules) * 1:21610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Refroso.azyg variant outbound connection (malware-cnc.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21629 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21630 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules) * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:21635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phdet.gen.A variant outbound connection (malware-cnc.rules) * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules) * 1:21637 <-> DISABLED <-> POLICY-SPAM local user attempted to fill out paypal phishing form (policy-spam.rules) * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules) * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (malware-other.rules) * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (malware-other.rules) * 1:21643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules) * 1:21644 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller inbound connection - destination ip infected (pua-adware.rules) * 1:21645 <-> DISABLED <-> PUA-ADWARE Adware.MediaGetInstaller outbound connection - source ip infected (pua-adware.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21647 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21656 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (server-apache.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21659 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Home/index.php (exploit-kit.rules) * 1:21660 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page Requested - /Index/index.php (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21662 <-> DISABLED <-> SERVER-OTHER Blue Coat Systems WinProxy telnet denial of service attempt (server-other.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:21664 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21665 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21666 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21667 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules) * 1:21670 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo cross site scripting attempt (server-webapp.rules) * 1:21671 <-> DISABLED <-> SERVER-WEBAPP PECL zip URL wrapper buffer overflow attempt (server-webapp.rules) * 1:21672 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP capabilities response message capabilities count overflow attempt (protocol-voip.rules) * 1:21673 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP overly large mem copy attempt (protocol-voip.rules) * 1:21674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21676 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21677 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Smart Tags code execution attempt (file-office.rules) * 1:21678 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21679 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call attempt (exploit-kit.rules) * 1:21680 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21681 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21682 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21683 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21684 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21685 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21686 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:217 <-> DISABLED <-> MALWARE-BACKDOOR MISC sm4ck attempt (malware-backdoor.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> ENABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> ENABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> ENABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> ENABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> ENABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> ENABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> ENABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:21753 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:21754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules) * 1:21759 <-> DISABLED <-> FILE-OTHER Ultra Shareware Office HttpUpload buffer overflow attempt (file-other.rules) * 1:2176 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder access (os-windows.rules) * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21762 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CMailServer CMailCOM buffer overflow attempt (server-webapp.rules) * 1:21763 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve Backup denial of service attempt (server-other.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21765 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF subroutine pointer attempt (file-pdf.rules) * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:21767 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21768 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 Channel Driver DoS attempt (protocol-voip.rules) * 1:21769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogonInvader.a variant outbound connection (malware-cnc.rules) * 1:2177 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder unicode access (os-windows.rules) * 1:21770 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21771 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21772 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21773 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21774 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21775 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:21776 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange MODPROPS denial of service attempt (server-mail.rules) * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules) * 1:21778 <-> DISABLED <-> SQL parameter ending in comment characters - possible sql injection attempt - POST (sql.rules) * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules) * 1:2178 <-> DISABLED <-> PROTOCOL-FTP USER format string attempt (protocol-ftp.rules) * 1:21780 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21781 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt (indicator-obfuscation.rules) * 1:21782 <-> DISABLED <-> INDICATOR-OBFUSCATION script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21783 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21784 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded script tag in POST parameters - likely cross-site scripting (indicator-obfuscation.rules) * 1:21785 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21786 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21787 <-> DISABLED <-> INDICATOR-OBFUSCATION encoded javascript escape function in POST parameters - likely javascript injection (indicator-obfuscation.rules) * 1:21788 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:21789 <-> DISABLED <-> SQL or kic = kic - known SQL injection routine (sql.rules) * 1:2179 <-> DISABLED <-> PROTOCOL-FTP PASS format string attempt (protocol-ftp.rules) * 1:21790 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21791 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:21792 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules) * 1:21793 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:21794 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21795 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:21796 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:21797 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21798 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21799 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:218 <-> DISABLED <-> MALWARE-BACKDOOR MISC Solaris 2.5 attempt (malware-backdoor.rules) * 1:2180 <-> DISABLED <-> PUA-P2P BitTorrent announce request (pua-p2p.rules) * 1:21800 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21801 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21802 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file download request (file-identify.rules) * 1:21803 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21804 <-> ENABLED <-> FILE-IDENTIFY HT-MP3Player file attachment detected (file-identify.rules) * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (file-multimedia.rules) * 1:21806 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:21807 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:2181 <-> DISABLED <-> PUA-P2P BitTorrent transfer (pua-p2p.rules) * 1:21810 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21817 <-> DISABLED <-> PROTOCOL-DNS excessive queries of type ANY - potential DoS (protocol-dns.rules) * 1:21818 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %ALLUSERSPROFILE% (server-webapp.rules) * 1:21819 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %PROGRAMDATA% (server-webapp.rules) * 1:21820 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %APPDATA% (server-webapp.rules) * 1:21821 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %COMMONPROGRAMFILES% (server-webapp.rules) * 1:21822 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %COMMONPROGRAMFILES - x86% (server-webapp.rules) * 1:21823 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %COMSPEC% (server-webapp.rules) * 1:21824 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %HOMEDRIVE% (server-webapp.rules) * 1:21825 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %HOMEPATH% (server-webapp.rules) * 1:21826 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %LOCALAPPDATA% (server-webapp.rules) * 1:21827 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %PROGRAMFILES% (server-webapp.rules) * 1:21828 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %PROGRAMFILES - X86% (server-webapp.rules) * 1:21829 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %SystemDrive% (server-webapp.rules) * 1:2183 <-> DISABLED <-> SERVER-MAIL Sendmail Content-Transfer-Encoding overflow attempt (server-mail.rules) * 1:21830 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %SystemRoot% (server-webapp.rules) * 1:21831 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %TEMP% (server-webapp.rules) * 1:21832 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %TMP% (server-webapp.rules) * 1:21833 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %USERDATA% (server-webapp.rules) * 1:21834 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %USERNAME% (server-webapp.rules) * 1:21835 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %USERPROFILE% (server-webapp.rules) * 1:21836 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %WINDIR% (server-webapp.rules) * 1:21837 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %PUBLIC% (server-webapp.rules) * 1:21838 <-> DISABLED <-> SERVER-WEBAPP System variable directory traversal attempt - %PSModulePath% (server-webapp.rules) * 1:21839 <-> DISABLED <-> SERVER-WEBAPP System variable in URI attempt - %COMPUTERNAME% (server-webapp.rules) * 1:2184 <-> DISABLED <-> PROTOCOL-RPC mountd TCP mount path overflow attempt (protocol-rpc.rules) * 1:21840 <-> DISABLED <-> SERVER-WEBAPP System variable in URI attempt - %LOGONSERVER% (server-webapp.rules) * 1:21841 <-> DISABLED <-> SERVER-WEBAPP System variable in URI attempt - %PATH% (server-webapp.rules) * 1:21842 <-> DISABLED <-> SERVER-WEBAPP System variable in URI attempt - %PATHEXT% (server-webapp.rules) * 1:21843 <-> DISABLED <-> SERVER-WEBAPP System variable in URI attempt - %PROMPT% (server-webapp.rules) * 1:21844 <-> DISABLED <-> SERVER-WEBAPP System variable in URI attempt - %USERDOMAIN% (server-webapp.rules) * 1:21845 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21846 <-> DISABLED <-> MALWARE-CNC TDS Sutra - request in.cgi (malware-cnc.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules) * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules) * 1:21850 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - request hi.cgi (malware-other.rules) * 1:21851 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - redirect received (malware-other.rules) * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules) * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (app-detect.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21860 <-> ENABLED <-> MALWARE-CNC Phoenix exploit kit post-compromise behavior (malware-cnc.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21863 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21864 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21869 <-> ENABLED <-> FILE-OTHER Java JRE sandbox breach attempt (file-other.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21874 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - StrReverse (exploit-kit.rules) * 1:21875 <-> ENABLED <-> EXPLOIT-KIT Possible exploit kit post compromise activity - taskkill (exploit-kit.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules) * 1:21878 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:21879 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules) * 1:21880 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules) * 1:21881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:21882 <-> DISABLED <-> BROWSER-PLUGINS ICONICS WebHMI ActiveX clsid access attempt (browser-plugins.rules) * 1:21883 <-> DISABLED <-> BROWSER-PLUGINS ICONICS WebHMI ActiveX clsid access attempt (browser-plugins.rules) * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21896 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21897 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21898 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21899 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:219 <-> DISABLED <-> MALWARE-BACKDOOR HidePak backdoor attempt (malware-backdoor.rules) * 1:2190 <-> DISABLED <-> NETBIOS DCERPC invalid bind attempt (netbios.rules) * 1:21900 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21901 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21907 <-> DISABLED <-> FILE-OFFICE Microsoft Office rtf document generic exploit indicator (file-office.rules) * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:2191 <-> DISABLED <-> NETBIOS SMB DCERPC invalid bind attempt (netbios.rules) * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules) * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules) * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules) * 1:21913 <-> DISABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21918 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:21919 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:21920 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21921 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In CorelDRAW file parser buffer overflow attempt (server-oracle.rules) * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:21923 <-> DISABLED <-> SERVER-APACHE Apache Tomcat PUT request remote file deployment attempt (server-apache.rules) * 1:21924 <-> DISABLED <-> PUA-ADWARE Adware.Downware variant outbound connection attempt (pua-adware.rules) * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules) * 1:21926 <-> DISABLED <-> SERVER-WEBAPP Joomla JCE multiple plugin arbitrary PHP file execution attempt (server-webapp.rules) * 1:21927 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:21928 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:21929 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21930 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:21931 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:21933 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:21934 <-> DISABLED <-> PUA-ADWARE 888Poker install outbound connection attempt (pua-adware.rules) * 1:21935 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21938 <-> DISABLED <-> PROTOCOL-TELNET RuggedCom default backdoor login attempt (protocol-telnet.rules) * 1:21939 <-> ENABLED <-> PROTOCOL-TELNET RuggedCom telnet initial banner (protocol-telnet.rules) * 1:2194 <-> DISABLED <-> SERVER-WEBAPP CSMailto.cgi access (server-webapp.rules) * 1:21940 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules) * 1:21941 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory (indicator-compromise.rules) * 1:21942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:21943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:21944 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Web Reports xss attempt (server-other.rules) * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VicSpy.A variant outbound connection (malware-cnc.rules) * 1:21948 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:21949 <-> ENABLED <-> MALWARE-OTHER nikjju script injection (malware-other.rules) * 1:2195 <-> DISABLED <-> SERVER-WEBAPP alert.cgi access (server-webapp.rules) * 1:21950 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MSWebDVD ActiveX clsid access attempt (browser-plugins.rules) * 1:21951 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MSWebDVD ActiveX function call attempt (browser-plugins.rules) * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:21955 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows hlp file magic detected (file-identify.rules) * 1:21956 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows hlp file attachment detected (file-identify.rules) * 1:21957 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows hlp file attachment detected (file-identify.rules) * 1:21958 <-> DISABLED <-> MALWARE-CNC QDIGIT protocol connection to server (malware-cnc.rules) * 1:21959 <-> DISABLED <-> MALWARE-CNC UPDATE communication protocol connection to server (malware-cnc.rules) * 1:2196 <-> DISABLED <-> SERVER-WEBAPP catgy.cgi access (server-webapp.rules) * 1:21960 <-> DISABLED <-> MALWARE-CNC LURK communication protocol connection to server (malware-cnc.rules) * 1:21961 <-> DISABLED <-> MALWARE-CNC IP2B communication protocol connection to server (malware-cnc.rules) * 1:21962 <-> DISABLED <-> MALWARE-CNC BB communication protocol connection to server (malware-cnc.rules) * 1:21963 <-> DISABLED <-> MALWARE-CNC X-Shell 601 communication protocol connection to server (malware-cnc.rules) * 1:21964 <-> DISABLED <-> MALWARE-CNC Murcy protocol connection to server (malware-cnc.rules) * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules) * 1:21966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasmu connect to server (malware-cnc.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules) * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules) * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules) * 1:2197 <-> DISABLED <-> SERVER-WEBAPP cvsview2.cgi access (server-webapp.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules) * 1:21974 <-> DISABLED <-> MALWARE-CNC Worm.Expichu variant inbound connection (malware-cnc.rules) * 1:21975 <-> DISABLED <-> MALWARE-CNC Worm.Expichu variant inbound connection (malware-cnc.rules) * 1:21976 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Lapurd.D variant outbound connection (malware-cnc.rules) * 1:21977 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Pinit variant outbound connection (malware-backdoor.rules) * 1:21978 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules) * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules) * 1:2198 <-> DISABLED <-> SERVER-WEBAPP cvslog.cgi access (server-webapp.rules) * 1:21980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winac variant outbound connection (malware-cnc.rules) * 1:21981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selvice variant outbound connection (malware-cnc.rules) * 1:21982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insain variant outbound connection (malware-cnc.rules) * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules) * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:2199 <-> DISABLED <-> SERVER-WEBAPP multidiff.cgi access (server-webapp.rules) * 1:21991 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream header remote code execution attempt (browser-ie.rules) * 1:21992 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream header remote code execution attempt (browser-ie.rules) * 1:21993 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream header remote code execution attempt (browser-ie.rules) * 1:21994 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 DOM memory corruption attempt (browser-ie.rules) * 1:21995 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:21996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:220 <-> DISABLED <-> MALWARE-BACKDOOR HideSource backdoor attempt (malware-backdoor.rules) * 1:2200 <-> DISABLED <-> SERVER-WEBAPP dnewsweb.cgi access (server-webapp.rules) * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22002 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:22003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:22004 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22005 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22006 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22007 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22008 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22009 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:2201 <-> DISABLED <-> SERVER-WEBAPP Matt Wright download.cgi access (server-webapp.rules) * 1:22010 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22011 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22012 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22013 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file download request (file-identify.rules) * 1:22014 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22015 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file attachment detected (file-identify.rules) * 1:22016 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:22017 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file download request (file-identify.rules) * 1:22018 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:22019 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file attachment detected (file-identify.rules) * 1:2202 <-> DISABLED <-> SERVER-WEBAPP Webmin Directory edit_action.cgi access (server-webapp.rules) * 1:22020 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:22021 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file download request (file-identify.rules) * 1:22022 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22023 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file attachment detected (file-identify.rules) * 1:22024 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:22025 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file download request (file-identify.rules) * 1:22026 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22027 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file attachment detected (file-identify.rules) * 1:22028 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:22029 <-> DISABLED <-> FILE-OTHER Visual Studio DBP file handling buffer overflow attempt (file-other.rules) * 1:2203 <-> DISABLED <-> SERVER-WEBAPP Leif M. Wright everythingform.cgi access (server-webapp.rules) * 1:22030 <-> DISABLED <-> FILE-OTHER Visual Studio PKP file handling buffer overflow attempt (file-other.rules) * 1:22031 <-> DISABLED <-> FILE-OTHER Visual Studio SLN file handling buffer overflow attempt (file-other.rules) * 1:22032 <-> DISABLED <-> FILE-OTHER Visual Studio VAP file handling buffer overflow attempt (file-other.rules) * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules) * 1:22038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:2204 <-> DISABLED <-> SERVER-WEBAPP EasyBoard 2000 ezadmin.cgi access (server-webapp.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:22042 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules) * 1:22043 <-> ENABLED <-> FILE-IDENTIFY XM file download request (file-identify.rules) * 1:22044 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22045 <-> ENABLED <-> FILE-IDENTIFY XM file attachment detected (file-identify.rules) * 1:22046 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22049 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Internet Security ActiveX clsid access (browser-plugins.rules) * 1:2205 <-> DISABLED <-> SERVER-WEBAPP EasyBoard 2000 ezboard.cgi access (server-webapp.rules) * 1:22050 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Internet Security ActiveX function call (browser-plugins.rules) * 1:22052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:22053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insomnia variant inbound connection - post infection (malware-cnc.rules) * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules) * 1:22056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:2206 <-> DISABLED <-> SERVER-WEBAPP EasyBoard 2000 ezman.cgi access (server-webapp.rules) * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules) * 1:22061 <-> ENABLED <-> MALWARE-OTHER Alureon - Malicious IFRAME load attempt (malware-other.rules) * 1:22062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpawr variant outbound connection (malware-cnc.rules) * 1:22063 <-> DISABLED <-> SERVER-WEBAPP PHP-CGI remote file include attempt (server-webapp.rules) * 1:22064 <-> DISABLED <-> SERVER-WEBAPP PHP-CGI command injection attempt (server-webapp.rules) * 1:22065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeprox variant outbound connection (malware-cnc.rules) * 1:22066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word ScriptBridge OCX controller attempt (file-office.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:2207 <-> DISABLED <-> SERVER-WEBAPP FileSeek fileseek.cgi access (server-webapp.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22071 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - eval (indicator-obfuscation.rules) * 1:22072 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:22073 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - unescape (indicator-obfuscation.rules) * 1:22074 <-> DISABLED <-> INDICATOR-OBFUSCATION Microsoft Office Word JavaScript obfuscation - charCode (indicator-obfuscation.rules) * 1:22075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio IndexDirectorySize greater than ChildrenSize memory access attempt (file-office.rules) * 1:22076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22077 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22079 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework EvidenceBase class remote code execution attempt (os-windows.rules) * 1:2208 <-> DISABLED <-> SERVER-WEBAPP Faq-O-Matic fom.cgi access (server-webapp.rules) * 1:22080 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer xbap custom ISeralizable object exception attempt (browser-ie.rules) * 1:22081 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:22082 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file download request (file-identify.rules) * 1:22083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint pptx file attachment detected (file-identify.rules) * 1:22085 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22086 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt (file-office.rules) * 1:22087 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:2209 <-> DISABLED <-> SERVER-WEBAPP Infonautics getdoc.cgi access (server-webapp.rules) * 1:22090 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework malicious XBAP attempt (os-windows.rules) * 1:22091 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:22092 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:22093 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:22094 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:22095 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent variant outbound connection (malware-backdoor.rules) * 1:22097 <-> DISABLED <-> SERVER-WEBAPP PHP-CGI command injection attempt (server-webapp.rules) * 1:22098 <-> DISABLED <-> INDICATOR-COMPROMISE hex-encoded create_function detected (indicator-compromise.rules) * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules) * 1:221 <-> DISABLED <-> PROTOCOL-ICMP TFN Probe (protocol-icmp.rules) * 1:2210 <-> DISABLED <-> SERVER-WEBAPP Multiple Vendors global.cgi access (server-webapp.rules) * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules) * 1:22101 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:22102 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules) * 1:22104 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22105 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22106 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22107 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22108 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22109 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:2211 <-> DISABLED <-> SERVER-WEBAPP Lars Ellingsen guestserver.cgi access (server-webapp.rules) * 1:22110 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22111 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22112 <-> DISABLED <-> SERVER-MAIL Metamail format string exploit attempt (server-mail.rules) * 1:22113 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22114 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:22115 <-> DISABLED <-> SERVER-MAIL Metamail header length exploit attempt (server-mail.rules) * 1:2212 <-> DISABLED <-> SERVER-WEBAPP cgiCentral WebStore imageFolio.cgi access (server-webapp.rules) * 1:2213 <-> DISABLED <-> SERVER-WEBAPP Oatmeal Studios Mail File mailfile.cgi access (server-webapp.rules) * 1:2214 <-> DISABLED <-> SERVER-WEBAPP 3R Soft MailStudio 2000 mailview.cgi access (server-webapp.rules) * 1:2215 <-> DISABLED <-> SERVER-WEBAPP Alabanza Control Panel nsManager.cgi access (server-webapp.rules) * 1:2216 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail readmail.cgi access (server-webapp.rules) * 1:2217 <-> DISABLED <-> SERVER-WEBAPP Ipswitch IMail printmail.cgi access (server-webapp.rules) * 1:2218 <-> DISABLED <-> SERVER-WEBAPP Oracle Cobalt RaQ service.cgi access (server-webapp.rules) * 1:2219 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Interscan VirusWall setpasswd.cgi access (server-webapp.rules) * 1:222 <-> DISABLED <-> PROTOCOL-ICMP tfn2k icmp possible communication (protocol-icmp.rules) * 1:2220 <-> DISABLED <-> SERVER-WEBAPP Leif M. Wright simplestmail.cgi access (server-webapp.rules) * 1:2221 <-> DISABLED <-> SERVER-WEBAPP cgiCentral WebStore ws_mail.cgi access (server-webapp.rules) * 1:2222 <-> DISABLED <-> SERVER-WEBAPP Infinity CGI exploit scanner nph-exploitscanget.cgi access (server-webapp.rules) * 1:2223 <-> DISABLED <-> SERVER-WEBAPP CGIScript.net csNews.cgi access (server-webapp.rules) * 1:2224 <-> DISABLED <-> SERVER-WEBAPP Psunami Bulletin Board psunami.cgi access (server-webapp.rules) * 1:2225 <-> DISABLED <-> SERVER-WEBAPP Linksys BEFSR41 gozila.cgi access (server-webapp.rules) * 1:2226 <-> DISABLED <-> SERVER-WEBAPP pmachine remote file include attempt (server-webapp.rules) * 1:2227 <-> DISABLED <-> SERVER-WEBAPP forum_details.php access (server-webapp.rules) * 1:2228 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin db_details_importdocsql.php access (server-webapp.rules) * 1:2229 <-> DISABLED <-> SERVER-WEBAPP viewtopic.php access (server-webapp.rules) * 1:223 <-> DISABLED <-> MALWARE-OTHER Trin00 Daemon to Master PONG message detected (malware-other.rules) * 1:2230 <-> DISABLED <-> SERVER-WEBAPP NetGear router default password login attempt admin/password (server-webapp.rules) * 1:2231 <-> DISABLED <-> SERVER-WEBAPP register.dll access (server-webapp.rules) * 1:2232 <-> DISABLED <-> SERVER-WEBAPP ContentFilter.dll access (server-webapp.rules) * 1:2233 <-> DISABLED <-> SERVER-WEBAPP SFNofitication.dll access (server-webapp.rules) * 1:2234 <-> DISABLED <-> SERVER-WEBAPP TOP10.dll access (server-webapp.rules) * 1:2235 <-> DISABLED <-> SERVER-WEBAPP SpamExcp.dll access (server-webapp.rules) * 1:2236 <-> DISABLED <-> SERVER-WEBAPP spamrule.dll access (server-webapp.rules) * 1:2237 <-> DISABLED <-> SERVER-WEBAPP cgiWebupdate.exe access (server-webapp.rules) * 1:2238 <-> DISABLED <-> SERVER-WEBAPP WebLogic ConsoleHelp view source attempt (server-webapp.rules) * 1:2239 <-> DISABLED <-> SERVER-WEBAPP redirect.exe access (server-webapp.rules) * 1:224 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht server spoof (protocol-icmp.rules) * 1:2240 <-> DISABLED <-> SERVER-WEBAPP changepw.exe access (server-webapp.rules) * 1:2241 <-> DISABLED <-> SERVER-WEBAPP cwmail.exe access (server-webapp.rules) * 1:2242 <-> DISABLED <-> SERVER-WEBAPP ddicgi.exe access (server-webapp.rules) * 1:2243 <-> DISABLED <-> SERVER-WEBAPP ndcgi.exe access (server-webapp.rules) * 1:2244 <-> DISABLED <-> SERVER-WEBAPP VsSetCookie.exe access (server-webapp.rules) * 1:2245 <-> DISABLED <-> SERVER-WEBAPP Webnews.exe access (server-webapp.rules) * 1:2246 <-> DISABLED <-> SERVER-WEBAPP webadmin.dll access (server-webapp.rules) * 1:2247 <-> DISABLED <-> SERVER-IIS UploadScript11.asp access (server-iis.rules) * 1:2248 <-> DISABLED <-> SERVER-IIS DirectoryListing.asp access (server-iis.rules) * 1:2249 <-> DISABLED <-> SERVER-IIS /pcadmin/login.asp access (server-iis.rules) * 1:225 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht gag server response (protocol-icmp.rules) * 1:2250 <-> DISABLED <-> PROTOCOL-POP USER format string attempt (protocol-pop.rules) * 1:2252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt (os-windows.rules) * 1:2253 <-> DISABLED <-> SERVER-MAIL XEXCH50 overflow attempt (server-mail.rules) * 1:2255 <-> DISABLED <-> PROTOCOL-RPC sadmind query with root credentials attempt TCP (protocol-rpc.rules) * 1:2256 <-> DISABLED <-> PROTOCOL-RPC sadmind query with root credentials attempt UDP (protocol-rpc.rules) * 1:2257 <-> DISABLED <-> OS-WINDOWS DCERPC Messenger Service buffer overflow attempt (os-windows.rules) * 1:2258 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Messenger Service buffer overflow attempt (os-windows.rules) * 1:2259 <-> DISABLED <-> SERVER-MAIL EXPN overflow attempt (server-mail.rules) * 1:226 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht server response (protocol-icmp.rules) * 1:2260 <-> DISABLED <-> SERVER-MAIL VRFY overflow attempt (server-mail.rules) * 1:2261 <-> DISABLED <-> SERVER-MAIL Sendmail SEND FROM prescan too many addresses overflow (server-mail.rules) * 1:2262 <-> DISABLED <-> SERVER-MAIL Sendmail SEND FROM prescan too long addresses overflow (server-mail.rules) * 1:2263 <-> DISABLED <-> SERVER-MAIL Sendmail SAML FROM prescan too many addresses overflow (server-mail.rules) * 1:2264 <-> DISABLED <-> SERVER-MAIL Sendmail SAML FROM prescan too long addresses overflow (server-mail.rules) * 1:2265 <-> DISABLED <-> SERVER-MAIL Sendmail SOML FROM prescan too many addresses overflow (server-mail.rules) * 1:2266 <-> DISABLED <-> SERVER-MAIL Sendmail SOML FROM prescan too long addresses overflow (server-mail.rules) * 1:2267 <-> DISABLED <-> SERVER-MAIL Sendmail MAIL FROM prescan too many addresses overflow (server-mail.rules) * 1:2268 <-> DISABLED <-> SERVER-MAIL Sendmail MAIL FROM prescan too long addresses overflow (server-mail.rules) * 1:2269 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO prescan too many addresses overflow (server-mail.rules) * 1:227 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht client spoofworks (protocol-icmp.rules) * 1:2270 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO prescan too long addresses overflow (server-mail.rules) * 1:2271 <-> DISABLED <-> MALWARE-BACKDOOR FsSniffer connection attempt (malware-backdoor.rules) * 1:2272 <-> DISABLED <-> PROTOCOL-FTP LIST integer overflow attempt (protocol-ftp.rules) * 1:2273 <-> DISABLED <-> PROTOCOL-IMAP login brute force attempt (protocol-imap.rules) * 1:2274 <-> DISABLED <-> PROTOCOL-POP login brute force attempt (protocol-pop.rules) * 1:2275 <-> DISABLED <-> SERVER-MAIL AUTH LOGON brute force attempt (server-mail.rules) * 1:2276 <-> DISABLED <-> SERVER-WEBAPP oracle portal demo access (server-webapp.rules) * 1:2277 <-> DISABLED <-> SERVER-WEBAPP PeopleSoft PeopleBooks psdoccgi access (server-webapp.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:2279 <-> DISABLED <-> SERVER-WEBAPP UpdateClasses.php access (server-webapp.rules) * 1:228 <-> DISABLED <-> PROTOCOL-ICMP TFN client command BE (protocol-icmp.rules) * 1:2280 <-> DISABLED <-> SERVER-WEBAPP Title.php access (server-webapp.rules) * 1:2281 <-> DISABLED <-> SERVER-WEBAPP Setup.php access (server-webapp.rules) * 1:2282 <-> DISABLED <-> SERVER-WEBAPP GlobalFunctions.php access (server-webapp.rules) * 1:2283 <-> DISABLED <-> SERVER-WEBAPP DatabaseFunctions.php access (server-webapp.rules) * 1:2284 <-> DISABLED <-> SERVER-WEBAPP rolis guestbook remote file include attempt (server-webapp.rules) * 1:2285 <-> DISABLED <-> SERVER-WEBAPP rolis guestbook access (server-webapp.rules) * 1:2286 <-> DISABLED <-> SERVER-WEBAPP friends.php access (server-webapp.rules) * 1:2287 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_comment.php access (server-webapp.rules) * 1:2288 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_edit.php access (server-webapp.rules) * 1:2289 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_embed.php access (server-webapp.rules) * 1:229 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht client check skillz (protocol-icmp.rules) * 1:2290 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_help.php access (server-webapp.rules) * 1:2291 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_license.php access (server-webapp.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22917 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - cmd (indicator-compromise.rules) * 1:22918 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - search (indicator-compromise.rules) * 1:22919 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - upload (indicator-compromise.rules) * 1:2292 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_logout.php access (server-webapp.rules) * 1:22920 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - about (indicator-compromise.rules) * 1:22921 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - encoder (indicator-compromise.rules) * 1:22922 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - bind (indicator-compromise.rules) * 1:22923 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ps_aux (indicator-compromise.rules) * 1:22924 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ftpquickbrute (indicator-compromise.rules) * 1:22925 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - security (indicator-compromise.rules) * 1:22926 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - sql (indicator-compromise.rules) * 1:22927 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - eval (indicator-compromise.rules) * 1:22928 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - feedback (indicator-compromise.rules) * 1:22929 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - selfremove (indicator-compromise.rules) * 1:2293 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_password.php access (server-webapp.rules) * 1:22930 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - fsbuff (indicator-compromise.rules) * 1:22931 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - ls (indicator-compromise.rules) * 1:22932 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - phpinfo (indicator-compromise.rules) * 1:22933 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell.php command request - tools (indicator-compromise.rules) * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:22938 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules) * 1:2294 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_preview.php access (server-webapp.rules) * 1:22940 <-> DISABLED <-> INDICATOR-COMPROMISE Win32.Virut web propagation detection (indicator-compromise.rules) * 1:22941 <-> DISABLED <-> FILE-PDF Possible malicious PDF detection - qweqwe= (file-pdf.rules) * 1:22942 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:22943 <-> ENABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules) * 1:22949 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:2295 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_settings.php access (server-webapp.rules) * 1:22950 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt big endian (server-webapp.rules) * 1:22951 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt little endian (server-webapp.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules) * 1:22954 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:22955 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:22956 <-> ENABLED <-> FILE-IDENTIFY AMF file attachment detected (file-identify.rules) * 1:2296 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_stats.php access (server-webapp.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22963 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22964 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RMP file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22967 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22968 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RP file attachment detected (file-identify.rules) * 1:22969 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:2297 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_templates_misc.php access (server-webapp.rules) * 1:22970 <-> ENABLED <-> FILE-IDENTIFY remote desktop configuration file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22973 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22974 <-> ENABLED <-> FILE-IDENTIFY M4A file attachment detected (file-identify.rules) * 1:22975 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22976 <-> ENABLED <-> FILE-IDENTIFY M4P file attachment detected (file-identify.rules) * 1:22977 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22978 <-> ENABLED <-> FILE-IDENTIFY M4R file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:2298 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_templates.php access (server-webapp.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22981 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22982 <-> ENABLED <-> FILE-IDENTIFY M4B file attachment detected (file-identify.rules) * 1:22983 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22984 <-> ENABLED <-> FILE-IDENTIFY 3GP file attachment detected (file-identify.rules) * 1:22985 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> ENABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22987 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22988 <-> ENABLED <-> FILE-IDENTIFY k3g file attachment detected (file-identify.rules) * 1:22989 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:2299 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_tpl_misc_new.php access (server-webapp.rules) * 1:22990 <-> ENABLED <-> FILE-IDENTIFY SKM file attachment detected (file-identify.rules) * 1:22991 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22992 <-> ENABLED <-> FILE-IDENTIFY QT file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22997 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22998 <-> ENABLED <-> FILE-IDENTIFY MHTML file attachment detected (file-identify.rules) * 1:22999 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:230 <-> DISABLED <-> MALWARE-OTHER shaft client login to handler (malware-other.rules) * 1:2300 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll admin_tpl_new.php access (server-webapp.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23002 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23003 <-> ENABLED <-> FILE-IDENTIFY CSV file attachment detected (file-identify.rules) * 1:23004 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23005 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23006 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23007 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23009 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:2301 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll booth.php access (server-webapp.rules) * 1:23010 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:23011 <-> ENABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:23015 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari runin handling use after free attempt (browser-chrome.rules) * 1:23016 <-> DISABLED <-> INDICATOR-COMPROMISE base64-encoded c99shell download (indicator-compromise.rules) * 1:23017 <-> DISABLED <-> INDICATOR-COMPROMISE c99shell comment (indicator-compromise.rules) * 1:23018 <-> DISABLED <-> INDICATOR-OBFUSCATION eval of base64-encoded data (indicator-obfuscation.rules) * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules) * 1:2302 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll poll_ssi.php access (server-webapp.rules) * 1:2303 <-> DISABLED <-> SERVER-WEBAPP Advanced Poll popup.php access (server-webapp.rules) * 1:2304 <-> DISABLED <-> SERVER-WEBAPP files.inc.php access (server-webapp.rules) * 1:23041 <-> DISABLED <-> FILE-PDF EmbeddedFile contained within a PDF (file-pdf.rules) * 1:23043 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23044 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - CreationDate (file-pdf.rules) * 1:23045 <-> DISABLED <-> FILE-PDF Unknown malicious PDF - Title (file-pdf.rules) * 1:23046 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23047 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23048 <-> DISABLED <-> BROWSER-PLUGINS McAfee Virtual Technician Security Bypass ActiveX clsid access attempt (browser-plugins.rules) * 1:23049 <-> DISABLED <-> BROWSER-PLUGINS McAfee Virtual Technician Security Bypass ActiveX clsid access attempt (browser-plugins.rules) * 1:2305 <-> DISABLED <-> SERVER-WEBAPP chatbox.php access (server-webapp.rules) * 1:23050 <-> DISABLED <-> BROWSER-PLUGINS McAfee Virtual Technician Security Bypass ActiveX clsid access attempt (browser-plugins.rules) * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules) * 1:23054 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nSSVGValue memory corruption attempt (browser-firefox.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Multiple Products FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23056 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:23059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:2306 <-> DISABLED <-> SERVER-WEBAPP gallery remote file include attempt (server-webapp.rules) * 1:1000 <-> DISABLED <-> SERVER-IIS bdir.htr access (server-iis.rules) * 1:1001 <-> DISABLED <-> SERVER-WEBAPP carbo.dll access (server-webapp.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10011 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers APPEND command buffer overflow attempt (server-mail.rules) * 1:10013 <-> DISABLED <-> BROWSER-PLUGINS CCRP FolderTreeView ActiveX clsid access (browser-plugins.rules) * 1:10015 <-> DISABLED <-> BROWSER-PLUGINS Oracle ORADC ActiveX clsid access (browser-plugins.rules) * 1:10017 <-> DISABLED <-> BROWSER-PLUGINS Oracle ORADC ActiveX function call access (browser-plugins.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:1002 <-> DISABLED <-> SERVER-IIS cmd.exe access (server-iis.rules) * 1:10024 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules) * 1:1003 <-> DISABLED <-> SERVER-IIS cmd? access (server-iis.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10036 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor ASRemotePFC overflow attempt (netbios.rules) * 1:1004 <-> DISABLED <-> SERVER-IIS codebrowser Exair access (server-iis.rules) * 1:1005 <-> DISABLED <-> SERVER-IIS codebrowser SDK access (server-iis.rules) * 1:10050 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 ASDBLoginToComputer overflow attempt (netbios.rules) * 1:10062 <-> DISABLED <-> FILE-IMAGE Oracle Java Virtual Machine malformed GIF buffer overflow attempt (file-image.rules) * 1:10063 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox query interface suspicious function call access attempt (browser-firefox.rules) * 1:10064 <-> DISABLED <-> SERVER-OTHER Peercast URL Parameter overflow attempt (server-other.rules) * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:1007 <-> DISABLED <-> SERVER-IIS Form_JScript.asp access (server-iis.rules) * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules) * 1:13547 <-> DISABLED <-> BROWSER-PLUGINS Sony ImageStation ActiveX clsid access (browser-plugins.rules) * 1:13549 <-> DISABLED <-> BROWSER-PLUGINS Sony ImageStation ActiveX function call access (browser-plugins.rules) * 1:13551 <-> DISABLED <-> SERVER-ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt (server-oracle.rules) * 1:13552 <-> DISABLED <-> SERVER-OTHER Symantec VERITAS Storage Foundation Suite buffer overflow attempt (server-other.rules) * 1:13553 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink username string buffer overflow (server-other.rules) * 1:13554 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink version string buffer overflow (server-other.rules) * 1:13555 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink remoteID string buffer overflow (server-other.rules) * 1:13556 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 1 (pua-adware.rules) * 1:13557 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - search traffic 2 (pua-adware.rules) * 1:13558 <-> DISABLED <-> PUA-ADWARE Hijacker kword interkey outbound connection - log user info (pua-adware.rules) * 1:13559 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - initial connection (pua-toolbars.rules) * 1:13560 <-> DISABLED <-> PUA-TOOLBARS Hijacker kompass toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13561 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - presale request (pua-adware.rules) * 1:13562 <-> DISABLED <-> PUA-ADWARE Adware malware alarm runtime detection - update request (pua-adware.rules) * 1:13563 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - presale request (pua-adware.rules) * 1:13564 <-> DISABLED <-> PUA-ADWARE Adware system doctor runtime detection - update status (pua-adware.rules) * 1:13565 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - initial traffic (pua-adware.rules) * 1:13566 <-> DISABLED <-> PUA-ADWARE Trickler iecodec outbound connection - message dialog (pua-adware.rules) * 1:13567 <-> DISABLED <-> MALWARE-OTHER Keylogger msn spy monitor runtime detection (malware-other.rules) * 1:13568 <-> DISABLED <-> MALWARE-OTHER Keylogger sys keylog 1.3 advanced runtime detection (malware-other.rules) * 1:13569 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:13570 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel cf record arbitrary code excecution attempt (file-office.rules) * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code execution attempt (file-office.rules) * 1:13572 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:13573 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:13580 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components remote code execution attempt ActiveX clsid access (browser-plugins.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13584 <-> ENABLED <-> FILE-IDENTIFY CSV file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules) * 1:13589 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Via header request misplaced - after terminating newline (protocol-voip.rules) * 1:13590 <-> DISABLED <-> PROTOCOL-VOIP OPTIONS message Call-ID header request misplaced - after terminating newline (protocol-voip.rules) * 1:13591 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:13594 <-> DISABLED <-> OS-WINDOWS Microsoft Windows print spooler little endian DoS attempt (os-windows.rules) * 1:13595 <-> DISABLED <-> BROWSER-PLUGINS ICQ Toolbar toolbaru.dll ActiveX clsid access (browser-plugins.rules) * 1:13597 <-> DISABLED <-> BROWSER-PLUGINS ICQ Toolbar toolbaru.dll ActiveX function call access (browser-plugins.rules) * 1:13599 <-> DISABLED <-> BROWSER-PLUGINS Kingsoft Antivirus Online Update Module ActiveX clsid access (browser-plugins.rules) * 1:13601 <-> DISABLED <-> BROWSER-PLUGINS Kingsoft Antivirus Online Update Module ActiveX function call access (browser-plugins.rules) * 1:13603 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX function call access (browser-plugins.rules) * 1:13605 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX function call access (browser-plugins.rules) * 1:13607 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX clsid access (browser-plugins.rules) * 1:13609 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL Vulnerble Property ActiveX function call access (browser-plugins.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13614 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13615 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow attempt (server-other.rules) * 1:13616 <-> DISABLED <-> SERVER-OTHER CVS Argument overflow (server-other.rules) * 1:13617 <-> DISABLED <-> SERVER-ORACLE Oracle database version 8 username buffer overflow attempt (server-oracle.rules) * 1:13618 <-> DISABLED <-> SERVER-ORACLE Oracle database version 9 username buffer overflow attempt (server-oracle.rules) * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules) * 1:13620 <-> DISABLED <-> SERVER-OTHER CA Brightstor discovery service alternate buffer overflow attempt (server-other.rules) * 1:13621 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX clsid access (browser-plugins.rules) * 1:13623 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX function call access (browser-plugins.rules) * 1:13625 <-> DISABLED <-> MALWARE-CNC MBR rootkit HTTP POST activity detected (malware-cnc.rules) * 1:13626 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:13629 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:13630 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:13631 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules) * 1:13632 <-> DISABLED <-> SERVER-OTHER Zango adware installation request (server-other.rules) * 1:13633 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:13635 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - get malicious link (pua-adware.rules) * 1:13636 <-> DISABLED <-> PUA-ADWARE Trickler downloader trojan.gen outbound connection - download malicious link (pua-adware.rules) * 1:13637 <-> DISABLED <-> PUA-ADWARE Adware virus heat runtime detection - presale request (pua-adware.rules) * 1:13638 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.VirusHeat (malware-cnc.rules) * 1:13639 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - connection to toolbar (pua-toolbars.rules) * 1:13640 <-> DISABLED <-> PUA-TOOLBARS Hijacker locmag toolbar runtime detection - hijacks address bar (pua-toolbars.rules) * 1:13641 <-> DISABLED <-> PUA-TOOLBARS Hijacker eclickz toolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13642 <-> DISABLED <-> MALWARE-OTHER Keylogger easy Keylogger runtime detection (malware-other.rules) * 1:13643 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - toolbar traffic (pua-toolbars.rules) * 1:13644 <-> DISABLED <-> PUA-TOOLBARS Hijacker zztoolbar runtime detection - search traffic (pua-toolbars.rules) * 1:13645 <-> DISABLED <-> PUA-TOOLBARS Hijacker mxs toolbar runtime detection (pua-toolbars.rules) * 1:13646 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - presale request (pua-adware.rules) * 1:13647 <-> DISABLED <-> PUA-ADWARE Adware registry defender runtime detection - error report request (pua-adware.rules) * 1:13648 <-> DISABLED <-> PUA-ADWARE Hijacker mysearch bar 2.0.2.28 runtime detection (pua-adware.rules) * 1:13649 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - presale request (pua-adware.rules) * 1:13650 <-> DISABLED <-> PUA-ADWARE Adware spyware stop runtime detection - auto updates (pua-adware.rules) * 1:13651 <-> DISABLED <-> MALWARE-OTHER Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (malware-other.rules) * 1:13652 <-> DISABLED <-> PUA-ADWARE Keylogger all in one Keylogger runtime detection (pua-adware.rules) * 1:13653 <-> DISABLED <-> PUA-ADWARE Adware cashfiesta adbar runtime detection - updates traffic (pua-adware.rules) * 1:13654 <-> DISABLED <-> MALWARE-CNC nuclear rat 2.1 variant outbound connection (malware-cnc.rules) * 1:13655 <-> DISABLED <-> MALWARE-CNC nuclear rat 2.1 variant outbound connection (malware-cnc.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13657 <-> DISABLED <-> BROWSER-PLUGINS BusinessObjects RptViewerAx ActiveX clsid access (browser-plugins.rules) * 1:13659 <-> DISABLED <-> BROWSER-PLUGINS BusinessObjects RptViewerAx ActiveX function call access (browser-plugins.rules) * 1:13661 <-> DISABLED <-> BROWSER-PLUGINS VeralSoft HTTP File Upload ActiveX clsid access (browser-plugins.rules) * 1:13663 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon IMAP Server FETCH command buffer overflow attempt (server-mail.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:13665 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:13668 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX clsid access (browser-plugins.rules) * 1:13670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control ActiveX function call access (browser-plugins.rules) * 1:13672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX clsid access (browser-plugins.rules) * 1:13674 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX function call access (browser-plugins.rules) * 1:13677 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream memory corruption attempt (browser-ie.rules) * 1:13679 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:13681 <-> DISABLED <-> BROWSER-PLUGINS CDNetworks Nefficient Download ActiveX clsid access (browser-plugins.rules) * 1:13683 <-> DISABLED <-> BROWSER-PLUGINS CDNetworks Nefficient Download ActiveX function call access (browser-plugins.rules) * 1:13685 <-> DISABLED <-> BROWSER-PLUGINS Chilkat HTTP 1 ActiveX clsid access (browser-plugins.rules) * 1:13687 <-> DISABLED <-> BROWSER-PLUGINS Chilkat HTTP 1 ActiveX function call access (browser-plugins.rules) * 1:13689 <-> DISABLED <-> BROWSER-PLUGINS Chilkat HTTP 2 ActiveX clsid access (browser-plugins.rules) * 1:13691 <-> DISABLED <-> BROWSER-PLUGINS Chilkat HTTP 2 ActiveX function call access (browser-plugins.rules) * 1:13693 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:13694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long get request exploit attempt (server-other.rules) * 1:13695 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix RTSP long setup request exploit attempt (server-other.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:13699 <-> DISABLED <-> BROWSER-PLUGINS CA DSM gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:13714 <-> DISABLED <-> SERVER-MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (server-mysql.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13716 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (protocol-rpc.rules) * 1:13717 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve udp procedure 232 attempt (protocol-rpc.rules) * 1:13719 <-> DISABLED <-> SERVER-ORACLE database username buffer overflow (server-oracle.rules) * 1:13720 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 3 ActiveX clsid access (browser-plugins.rules) * 1:13722 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 4 ActiveX clsid access (browser-plugins.rules) * 1:13724 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 5 ActiveX clsid access (browser-plugins.rules) * 1:13726 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 6 ActiveX clsid access (browser-plugins.rules) * 1:13728 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 7 ActiveX clsid access (browser-plugins.rules) * 1:13730 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 8 ActiveX clsid access (browser-plugins.rules) * 1:13732 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 9 ActiveX clsid access (browser-plugins.rules) * 1:13734 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 10 ActiveX clsid access (browser-plugins.rules) * 1:13736 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 11 ActiveX clsid access (browser-plugins.rules) * 1:13738 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 12 ActiveX clsid access (browser-plugins.rules) * 1:1374 <-> DISABLED <-> SERVER-WEBAPP .htgroup access (server-webapp.rules) * 1:13740 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 13 ActiveX clsid access (browser-plugins.rules) * 1:13742 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 14 ActiveX clsid access (browser-plugins.rules) * 1:13744 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 15 ActiveX clsid access (browser-plugins.rules) * 1:13746 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 16 ActiveX clsid access (browser-plugins.rules) * 1:13748 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 17 ActiveX clsid access (browser-plugins.rules) * 1:1375 <-> DISABLED <-> SERVER-WEBAPP sadmind worm access (server-webapp.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules) * 1:30033 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense webConfigurator invalid input attempt (server-webapp.rules) * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules) * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules) * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules) * 1:30037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zaleelq variant outbound connection (malware-cnc.rules) * 1:30038 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:3004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules) * 1:30040 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:30041 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:30042 <-> DISABLED <-> SERVER-WEBAPP WebCalendar index.php form_readonly login parameter command injection (server-webapp.rules) * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules) * 1:30048 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:30049 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:3005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules) * 1:30050 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:30051 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:30052 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:30053 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules) * 1:30057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peronspy outbound system information disclosure (malware-cnc.rules) * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules) * 1:3006 <-> DISABLED <-> SERVER-OTHER Volition Freespace 2 buffer overflow attempt (server-other.rules) * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules) * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules) * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules) * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules) * 1:30065 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart compromise attempt detected (indicator-compromise.rules) * 1:30066 <-> ENABLED <-> INDICATOR-COMPROMISE ZenCart malicious redirect attempt detected (indicator-compromise.rules) * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30070 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30071 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30072 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.iBanking outbound connection attempt (malware-other.rules) * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules) * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules) * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules) * 1:30079 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:3008 <-> DISABLED <-> PROTOCOL-IMAP delete literal overflow attempt (protocol-imap.rules) * 1:30080 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:30081 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:30082 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules) * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:3009 <-> DISABLED <-> MALWARE-BACKDOOR NetBus Pro 2.0 connection request (malware-backdoor.rules) * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules) * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules) * 1:30092 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise Client for Windows ActiveX clsid access (browser-plugins.rules) * 1:30093 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise Client for Windows ActiveX function call access (browser-plugins.rules) * 1:30094 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 214 buffer overflow attempt (server-other.rules) * 1:30095 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 216 buffer overflow attempt (server-other.rules) * 1:30096 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 219 buffer overflow attempt (server-other.rules) * 1:30097 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 257 buffer overflow attempt (server-other.rules) * 1:30098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP file timestamp (malware-cnc.rules) * 1:30099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS stolen data transfer to internal staging area (malware-cnc.rules) * 1:301 <-> DISABLED <-> SERVER-OTHER LPRng overflow (server-other.rules) * 1:3010 <-> DISABLED <-> MALWARE-CNC RUX the Tick get windows directory (malware-cnc.rules) * 1:30100 <-> DISABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules) * 1:30101 <-> ENABLED <-> FILE-OTHER ftpchk3.php malicious script upload attempt (file-other.rules) * 1:30102 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:30103 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:30104 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:30105 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:30106 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:30107 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:30108 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Remove Format use after free attempt (browser-ie.rules) * 1:30109 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Remove Format use after free attempt (browser-ie.rules) * 1:3011 <-> DISABLED <-> MALWARE-CNC RUX the Tick get system directory (malware-cnc.rules) * 1:30110 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:30111 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:30112 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:30113 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:30116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer button element onreadystatechange use after free attempt (browser-ie.rules) * 1:30117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer button element onreadystatechange use after free attempt (browser-ie.rules) * 1:30118 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setEndPoint use after free attempt (browser-ie.rules) * 1:30119 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setEndPoint use after free attempt (browser-ie.rules) * 1:3012 <-> DISABLED <-> MALWARE-CNC RUX the Tick upload/execute arbitrary file (malware-cnc.rules) * 1:30120 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer pastHTML use after free (browser-ie.rules) * 1:30121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer pastHTML use after free (browser-ie.rules) * 1:30122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectElement SetCurSel remote code execution attempt (browser-ie.rules) * 1:30123 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules) * 1:30124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules) * 1:30125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeDataPos object use after free attempt (browser-ie.rules) * 1:30126 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeDataPos object use after free attempt (browser-ie.rules) * 1:30127 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free memory corruption attempt (browser-ie.rules) * 1:30128 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free memory corruption attempt (browser-ie.rules) * 1:30129 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Nested Tables use after free attempt (browser-ie.rules) * 1:3013 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection request (malware-cnc.rules) * 1:30130 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Nested Tables use after free attempt (browser-ie.rules) * 1:30131 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ruby element in media element use after free attempt (browser-ie.rules) * 1:30132 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ruby element in media element use after free attempt (browser-ie.rules) * 1:30133 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:30134 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload delivery - specific string (exploit-kit.rules) * 1:30137 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie set (malware-other.rules) * 1:30138 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - RULEZ cookie (malware-other.rules) * 1:3014 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection (malware-cnc.rules) * 1:30140 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove use after free attempt (browser-ie.rules) * 1:30141 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove use after free attempt (browser-ie.rules) * 1:30142 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove use after free attempt (browser-ie.rules) * 1:30143 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove use after free attempt (browser-ie.rules) * 1:30144 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ruby text tag heap-based buffer overflow attempt (browser-ie.rules) * 1:30145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ruby text tag heap-based buffer overflow attempt (browser-ie.rules) * 1:30146 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30147 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30148 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:30149 <-> DISABLED <-> FILE-FLASH Adobe Flash incorrect null uri character normalization attempt (file-flash.rules) * 1:3015 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection (malware-cnc.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30153 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules) * 1:30154 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules) * 1:30155 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules) * 1:30156 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules) * 1:30157 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules) * 1:30158 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules) * 1:30159 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules) * 1:3016 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection port 63536 (malware-cnc.rules) * 1:30160 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules) * 1:30161 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules) * 1:30162 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules) * 1:30163 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules) * 1:30164 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules) * 1:30165 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules) * 1:30166 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules) * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules) * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules) * 1:30169 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS uninitialized object access attempt detected (browser-ie.rules) * 1:3017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:3018 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules) * 1:3019 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules) * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules) * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules) * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules) * 1:30194 <-> DISABLED <-> SERVER-WEBAPP Apache Camel XSLT unauthorized code execution (server-webapp.rules) * 1:30195 <-> DISABLED <-> APP-DETECT Paros proxy outbound connection attempt (app-detect.rules) * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:30199 <-> DISABLED <-> SERVER-WEBAPP PHP DateInterval heap buffer overread denial of service attempt (server-webapp.rules) * 1:302 <-> DISABLED <-> OS-LINUX Redhat 7.0 lprd overflow (os-linux.rules) * 1:3020 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules) * 1:30200 <-> DISABLED <-> SERVER-WEBAPP PHP DateInterval heap buffer overread denial of service attempt (server-webapp.rules) * 1:30201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer merged stylesheet array use after free attempt (browser-ie.rules) * 1:30202 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper uidl header overflow attempt (server-mail.rules) * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules) * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules) * 1:30209 <-> DISABLED <-> SERVER-WEBAPP Microsoft Forefront Unified Access Gateway null session cookie denial of service (server-webapp.rules) * 1:3021 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules) * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules) * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules) * 1:30212 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30213 <-> DISABLED <-> FILE-IMAGE GIMP heap buffer overflow vulnerability attempt (file-image.rules) * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30218 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:30219 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound jar request (exploit-kit.rules) * 1:3022 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules) * 1:30220 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:30221 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit linux/x86 reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30222 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30223 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell stage transfer attempt (indicator-shellcode.rules) * 1:30224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit shellcode linux/x86/shell_reverse_tcp single stage transfer attempt (indicator-shellcode.rules) * 1:30225 <-> DISABLED <-> INDICATOR-SHELLCODE possible /bin/sh shellcode transfer attempt (indicator-shellcode.rules) * 1:30226 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/meterpreter stage transfer attempt (indicator-shellcode.rules) * 1:30227 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/reverse_tcp stager transfer attempt (indicator-shellcode.rules) * 1:30228 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:30229 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit windows/shell stage transfer attempt (indicator-shellcode.rules) * 1:3023 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules) * 1:30230 <-> ENABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - www.dawhois.com (indicator-compromise.rules) * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules) * 1:30232 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:30233 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:30236 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader field flags exploit attempt (file-pdf.rules) * 1:30237 <-> DISABLED <-> PUA-ADWARE InstallMonster initial runtime outbound connection (pua-adware.rules) * 1:30238 <-> DISABLED <-> PUA-ADWARE InstallMonster follow-up outbound connection (pua-adware.rules) * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules) * 1:3024 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules) * 1:30240 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30241 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:30242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:30244 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:30245 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:30247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30248 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fodbcConn parsing remote code execution attempt (file-office.rules) * 1:30249 <-> ENABLED <-> SERVER-WEBAPP Embedded php in Exif data upload attempt (server-webapp.rules) * 1:3025 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules) * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules) * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules) * 1:30252 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor filter security policy bypass attempt (browser-chrome.rules) * 1:30253 <-> DISABLED <-> APP-DETECT Anyplace proxy header detected (app-detect.rules) * 1:30254 <-> DISABLED <-> APP-DETECT Anyplace usage attempt (app-detect.rules) * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules) * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules) * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules) * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules) * 1:3026 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE SACL overflow attempt (netbios.rules) * 1:30260 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30261 <-> ENABLED <-> PUA-ADWARE Lucky Leap Adware outbound connection (pua-adware.rules) * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:30263 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30265 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30266 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30267 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30268 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:3027 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (netbios.rules) * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules) * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules) * 1:30272 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki redirected client DNS request (malware-other.rules) * 1:30273 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Onimiki DNS compromised server response (malware-other.rules) * 1:30274 <-> ENABLED <-> SERVER-WEBAPP LifeSize UVC remote code execution attempt (server-webapp.rules) * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules) * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules) * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules) * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules) * 1:3028 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules) * 1:30280 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php remote code execution attempt (server-webapp.rules) * 1:30281 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool SMBv2 (policy-other.rules) * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules) * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules) * 1:30289 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HtmlLayout SmartObject use after free attempt (browser-ie.rules) * 1:3029 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules) * 1:30290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bruterdep variant outbound connection (malware-cnc.rules) * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30294 <-> DISABLED <-> SERVER-WEBAPP SePortal poll.php SQL injection attempt (server-webapp.rules) * 1:30295 <-> DISABLED <-> SERVER-WEBAPP SePortal print.php SQL injection attempt (server-webapp.rules) * 1:30296 <-> DISABLED <-> SERVER-WEBAPP SePortal staticpages.php SQL injection attempt (server-webapp.rules) * 1:30297 <-> DISABLED <-> SERVER-WEBAPP Katello update_roles method privilege escalation attempt (server-webapp.rules) * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules) * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules) * 1:303 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow named tsig overflow attempt (server-other.rules) * 1:3030 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt (netbios.rules) * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules) * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules) * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules) * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules) * 1:30305 <-> DISABLED <-> SERVER-WEBAPP Horde Framework variables.php unserialize PHP code execution attempt (server-webapp.rules) * 1:30306 <-> ENABLED <-> EXPLOIT-KIT SofosFO/Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:30307 <-> DISABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules) * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules) * 1:3031 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules) * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules) * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules) * 1:30312 <-> ENABLED <-> EXPLOIT-KIT WhiteLotus exploit kit plugin outbound detection (exploit-kit.rules) * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules) * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules) * 1:30316 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30317 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:30319 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit malicious portable executable file request (exploit-kit.rules) * 1:3032 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules) * 1:30320 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules) * 1:30325 <-> ENABLED <-> MALWARE-OTHER malicious iframe injection redirect attempt (malware-other.rules) * 1:30326 <-> DISABLED <-> OS-LINUX Linux kernel SCTP duplicate cookie denial of service attempt (os-linux.rules) * 1:30327 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules) * 1:30328 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:3033 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules) * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules) * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules) * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules) * 1:30335 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Calfbot variant outbound connection (malware-cnc.rules) * 1:30336 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Calfbot outbound connection (malware-cnc.rules) * 1:30337 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst SSH protocol mismatch denial of service attempt (server-other.rules) * 1:30338 <-> DISABLED <-> SERVER-OTHER Cisco 677-678 telnet buffer overflow attempt (server-other.rules) * 1:30339 <-> DISABLED <-> SERVER-OTHER Cisco Catalyst telnet memory leak denial of service attempt (server-other.rules) * 1:3034 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE DACL overflow attempt (netbios.rules) * 1:30340 <-> DISABLED <-> SERVER-WEBAPP Cisco 675 web administration denial of service attempt (server-webapp.rules) * 1:30341 <-> DISABLED <-> SERVER-WEBAPP Cisco CatOS CiscoView HTTP server buffer overflow attempt (server-webapp.rules) * 1:30342 <-> DISABLED <-> SERVER-WEBAPP Cisco IOS HTTP server denial of service attempt (server-webapp.rules) * 1:30343 <-> DISABLED <-> SERVER-WEBAPP Joomla weblinks-categories SQL injection attempt (server-webapp.rules) * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules) * 1:30345 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onbeforeeditfocus element attribute use after free attempt (browser-ie.rules) * 1:30347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:30349 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:3035 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (netbios.rules) * 1:30350 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30351 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_find_port (indicator-shellcode.rules) * 1:30352 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_interact (indicator-shellcode.rules) * 1:30353 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload aix_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30354 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload android_shell_reverse_tcp (indicator-shellcode.rules) * 1:30355 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30356 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30357 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_exec (indicator-shellcode.rules) * 1:30358 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30359 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:3036 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt (netbios.rules) * 1:30360 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_find_port (indicator-shellcode.rules) * 1:30361 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30362 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsd_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30363 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload bsdi_x86_shell_find_port (indicator-shellcode.rules) * 1:30364 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_awk (indicator-shellcode.rules) * 1:30365 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_inetd (indicator-shellcode.rules) * 1:30366 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_lua (indicator-shellcode.rules) * 1:30367 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat (indicator-shellcode.rules) * 1:30368 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping (indicator-shellcode.rules) * 1:30369 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_netcat_gaping_ipv6 (indicator-shellcode.rules) * 1:3037 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules) * 1:30370 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_nodejs (indicator-shellcode.rules) * 1:30371 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl (indicator-shellcode.rules) * 1:30372 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30373 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_ruby (indicator-shellcode.rules) * 1:30374 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_bind_zsh (indicator-shellcode.rules) * 1:30375 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse (indicator-shellcode.rules) * 1:30376 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_awk (indicator-shellcode.rules) * 1:30377 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_lua (indicator-shellcode.rules) * 1:30378 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_openssl (indicator-shellcode.rules) * 1:30379 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:3038 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt (netbios.rules) * 1:30380 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl_ssl (indicator-shellcode.rules) * 1:30381 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_php_ssl (indicator-shellcode.rules) * 1:30382 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_python (indicator-shellcode.rules) * 1:30383 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby (indicator-shellcode.rules) * 1:30384 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_ruby_ssl (indicator-shellcode.rules) * 1:30385 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_zsh (indicator-shellcode.rules) * 1:30386 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_adduser (indicator-shellcode.rules) * 1:30387 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl (indicator-shellcode.rules) * 1:30388 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_perl_ipv6 (indicator-shellcode.rules) * 1:30389 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_bind_ruby (indicator-shellcode.rules) * 1:3039 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules) * 1:30390 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_download_exec_vbs (indicator-shellcode.rules) * 1:30391 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_perl (indicator-shellcode.rules) * 1:30392 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_powershell (indicator-shellcode.rules) * 1:30393 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_windows_reverse_ruby (indicator-shellcode.rules) * 1:30394 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_exec (indicator-shellcode.rules) * 1:30395 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload firefox_shell_bind_tcp (indicator-shellcode.rules) * 1:30396 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_jsp_shell_bind_tcp (indicator-shellcode.rules) * 1:30397 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload java_shell_reverse_tcp (indicator-shellcode.rules) * 1:30398 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_adduser (indicator-shellcode.rules) * 1:30399 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_exec (indicator-shellcode.rules) * 1:304 <-> DISABLED <-> SERVER-OTHER SCO calserver overflow (server-other.rules) * 1:3040 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt (netbios.rules) * 1:30400 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30401 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30402 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_bind_tcp (indicator-shellcode.rules) * 1:30403 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsbe_shell_reverse_tcp (indicator-shellcode.rules) * 1:30404 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_reboot (indicator-shellcode.rules) * 1:30405 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_bind_tcp (indicator-shellcode.rules) * 1:30406 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_mipsle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30407 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_bind_tcp (indicator-shellcode.rules) * 1:30408 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc64_shell_find_port (indicator-shellcode.rules) * 1:30409 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:3041 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules) * 1:30410 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_ppc_shell_find_port (indicator-shellcode.rules) * 1:30411 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_exec (indicator-shellcode.rules) * 1:30412 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp (indicator-shellcode.rules) * 1:30413 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30414 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_find_port (indicator-shellcode.rules) * 1:30415 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30416 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_adduser (indicator-shellcode.rules) * 1:30417 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_chmod (indicator-shellcode.rules) * 1:30418 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_exec (indicator-shellcode.rules) * 1:30419 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_ipv6_tcp (indicator-shellcode.rules) * 1:3042 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules) * 1:30420 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30421 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30422 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_find_tag (indicator-shellcode.rules) * 1:30423 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_ipv6_tcp (indicator-shellcode.rules) * 1:30424 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_nonx_tcp (indicator-shellcode.rules) * 1:30425 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30426 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_ipv6_tcp (indicator-shellcode.rules) * 1:30427 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30428 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_bind_tcp_random_port (indicator-shellcode.rules) * 1:30429 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_find_port (indicator-shellcode.rules) * 1:3043 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules) * 1:30430 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30431 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload linux_x86_shell_reverse_tcp2 (indicator-shellcode.rules) * 1:30432 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload netware_shell_reverse_tcp (indicator-shellcode.rules) * 1:30433 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload nodejs_shell_bind_tcp (indicator-shellcode.rules) * 1:30434 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_bind_tcp (indicator-shellcode.rules) * 1:30435 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_shell_reverse_tcp (indicator-shellcode.rules) * 1:30436 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_armle_vibrate (indicator-shellcode.rules) * 1:30437 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_bind_tcp (indicator-shellcode.rules) * 1:30438 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_find_tag (indicator-shellcode.rules) * 1:30439 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_ppc_shell_reverse_tcp (indicator-shellcode.rules) * 1:3044 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules) * 1:30440 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_bind_tcp (indicator-shellcode.rules) * 1:30441 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_dupandexecve_reverse_tcp (indicator-shellcode.rules) * 1:30442 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_exec (indicator-shellcode.rules) * 1:30443 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_say (indicator-shellcode.rules) * 1:30444 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_find_tag (indicator-shellcode.rules) * 1:30445 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x64_shell_reverse_tcp (indicator-shellcode.rules) * 1:30446 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_exec (indicator-shellcode.rules) * 1:30447 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_bind_tcp (indicator-shellcode.rules) * 1:30448 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_isight_reverse_tcp (indicator-shellcode.rules) * 1:30449 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_shell_find_port (indicator-shellcode.rules) * 1:3045 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules) * 1:30450 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_bind_tcp (indicator-shellcode.rules) * 1:30451 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload osx_x86_vforkshell_reverse_tcp (indicator-shellcode.rules) * 1:30452 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_bind_perl (indicator-shellcode.rules) * 1:30453 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_download_exec (indicator-shellcode.rules) * 1:30454 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_exec (indicator-shellcode.rules) * 1:30455 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30456 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_meterpreter_reverse_tcp (indicator-shellcode.rules) * 1:30457 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_perl (indicator-shellcode.rules) * 1:30458 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_reverse_php (indicator-shellcode.rules) * 1:30459 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload php_shell_findsock (indicator-shellcode.rules) * 1:3046 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules) * 1:30460 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30461 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload python_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30462 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_bind_tcp (indicator-shellcode.rules) * 1:30463 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp (indicator-shellcode.rules) * 1:30464 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload ruby_shell_reverse_tcp_ssl (indicator-shellcode.rules) * 1:30465 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_bind_tcp (indicator-shellcode.rules) * 1:30466 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_find_port (indicator-shellcode.rules) * 1:30467 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_sparc_shell_reverse_tcp (indicator-shellcode.rules) * 1:30468 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_bind_tcp (indicator-shellcode.rules) * 1:30469 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_find_port (indicator-shellcode.rules) * 1:3047 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules) * 1:30470 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload solaris_x86_shell_reverse_tcp (indicator-shellcode.rules) * 1:30471 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_adduser (indicator-shellcode.rules) * 1:30472 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_messagebox (indicator-shellcode.rules) * 1:30473 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_nonx_tcp (indicator-shellcode.rules) * 1:30474 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_bind_tcp (indicator-shellcode.rules) * 1:30475 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_find_tag (indicator-shellcode.rules) * 1:30476 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_meterpreter_reverse_ord_tcp (indicator-shellcode.rules) * 1:30477 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_shell_bind_tcp_xpfw (indicator-shellcode.rules) * 1:30478 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_speak_pwned (indicator-shellcode.rules) * 1:30479 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_exec (indicator-shellcode.rules) * 1:3048 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules) * 1:30480 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload windows_x64_meterpreter_reverse_https (indicator-shellcode.rules) * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules) * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules) * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules) * 1:30485 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30486 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:30487 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server heap overflow attempt (server-other.rules) * 1:30488 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server channel join heap overflow attempt (server-other.rules) * 1:30489 <-> DISABLED <-> SERVER-OTHER Zilab Chat and Instant Messaging server connection heap overflow attempt (server-other.rules) * 1:3049 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules) * 1:30490 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing with scripting (browser-ie.rules) * 1:30491 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing with scripting (browser-ie.rules) * 1:30492 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30493 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:30495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:30496 <-> DISABLED <-> PUA-ADWARE Win.Adware.Boaxxe suspicious advert traffic related to click fraud (pua-adware.rules) * 1:30497 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer failed large copy clonenode attempt (browser-ie.rules) * 1:30498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer failed large copy clonenode attempt (browser-ie.rules) * 1:30499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer remote code execution attempt (browser-ie.rules) * 1:305 <-> DISABLED <-> SERVER-OTHER delegate proxy overflow (server-other.rules) * 1:3050 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules) * 1:30500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer remote code execution attempt (browser-ie.rules) * 1:30501 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nth-child use after free attempt (browser-ie.rules) * 1:30502 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nth-child use after free attempt (browser-ie.rules) * 1:30503 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30504 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30506 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30508 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 swapNode use after free attempt (browser-ie.rules) * 1:30509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 swapNode use after free attempt (browser-ie.rules) * 1:3051 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules) * 1:30510 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30511 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30512 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30513 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules) * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules) * 1:3052 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules) * 1:30520 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30521 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30522 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30523 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response (server-other.rules) * 1:30524 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30525 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30526 <-> DISABLED <-> SERVER-WEBAPP Joomla komento extension cross site scripting attempt (server-webapp.rules) * 1:30527 <-> DISABLED <-> SERVER-WEBAPP Joomla komento extension cross site scripting attempt (server-webapp.rules) * 1:30528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:3053 <-> DISABLED <-> NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules) * 1:30530 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30531 <-> DISABLED <-> FILE-MULTIMEDIA CoCSoft Stream Down SEH based buffer overflow attempt (file-multimedia.rules) * 1:30532 <-> ENABLED <-> FILE-MULTIMEDIA CoCSoft Stream Download session (file-multimedia.rules) * 1:30533 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:30534 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:30535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30539 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:3054 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt (netbios.rules) * 1:30540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToUrl hidden channel to file creation (file-flash.rules) * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules) * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:30549 <-> ENABLED <-> SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt (server-other.rules) * 1:3055 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt (netbios.rules) * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules) * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules) * 1:3056 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt (netbios.rules) * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules) * 1:30562 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 stack buffer overflow attempt (protocol-scada.rules) * 1:30564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30565 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime long rnet atom size buffer overflow attempt (file-multimedia.rules) * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules) * 1:30567 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30568 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent E-FAX phishing attempt (malware-other.rules) * 1:30569 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent Funeral ceremony phishing attempt (malware-other.rules) * 1:3057 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt (netbios.rules) * 1:30570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:3058 <-> DISABLED <-> PROTOCOL-IMAP copy literal overflow attempt (protocol-imap.rules) * 1:306 <-> DISABLED <-> SERVER-OTHER VQServer admin (server-other.rules) * 1:3061 <-> DISABLED <-> APP-DETECT distccd remote command execution attempt (app-detect.rules) * 1:3062 <-> DISABLED <-> SERVER-WEBAPP NetScreen SA 5000 delhomepage.cgi access (server-webapp.rules) * 1:3063 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection request (malware-backdoor.rules) * 1:3064 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection confirmation (malware-backdoor.rules) * 1:3065 <-> DISABLED <-> PROTOCOL-IMAP append literal overflow attempt (protocol-imap.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:3067 <-> DISABLED <-> PROTOCOL-IMAP examine literal overflow attempt (protocol-imap.rules) * 1:3069 <-> DISABLED <-> PROTOCOL-IMAP fetch literal overflow attempt (protocol-imap.rules) * 1:307 <-> DISABLED <-> SERVER-OTHER CHAT IRC topic overflow (server-other.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3071 <-> DISABLED <-> PROTOCOL-IMAP status literal overflow attempt (protocol-imap.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules) * 1:3075 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe literal overflow attempt (protocol-imap.rules) * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules) * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules) * 1:30754 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:30755 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:30756 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30757 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30758 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:30759 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file attachment detected (file-identify.rules) * 1:3076 <-> DISABLED <-> PROTOCOL-IMAP UNSUBSCRIBE overflow attempt (protocol-imap.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30761 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30762 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30763 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30764 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:30765 <-> DISABLED <-> PUA-TOOLBARS Inbox Public Transport Toolbar outbound connection (pua-toolbars.rules) * 1:30766 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit landing page (exploit-kit.rules) * 1:30767 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Oracle Java payload request (exploit-kit.rules) * 1:30768 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Oracle Java payload request (exploit-kit.rules) * 1:30769 <-> ENABLED <-> SERVER-OTHER Wordpress linenity theme LFI attempt (server-other.rules) * 1:3077 <-> DISABLED <-> PROTOCOL-FTP RNFR overflow attempt (protocol-ftp.rules) * 1:30770 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30771 <-> DISABLED <-> FILE-PDF Foxit Reader CFF CharStrings buffer overflow attempt (file-pdf.rules) * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules) * 1:30774 <-> DISABLED <-> SERVER-WEBAPP Splunk collect file parameter directory traversal attempt (server-webapp.rules) * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules) * 1:30777 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30778 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30779 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:30780 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30781 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30782 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30783 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30784 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30785 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30786 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30787 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30788 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30789 <-> DISABLED <-> SERVER-WEBAPP Acunetix web vulnerability scanner fake URL exploit attempt (server-webapp.rules) * 1:3079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ANI file parsing buffer overflow attempt (browser-ie.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30791 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30793 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30794 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:308 <-> DISABLED <-> SERVER-OTHER NextFTP client overflow (server-other.rules) * 1:3080 <-> DISABLED <-> SERVER-OTHER Unreal Tournament secure overflow attempt (server-other.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules) * 1:30803 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:3081 <-> ENABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connect (malware-backdoor.rules) * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules) * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules) * 1:30816 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30817 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30818 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30819 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:3082 <-> ENABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connect Client Response (malware-backdoor.rules) * 1:30820 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - invalid reference type (protocol-scada.rules) * 1:30821 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large byte count (protocol-scada.rules) * 1:30822 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - large reference value (protocol-scada.rules) * 1:30823 <-> DISABLED <-> PROTOCOL-SCADA Modbus write file record - small byte count (protocol-scada.rules) * 1:3083 <-> DISABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connection confirmation (malware-backdoor.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:30843 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30844 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader cross-site scripting attempt (file-flash.rules) * 1:30845 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30846 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF ActionScript exploit attempt (file-flash.rules) * 1:30847 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement event handler use after free attempt (browser-ie.rules) * 1:30848 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement event handler use after free attempt (browser-ie.rules) * 1:30849 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion attempt (browser-ie.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:30850 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion attempt (browser-ie.rules) * 1:30851 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion attempt (browser-ie.rules) * 1:30852 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page - base64 encoded xml/jnlp statement (exploit-kit.rules) * 1:30853 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain bitseed.xf2.org (app-detect.rules) * 1:30854 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.btcltcftc.com (app-detect.rules) * 1:30855 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.fc.altcointech.net (app-detect.rules) * 1:30856 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.feathercoin.com (app-detect.rules) * 1:30857 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.koin-project.com (app-detect.rules) * 1:30858 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecoinpool.org (app-detect.rules) * 1:30859 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.litecointools.com (app-detect.rules) * 1:3086 <-> DISABLED <-> SERVER-WEBAPP 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt (server-webapp.rules) * 1:30860 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ltc.xurious.com (app-detect.rules) * 1:30861 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.ppc.altcointech.net (app-detect.rules) * 1:30862 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dnsseed.xpm.altcointech.net (app-detect.rules) * 1:30863 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable01.dvcnode.org (app-detect.rules) * 1:30864 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain dvcstable02.dvcnode.org (app-detect.rules) * 1:30865 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.bitcoinstats.com (app-detect.rules) * 1:30866 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dglibrary.org (app-detect.rules) * 1:30867 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogechain.info (app-detect.rules) * 1:30868 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.dogecoin.com (app-detect.rules) * 1:30869 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.mophides.com (app-detect.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:30870 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed.ppcoin.net (app-detect.rules) * 1:30871 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.metiscoininvest.info (app-detect.rules) * 1:30872 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.net.terracoin.org (app-detect.rules) * 1:30873 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed1.qrkcoin.org (app-detect.rules) * 1:30874 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain seed2.net.terracoin.org (app-detect.rules) * 1:30875 <-> DISABLED <-> APP-DETECT DNS request for known bitcoin domain tnseed.ppcoin.net (app-detect.rules) * 1:30876 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:30877 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:30878 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit mp3 requested by Java (exploit-kit.rules) * 1:3088 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp cda file name overflow attempt (file-multimedia.rules) * 1:30880 <-> ENABLED <-> OS-MOBILE Android Andr.Trojan.Waller information disclosure attempt (os-mobile.rules) * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:3089 <-> DISABLED <-> SERVER-OTHER squid WCCP I_SEE_YOU message overflow attempt (server-other.rules) * 1:30892 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:30893 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:30894 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:30895 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules) * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules) * 1:30898 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer underflow (file-other.rules) * 1:309 <-> DISABLED <-> SERVER-MAIL sniffit overflow (server-mail.rules) * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules) * 1:30904 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30905 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30906 <-> ENABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30907 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30908 <-> DISABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30909 <-> ENABLED <-> FILE-OTHER RARLAB WinRAR ZIP format filename spoof attempt (file-other.rules) * 1:30910 <-> DISABLED <-> SERVER-WEBAPP Drupal VideoWhisper Webcam plugin XSS attempt (server-webapp.rules) * 1:30911 <-> DISABLED <-> SERVER-WEBAPP Drupal VideoWhisper Webcam plugin XSS attempt (server-webapp.rules) * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules) * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules) * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules) * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules) * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:30920 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit redirection gate (exploit-kit.rules) * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules) * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules) * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules) * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules) * 1:30927 <-> DISABLED <-> PUA-ADWARE Win.Adware.Linkular variant outbound connection (pua-adware.rules) * 1:30928 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver dir content listing attempt (server-other.rules) * 1:30930 <-> DISABLED <-> PUA-ADWARE Win.Adware.FakeAV variant outbound connection (pua-adware.rules) * 1:30934 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit encrypted binary download (exploit-kit.rules) * 1:30935 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit landing page - specific structure (exploit-kit.rules) * 1:30936 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity/Rig exploit kit outbound uri structure (exploit-kit.rules) * 1:30937 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound PDF request (exploit-kit.rules) * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules) * 1:30939 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30940 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows NtUserMessageCall implementation exploitation attempt (file-executable.rules) * 1:30941 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:30944 <-> DISABLED <-> SERVER-APACHE Apache Struts CookieInterceptor classloader access attempt (server-apache.rules) * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules) * 1:30948 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Hikit outbound banner response (malware-backdoor.rules) * 1:30950 <-> DISABLED <-> SERVER-MAIL BitDefender Antivirus logging function format string remote code execution attempt (server-mail.rules) * 1:30951 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint ThemeOverride XSS Attempt (server-webapp.rules) * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:30956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object memory corruption attempt (browser-ie.rules) * 1:30957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object memory corruption attempt (browser-ie.rules) * 1:30958 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules) * 1:30959 <-> DISABLED <-> BROWSER-OTHER suspicious srcElement child element removal - possible use after free attempt (browser-other.rules) * 1:30960 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound jnlp request (exploit-kit.rules) * 1:30961 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:30962 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:30963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:30964 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:30965 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30966 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Microsoft Internet Explorer exploit (exploit-kit.rules) * 1:30967 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30968 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to font exploit (exploit-kit.rules) * 1:30969 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Internet Explorer landing page (exploit-kit.rules) * 1:30970 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Adobe Flash landing page (exploit-kit.rules) * 1:30971 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Oracle Java landing page (exploit-kit.rules) * 1:30972 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound request for Microsoft Silverlight landing page (exploit-kit.rules) * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules) * 1:30975 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Oracle Java exploit (exploit-kit.rules) * 1:30976 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit landing page - redirection to Adobe Flash exploit (exploit-kit.rules) * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules) * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules) * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules) * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules) * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules) * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules) * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules) * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules) * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules) * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules) * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:30992 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30993 <-> DISABLED <-> FILE-OTHER invalid ELF padding field value attempt (file-other.rules) * 1:30994 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:30995 <-> DISABLED <-> INDICATOR-COMPROMISE possible TAR file oversize length field (indicator-compromise.rules) * 1:30996 <-> ENABLED <-> SERVER-OTHER CMSimple remote file inclusion attempt (server-other.rules) * 1:30997 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .doc.exe within .zip file (indicator-compromise.rules) * 1:30998 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .gif.exe within .zip file (indicator-compromise.rules) * 1:30999 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpeg.exe within .zip file (indicator-compromise.rules) * 1:310 <-> DISABLED <-> SERVER-MAIL x86 windows MailMax overflow (server-mail.rules) * 1:31000 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .jpg.exe within .zip file (indicator-compromise.rules) * 1:31001 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - .pdf.exe within .zip file (indicator-compromise.rules) * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules) * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules) * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules) * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules) * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules) * 1:31008 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules) * 1:31011 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31012 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DCT encoded stream null pointer dereference attempt (file-pdf.rules) * 1:31013 <-> DISABLED <-> SERVER-OTHER UNIX platform forwardslash directory traversal (server-other.rules) * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31017 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31018 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adobe Reader Extension race condition attempt (browser-plugins.rules) * 1:31019 <-> DISABLED <-> PUA-ADWARE Win.Adware.OptimumInstaller variant outbound connection (pua-adware.rules) * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31031 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31032 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter buffer overflow attempt (file-office.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:31037 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKESimmgr.exe buffer overflow attempt (protocol-scada.rules) * 1:31038 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31039 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31040 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31041 <-> ENABLED <-> FILE-IMAGE XnView PCT file processing buffer overflow attempt (file-image.rules) * 1:31042 <-> DISABLED <-> PUA-ADWARE Win.Adware.Outbrowse installation attempt (pua-adware.rules) * 1:31043 <-> DISABLED <-> BROWSER-PLUGINS Apple Quicktime ActiveX Control use after free (browser-plugins.rules) * 1:31044 <-> DISABLED <-> BROWSER-PLUGINS Apple Quicktime ActiveX Control use after free (browser-plugins.rules) * 1:31045 <-> DISABLED <-> SERVER-OTHER Oracle Demantra arbitrary file retrieval with authentication bypass attempt (server-other.rules) * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31048 <-> DISABLED <-> PUA-ADWARE Win.Adware.PCSpeedUp variant outbound connection (pua-adware.rules) * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules) * 1:31052 <-> DISABLED <-> PUA-ADWARE Win.Adware.Kdupd variant outbound connection (pua-adware.rules) * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules) * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules) * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules) * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules) * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules) * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules) * 1:31067 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess ChartThemeConfig SQL injection attempt (server-webapp.rules) * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP iControl API hostname command injection attempt (server-other.rules) * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules) * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules) * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules) * 1:31074 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - download-toolbar.avg.com (pua-toolbars.rules) * 1:31075 <-> DISABLED <-> PUA-TOOLBARS AVG anti-virus toolbar download attempt - mmi.explabs.net (pua-toolbars.rules) * 1:31076 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar download attempt - stat.info-stream.net (pua-toolbars.rules) * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules) * 1:31082 <-> DISABLED <-> SERVER-OTHER Vino VNC multiple client authentication denial of service attempt (server-other.rules) * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules) * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:31085 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31086 <-> DISABLED <-> FILE-OTHER Autodesk AutoCAD insecure acad.fas file load attempt (file-other.rules) * 1:31087 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31088 <-> DISABLED <-> FILE-OTHER Sophos RAR virtual machine filters memory corruption attempt (file-other.rules) * 1:31089 <-> ENABLED <-> PUA-ADWARE Win.Adware.CloseApp variant outbound connection (pua-adware.rules) * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules) * 1:31091 <-> ENABLED <-> PUA-ADWARE Win.Adware.Inbox/PCFixSpeed/RebateInformer variant outbound connection (pua-adware.rules) * 1:31094 <-> ENABLED <-> SERVER-WEBAPP Web Terria remote command execution attempt (server-webapp.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules) * 1:311 <-> DISABLED <-> BROWSER-OTHER Netscape 4.7 unsucessful overflow (browser-other.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules) * 1:31101 <-> DISABLED <-> SERVER-OTHER Sharetronix cross site request forgery attempt (server-other.rules) * 1:31102 <-> DISABLED <-> SERVER-OTHER TrendMicro InterScan Viruswall directory traversal attempt (server-other.rules) * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules) * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules) * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules) * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules) * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules) * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules) * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules) * 1:31125 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31126 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31127 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules) * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules) * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules) * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules) * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules) * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules) * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules) * 1:31143 <-> DISABLED <-> SERVER-WEBAPP CA ERwin Web Portal ConfigServiceProvider directory traversal attempt (server-webapp.rules) * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules) * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules) * 1:31146 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules) * 1:31157 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31158 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31159 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31160 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31161 <-> ENABLED <-> SERVER-OTHER AuraCMS LFI attempt (server-other.rules) * 1:31162 <-> DISABLED <-> SERVER-OTHER Beetel 450TC2 CSRF attempt (server-other.rules) * 1:31166 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31167 <-> DISABLED <-> PUA-ADWARE InstallRex bundled installer outbound activity (pua-adware.rules) * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules) * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules) * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules) * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules) * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31180 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:31184 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31185 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ZBerp variant download attempt (malware-other.rules) * 1:31188 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer isIndex attribute overflow attempt (browser-ie.rules) * 1:31189 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer isIndex attribute overflow attempt (browser-ie.rules) * 1:31190 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer RemoveSplice use-after-free attempt (browser-ie.rules) * 1:31191 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer RemoveSplice use-after-free attempt (browser-ie.rules) * 1:31192 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 use after free attempt (browser-ie.rules) * 1:31193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 use after free attempt (browser-ie.rules) * 1:31194 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpagehide use after free attempt (browser-ie.rules) * 1:31195 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager directory traversal attempt (server-webapp.rules) * 1:31196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode onmousemove use-after-free attempt (browser-ie.rules) * 1:31197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode onmousemove use-after-free attempt (browser-ie.rules) * 1:31198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules) * 1:31202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CRangeSaver use after free attempt (browser-ie.rules) * 1:31203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CRangeSaver use after free attempt (browser-ie.rules) * 1:31204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free attempt (browser-ie.rules) * 1:31205 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free attempt (browser-ie.rules) * 1:31206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt (browser-ie.rules) * 1:31207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt (browser-ie.rules) * 1:31208 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDispNode use after free attempt (browser-ie.rules) * 1:31209 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDispNode use after free attempt (browser-ie.rules) * 1:31210 <-> ENABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller close_window.cgi buffer overflow attempt (server-webapp.rules) * 1:31211 <-> ENABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller close_window.cgi buffer overflow attempt (server-webapp.rules) * 1:31212 <-> DISABLED <-> INDICATOR-COMPROMISE http GET request smuggling attempt (indicator-compromise.rules) * 1:31213 <-> DISABLED <-> INDICATOR-COMPROMISE http POST request smuggling attempt (indicator-compromise.rules) * 1:31214 <-> ENABLED <-> INDICATOR-COMPROMISE connection to zeus malware sinkhole (indicator-compromise.rules) * 1:31215 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31216 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31217 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Server meeting URL XSS attempt (os-windows.rules) * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:31219 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer WindowedMarkupContext use after free attempt (browser-ie.rules) * 1:31220 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer WindowedMarkupContext use after free attempt (browser-ie.rules) * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules) * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules) * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules) * 1:31229 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:31230 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31231 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound connection (exploit-kit.rules) * 1:31232 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit outbound jar request (exploit-kit.rules) * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules) * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules) * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules) * 1:31237 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound swf request (exploit-kit.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules) * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules) * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules) * 1:31243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules) * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules) * 1:31245 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31246 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules) * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules) * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules) * 1:31259 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller url_redirect.cgi directory traversal attempt (server-webapp.rules) * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules) * 1:31261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi outbound connection (malware-cnc.rules) * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules) * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules) * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules) * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules) * 1:31274 <-> DISABLED <-> EXPLOIT-KIT CottonCastle exploit kit encrypted binary download (exploit-kit.rules) * 1:31275 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit landing page (exploit-kit.rules) * 1:31276 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Adobe flash outbound connection (exploit-kit.rules) * 1:31277 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Oracle Java outbound connection (exploit-kit.rules) * 1:31278 <-> ENABLED <-> EXPLOIT-KIT CottonCastle exploit kit Oracle java outbound connection (exploit-kit.rules) * 1:31279 <-> DISABLED <-> EXPLOIT-KIT CottonCastle exploit kit decryption page outbound request (exploit-kit.rules) * 1:31281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player redirect attempt (file-flash.rules) * 1:31283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules) * 1:31289 <-> ENABLED <-> SERVER-WEBAPP /etc/passwd file access attempt (server-webapp.rules) * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules) * 1:31291 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31292 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DynamicAnnotStore exploit attempt (file-pdf.rules) * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:31296 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:31297 <-> DISABLED <-> SERVER-WEBAPP VMWare vSphere API SOAP request RetrieveProperties remote denial of service attempt (server-webapp.rules) * 1:31298 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:31299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs or Win.Trojan.Locky variant outbound detection (malware-cnc.rules) * 1:313 <-> DISABLED <-> OS-LINUX ntalkd x86 Linux overflow (os-linux.rules) * 1:3130 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger png overflow (pua-other.rules) * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules) * 1:31301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:31302 <-> DISABLED <-> APP-DETECT Oracle Java debug wire protocol remote debugging attempt (app-detect.rules) * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules) * 1:31304 <-> DISABLED <-> SERVER-WEBAPP PocketPAD brute-force login attempt (server-webapp.rules) * 1:31305 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center fileRequestor directory traversal attempt (server-webapp.rules) * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules) * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules) * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:3131 <-> DISABLED <-> SERVER-WEBAPP mailman directory traversal attempt (server-webapp.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules) * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules) * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules) * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules) * 1:3132 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (file-image.rules) * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31325 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:3133 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products PNG large image height download attempt (file-image.rules) * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules) * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules) * 1:3134 <-> DISABLED <-> FILE-IMAGE Microsoft PNG large colour depth download attempt (file-image.rules) * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules) * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules) * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules) * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules) * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules) * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules) * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules) * 1:31347 <-> DISABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31349 <-> DISABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:3135 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules) * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules) * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules) * 1:3136 <-> ENABLED <-> NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP PHP include parameter remote file include attempt (server-webapp.rules) * 1:31362 <-> DISABLED <-> SERVER-WEBAPP MiniBB PHP arbitrary remote code execution attempt (server-webapp.rules) * 1:31363 <-> DISABLED <-> SERVER-WEBAPP MF Piadas admin.php page parameter PHP remote file include attempt (server-webapp.rules) * 1:31364 <-> DISABLED <-> SERVER-WEBAPP FlashGameScript index.php func parameter PHP remote file include attempt (server-webapp.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31366 <-> DISABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31367 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:31369 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound Microsoft Silverlight request (exploit-kit.rules) * 1:3137 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt (netbios.rules) * 1:31370 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirection page (exploit-kit.rules) * 1:31371 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31374 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:31377 <-> DISABLED <-> SERVER-WEBAPP PHP includedir parameter remote file include attempt (server-webapp.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:3138 <-> ENABLED <-> NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt (netbios.rules) * 1:31380 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 onpropertychange remote code execution attempt (browser-ie.rules) * 1:31381 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 onpropertychange remote code execution attempt (browser-ie.rules) * 1:31382 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized object use after free attempt (browser-ie.rules) * 1:31383 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized object use after free attempt (browser-ie.rules) * 1:31384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31386 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CLayout object user after free attempt (browser-ie.rules) * 1:31387 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CLayout object user after free attempt (browser-ie.rules) * 1:31388 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer improper object cast memory corruption attempt (browser-ie.rules) * 1:31389 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer improper object cast memory corruption attempt (browser-ie.rules) * 1:3139 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:31390 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer BSTR use after free attempt (browser-ie.rules) * 1:31391 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer BSTR use after free attempt (browser-ie.rules) * 1:31392 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31393 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31394 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31395 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31396 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31397 <-> DISABLED <-> FILE-FLASH Adobe JSONP callback API vulnerability exploitation attempt (file-flash.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:314 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow named tsig overflow attempt (server-other.rules) * 1:3140 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31402 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Unexpected method call remote code execution attempt (browser-ie.rules) * 1:31403 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules) * 1:31404 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer celement use after free (browser-ie.rules) * 1:31405 <-> DISABLED <-> SERVER-APACHE Apache Chunked-Encoding worm attempt (server-apache.rules) * 1:31406 <-> DISABLED <-> SERVER-OTHER Samsung TV denial of service attempt (server-other.rules) * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:3141 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt (netbios.rules) * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules) * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules) * 1:31419 <-> DISABLED <-> SERVER-WEBAPP PHPMyAdmin file inclusion arbitrary command execution attempt (server-webapp.rules) * 1:3142 <-> ENABLED <-> NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt (netbios.rules) * 1:31420 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31421 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:31422 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Cactus (malware-cnc.rules) * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules) * 1:31425 <-> DISABLED <-> SERVER-WEBAPP PHP Simple Shop abs_path parameter PHP remote file include attempt (server-webapp.rules) * 1:31426 <-> DISABLED <-> SERVER-WEBAPP Jevontech PHPenpals PersonalID SQL injection attempt (server-webapp.rules) * 1:31427 <-> DISABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:31429 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint server callback function cross-site scripting attempt (server-webapp.rules) * 1:3143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules) * 1:31433 <-> DISABLED <-> MALWARE-CNC MSIL Worm command and control connection (malware-cnc.rules) * 1:31434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:31435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31436 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB record memory corruption attempt (file-office.rules) * 1:31437 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:31439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:3144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules) * 1:31440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31441 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules) * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:31443 <-> DISABLED <-> SERVER-WEBAPP ActiveState ActivePerl perlIIS.dll server URI buffer overflow attempt (server-webapp.rules) * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules) * 1:3145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules) * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules) * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules) * 1:31454 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules) * 1:31455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Outbound DGA Request (exploit-kit.rules) * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules) * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules) * 1:3146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules) * 1:31460 <-> DISABLED <-> SERVER-WEBAPP PHP DNS parsing heap overflow attempt (server-webapp.rules) * 1:31461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:31462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules) * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules) * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:31469 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:3147 <-> ENABLED <-> PROTOCOL-TELNET login buffer overflow attempt (protocol-telnet.rules) * 1:31470 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:31471 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:31473 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31474 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31475 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:31477 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31478 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31479 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:3148 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help hhctrl.ocx clsid access attempt (os-windows.rules) * 1:31480 <-> DISABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31481 <-> ENABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31482 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31483 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31484 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt (server-other.rules) * 1:31485 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onbeforeeditfocus element attribute use after free attempt (browser-ie.rules) * 1:31486 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onbeforeeditfocus element attribute use after free attempt (browser-ie.rules) * 1:31487 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31488 <-> ENABLED <-> MALWARE-OTHER Game Over Zeus executable download detected (malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:3149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed object type overflow attempt (browser-ie.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31497 <-> DISABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31498 <-> DISABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31499 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules) * 1:315 <-> DISABLED <-> OS-LINUX x86 Linux mountd overflow (os-linux.rules) * 1:3150 <-> DISABLED <-> SERVER-IIS SQLXML content type overflow (server-iis.rules) * 1:31500 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell upload attempt (indicator-compromise.rules) * 1:31501 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules) * 1:31502 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell command and control attempt (indicator-compromise.rules) * 1:31503 <-> ENABLED <-> INDICATOR-COMPROMISE Liz0ziM php shell download attempt (indicator-compromise.rules) * 1:31504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:31505 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_license command injection attempt (server-webapp.rules) * 1:31506 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_log_line command injection attempt (server-webapp.rules) * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules) * 1:3151 <-> DISABLED <-> PROTOCOL-FINGER / execution attempt (protocol-finger.rules) * 1:31510 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Injector outbound traffic (malware-other.rules) * 1:31511 <-> DISABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31513 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:31519 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:3152 <-> DISABLED <-> SQL sa brute force failed login attempt (sql.rules) * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31521 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31525 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31526 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules) * 1:3153 <-> DISABLED <-> PROTOCOL-DNS TCP inverse query overflow (protocol-dns.rules) * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31531 <-> ENABLED <-> INDICATOR-COMPROMISE MinerDeploy monitor request attempt (indicator-compromise.rules) * 1:31532 <-> DISABLED <-> APP-DETECT Xolominer outbound connection attempt (app-detect.rules) * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31538 <-> DISABLED <-> BROWSER-PLUGINS UltraCrypto ActiveX clsid access attempt (browser-plugins.rules) * 1:31539 <-> DISABLED <-> BROWSER-PLUGINS UltraCrypto ActiveX clsid access attempt (browser-plugins.rules) * 1:3154 <-> DISABLED <-> PROTOCOL-DNS UDP inverse query overflow (protocol-dns.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31542 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products info.cgi request buffer overflow attempt (server-webapp.rules) * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules) * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules) * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules) * 1:31546 <-> DISABLED <-> SERVER-WEBAPP Ultimate PHP Board admin_iplog remote code execution attempt (server-webapp.rules) * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules) * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules) * 1:31549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:3155 <-> DISABLED <-> MALWARE-BACKDOOR BackOrifice 2000 Inbound Traffic (malware-backdoor.rules) * 1:31550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player feed scheme security sandbox bypass attempt (file-flash.rules) * 1:31554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pcast scheme security sandbox bypass attempt (file-flash.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules) * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules) * 1:31558 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31559 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Andromeda variant outbound connection (malware-backdoor.rules) * 1:31560 <-> DISABLED <-> SERVER-WEBAPP Wordpress MailPoet plugin theme file upload attempt (server-webapp.rules) * 1:31561 <-> DISABLED <-> SERVER-WEBAPP Wordpress MailPoet plugin successful theme file upload detected (server-webapp.rules) * 1:31562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:31563 <-> DISABLED <-> MALWARE-CNC Backdoor Elirks.A command and control traffic (malware-cnc.rules) * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules) * 1:31565 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedatingCMS2.php remote file include attempt (server-webapp.rules) * 1:31566 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedatingCMS.php remote file include attempt (server-webapp.rules) * 1:31567 <-> DISABLED <-> SERVER-WEBAPP Gitlist remote command injection attempt (server-webapp.rules) * 1:31568 <-> DISABLED <-> SERVER-WEBAPP Invsionix Roaming System remote file include attempt (server-webapp.rules) * 1:31569 <-> DISABLED <-> SERVER-WEBAPP Tiki Wiki 8.3 unserialize PHP remote code execution attempt (server-webapp.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules) * 1:31571 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31572 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31573 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31574 <-> DISABLED <-> FILE-IMAGE GIMP XWD BlueMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31575 <-> DISABLED <-> FILE-IMAGE GIMP XWD GreenMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31576 <-> DISABLED <-> FILE-IMAGE GIMP XWD RedMask file-handling stack buffer overflow attempt (file-image.rules) * 1:31577 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31578 <-> DISABLED <-> PROTOCOL-SNMP HP Huawei password disclosure attempt (protocol-snmp.rules) * 1:31579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:3158 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (os-windows.rules) * 1:31580 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules) * 1:31581 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules) * 1:31582 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules) * 1:31583 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules) * 1:31584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt (browser-ie.rules) * 1:31585 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt (browser-ie.rules) * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:31587 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:31588 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products hedwig.cgi cookie buffer overflow attempt (server-webapp.rules) * 1:31589 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:3159 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (os-windows.rules) * 1:31590 <-> DISABLED <-> PROTOCOL-SERVICES Linux iscsi_add_notunderstood_response request buffer overflow attempt (protocol-services.rules) * 1:31591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules) * 1:31594 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31595 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31596 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31597 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:31598 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:31599 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:316 <-> DISABLED <-> OS-LINUX x86 Linux mountd overflow (os-linux.rules) * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules) * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules) * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules) * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules) * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules) * 1:31608 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31609 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31610 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31611 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31612 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31614 <-> DISABLED <-> POLICY-OTHER Adobe Flash Player possible cross-domain bypass attempt (policy-other.rules) * 1:31617 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meter element use-after-free attempt (browser-ie.rules) * 1:31618 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meter element use-after-free attempt (browser-ie.rules) * 1:31619 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer kbd element use-after-free attempt (browser-ie.rules) * 1:31620 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer kbd element use-after-free attempt (browser-ie.rules) * 1:31621 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:31622 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:31623 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EventListener use after free attempt (browser-ie.rules) * 1:31624 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EventListener use after free attempt (browser-ie.rules) * 1:31625 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Use after free attempt (browser-ie.rules) * 1:31626 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Use after free attempt (browser-ie.rules) * 1:31627 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules) * 1:31628 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules) * 1:31629 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup insertMarquee use after free attempt (browser-ie.rules) * 1:31630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup insertMarquee use after free attempt (browser-ie.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:31634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:31635 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:31636 <-> DISABLED <-> SERVER-WEBAPP Parallels Plesk Panel HTTP_AUTH_LOGIN SQL injection attempt (server-webapp.rules) * 1:31637 <-> DISABLED <-> SERVER-WEBAPP Ad Fundum Integrateable News Script remote include path attempt (server-webapp.rules) * 1:31638 <-> DISABLED <-> SERVER-WEBAPP Voodoo Chat index.php remote include path attempt (server-webapp.rules) * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules) * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules) * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules) * 1:31645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 5 XML page object type validation (browser-ie.rules) * 1:31646 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 5 XML page object type validation (browser-ie.rules) * 1:31647 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox webcm command injection attempt (server-webapp.rules) * 1:31648 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox webcm command injection attempt (server-webapp.rules) * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:31650 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail file execution attempt (server-mail.rules) * 1:31651 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager vmtadmin.cgi command injection attempt (server-webapp.rules) * 1:31652 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager vmtadmin.cgi command injection attempt (server-webapp.rules) * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31670 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31671 <-> DISABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules) * 1:31673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URL handling remote code execution attempt (file-flash.rules) * 1:31674 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31675 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31676 <-> ENABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31677 <-> DISABLED <-> FILE-FLASH Adobe Flash Broker write to junction exploit attempt (file-flash.rules) * 1:31678 <-> DISABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31679 <-> ENABLED <-> FILE-FLASH Adobe Flash valueOf memory leak attempt (file-flash.rules) * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules) * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules) * 1:31682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules) * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules) * 1:31684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules) * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules) * 1:31694 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31696 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31697 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31698 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:317 <-> DISABLED <-> OS-LINUX x86 Linux mountd overflow (os-linux.rules) * 1:31700 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit landing page detection (exploit-kit.rules) * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules) * 1:31707 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules) * 1:31711 <-> DISABLED <-> INDICATOR-COMPROMISE Keylog string over FTP detected (indicator-compromise.rules) * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Otupsys variant outbound connection (malware-cnc.rules) * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules) * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules) * 1:31719 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (file-image.rules) * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules) * 1:31723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31725 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31726 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31727 <-> DISABLED <-> SERVER-OTHER Cistron-LG configuration file access attempt (server-other.rules) * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules) * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules) * 1:31730 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (server-webapp.rules) * 1:31731 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (server-webapp.rules) * 1:31732 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31734 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detection (exploit-kit.rules) * 1:31735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:31736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:31739 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31741 <-> ENABLED <-> SERVER-OTHER Multi-Router Looking Glass remote command injection attempt (server-other.rules) * 1:31742 <-> DISABLED <-> SERVER-WEBAPP Wing FTP Server admin interface remote code execution attempt (server-webapp.rules) * 1:31743 <-> DISABLED <-> SERVER-WEBAPP Wordpress WPTouch file upload remote code execution attempt (server-webapp.rules) * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules) * 1:31745 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM install module command injection attempt (server-webapp.rules) * 1:31746 <-> ENABLED <-> MALWARE-BACKDOOR Backdoor.Perl.Shellbot outbound communication attempt (malware-backdoor.rules) * 1:31747 <-> DISABLED <-> SERVER-WEBAPP Gitlab ssh key upload command injection attempt (server-webapp.rules) * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules) * 1:31749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31750 <-> DISABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook mailto injection attempt (file-office.rules) * 1:31752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook mailto injection attempt (file-office.rules) * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules) * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules) * 1:31756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:31757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 11 Spreadsheet ActiveX function call access (browser-plugins.rules) * 1:31758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX function call access (browser-plugins.rules) * 1:31759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:31760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31761 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31762 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31766 <-> DISABLED <-> SERVER-OTHER Cougar-LG addr parameter XSS attempt (server-other.rules) * 1:31767 <-> DISABLED <-> SERVER-OTHER MRLG fastping echo reply memory corruption attempt (server-other.rules) * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules) * 1:31769 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound connection on non-standard port (exploit-kit.rules) * 1:31770 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jquery_datepicker domain decode attempt (exploit-kit.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31777 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:31778 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:31779 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:31780 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:31782 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor instance use after free attempt (browser-ie.rules) * 1:31783 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor instance use after free attempt (browser-ie.rules) * 1:31784 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 C1DLayout ruby element use-after-free attempt (browser-ie.rules) * 1:31785 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 C1DLayout ruby element use-after-free attempt (browser-ie.rules) * 1:31786 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style-image-url use after free attempt (browser-ie.rules) * 1:31787 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style-image-url use after free attempt (browser-ie.rules) * 1:31788 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer justifying text with an incorrect type use after free attempt (browser-ie.rules) * 1:31789 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer justifying text with an incorrect type use after free attempt (browser-ie.rules) * 1:31790 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules) * 1:31791 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules) * 1:31792 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use-after-free attempt (browser-ie.rules) * 1:31793 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use-after-free attempt (browser-ie.rules) * 1:31794 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer access violation attempt (browser-ie.rules) * 1:31795 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer access violation attempt (browser-ie.rules) * 1:31796 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CTreeNode use after free (browser-ie.rules) * 1:31797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CTreeNode use after free (browser-ie.rules) * 1:31798 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization storedNtxFile directory traversal attempt (server-webapp.rules) * 1:31799 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell Use After Free exploit attempt (browser-ie.rules) * 1:31800 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell Use After Free exploit attempt (browser-ie.rules) * 1:31801 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 InsertInputSubmit use after free attempt (browser-ie.rules) * 1:31802 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 InsertInputSubmit use after free attempt (browser-ie.rules) * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules) * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules) * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules) * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules) * 1:31809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer integer overflow exploit attempt (browser-ie.rules) * 1:31810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer integer overflow exploit attempt (browser-ie.rules) * 1:31811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlLayout use after free attempt (browser-ie.rules) * 1:31812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlLayout use after free attempt (browser-ie.rules) * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules) * 1:31814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkcomet outbound keepalive signal sent (malware-cnc.rules) * 1:31817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Graftor variant retrieval of a DLL hosted as a JPG (malware-other.rules) * 1:31818 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral statusUpdate servlet directory traversal attempt (server-webapp.rules) * 1:31819 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization toServerObject directory traversal attempt (server-webapp.rules) * 1:31820 <-> DISABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules) * 1:31821 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31822 <-> DISABLED <-> FILE-OTHER Mozilla products clipPath element stroke-width buffer overflow attempt (file-other.rules) * 1:31823 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM remote_task command injection attempt (server-webapp.rules) * 1:31824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:31826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant HTTP Response (malware-cnc.rules) * 1:31827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules) * 1:31828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jabberbot variant outbound connection (malware-cnc.rules) * 1:31830 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31831 <-> ENABLED <-> POLICY-OTHER QLogic Switch 5600/5800 default ftp login attempt (policy-other.rules) * 1:31832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules) * 1:31833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules) * 1:31834 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Delorado variant outbound connection (malware-cnc.rules) * 1:31835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules) * 1:31836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules) * 1:31837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules) * 1:31838 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules) * 1:31839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31840 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:31844 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:31845 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:31847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31848 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31850 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RegExp compilation heap overflow attempt (file-flash.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:31857 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31858 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit enumeration code detected (exploit-kit.rules) * 1:31859 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:31860 <-> DISABLED <-> SERVER-OTHER Apple CUPS web interface cross site scripting attempt (server-other.rules) * 1:31861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt image memory leak (file-flash.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31873 <-> DISABLED <-> SERVER-WEBAPP Railo thumbnail.cfm remote file include attempt (server-webapp.rules) * 1:31874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Active Directory kerberos encryption type downgrade attempt (os-windows.rules) * 1:31875 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31876 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules) * 1:31885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte variant outbound connection (malware-cnc.rules) * 1:31886 <-> DISABLED <-> SERVER-WEBAPP WebEdition captchaMemory.class PHP code injection attempt (server-webapp.rules) * 1:31887 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer URL domain spoof attempt (browser-ie.rules) * 1:31888 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer URL domain spoof attempt (browser-ie.rules) * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (server-webapp.rules) * 1:31895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules) * 1:31896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magnetor vairant outbound connection (malware-cnc.rules) * 1:31897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:31898 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:31899 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash encoded shellcode detected (exploit-kit.rules) * 1:31900 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Internet Explorer encoded shellcode detected (exploit-kit.rules) * 1:31901 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Oracle Java encoded shellcode detected (exploit-kit.rules) * 1:31902 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31903 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit flash file download (exploit-kit.rules) * 1:31904 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:31905 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope DownloadFilesHandler directory traversal attempt (server-webapp.rules) * 1:31906 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope UploadFilesHandler directory traversal attempt (server-webapp.rules) * 1:31907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules) * 1:31909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules) * 1:31911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules) * 1:31912 <-> DISABLED <-> SERVER-WEBAPP cPanel 9.01 multiple URI parameters cross site scripting attempt (server-webapp.rules) * 1:31913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maozhi variant outbound connection (malware-cnc.rules) * 1:31914 <-> DISABLED <-> SERVER-WEBAPP Microsoft ASP.NET null byte injection attempt (server-webapp.rules) * 1:31915 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Ziyazo variant outbound connection (malware-cnc.rules) * 1:31916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:3192 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player directory traversal via Content-Disposition attempt (os-windows.rules) * 1:31923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant HTTP response attempt (malware-cnc.rules) * 1:31924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:31925 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules) * 1:31926 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:31927 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:31928 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules) * 1:31929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:3193 <-> DISABLED <-> SERVER-IIS .cmd executable file parsing attack (server-iis.rules) * 1:31930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31939 <-> DISABLED <-> SERVER-WEBAPP password sent via POST parameter (server-webapp.rules) * 1:3194 <-> DISABLED <-> SERVER-IIS .bat executable file parsing attack (server-iis.rules) * 1:31940 <-> DISABLED <-> SERVER-WEBAPP password sent via URL parameter (server-webapp.rules) * 1:31941 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31943 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope EmailServlet directory traversal attempt (server-webapp.rules) * 1:31944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules) * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules) * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:31947 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - HttpCall - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31948 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyProgramm - Win.Trojan.Rukypee (malware-cnc.rules) * 1:31949 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Skypee - Win.Trojan.Rukypee (malware-cnc.rules) * 1:3195 <-> DISABLED <-> OS-WINDOWS name query overflow attempt TCP (os-windows.rules) * 1:31954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules) * 1:23060 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:2307 <-> DISABLED <-> SERVER-WEBAPP PayPal Storefront remote file include attempt (server-webapp.rules) * 1:23085 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - join (indicator-obfuscation.rules) * 1:23086 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - push (indicator-obfuscation.rules) * 1:23087 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - xval (indicator-obfuscation.rules) * 1:23088 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript string - qweqwe (indicator-obfuscation.rules) * 1:23089 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript strings - obfuscation pattern (indicator-obfuscation.rules) * 1:23090 <-> DISABLED <-> SERVER-OTHER known malicious SSL certificate derived from Microsoft CA detected (server-other.rules) * 1:23091 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23093 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:23097 <-> DISABLED <-> SERVER-OTHER IBM solidDB SELECT statement denial of service attempt (server-other.rules) * 1:23098 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:23099 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceHex denial of service attempt (server-other.rules) * 1:231 <-> DISABLED <-> MALWARE-OTHER Trin00 Daemon to Master message detected (malware-other.rules) * 1:23100 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23101 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:23105 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules) * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules) * 1:23107 <-> DISABLED <-> INDICATOR-COMPROMISE BeEF javascript hook.js download attempt (indicator-compromise.rules) * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (file-image.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23112 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher denial of service attempt (server-other.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:23115 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB client authentication bypass attempt (server-mysql.rules) * 1:23116 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:23117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 DOM element use after free attempt (browser-ie.rules) * 1:23118 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer console object use after free attempt (browser-ie.rules) * 1:23121 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:23122 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:23123 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:23124 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:23125 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:23126 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer insertAdjacentText memory corruption attempt (browser-ie.rules) * 1:23127 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET xbap STGMEDIUM.unionmember arbitrary number overwrite attempt (file-executable.rules) * 1:23128 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 memory disclosure attempt (browser-ie.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23136 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules) * 1:23137 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules) * 1:23140 <-> DISABLED <-> FILE-PDF Unknown Malicious PDF - CreationDate (file-pdf.rules) * 1:23141 <-> ENABLED <-> EXPLOIT-KIT Fake transaction redirect page to exploit kit (exploit-kit.rules) * 1:23142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23143 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23146 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23147 <-> ENABLED <-> EXPLOIT-KIT Suspicious taskkill script - StrReverse (exploit-kit.rules) * 1:23148 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Shell (exploit-kit.rules) * 1:23149 <-> ENABLED <-> EXPLOIT-KIT Suspicious StrReverse - Scripting.FileSystemObject (exploit-kit.rules) * 1:23150 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed graphic record code execution attempt (file-office.rules) * 1:23151 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel zero-width worksheet code execution attempt (file-office.rules) * 1:23152 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23153 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23154 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23155 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules) * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:23161 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - eval (indicator-obfuscation.rules) * 1:23162 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online request for ncrypt.dll over SMB attempt (os-windows.rules) * 1:23163 <-> DISABLED <-> OS-WINDOWS Microsoft Lync Online request for wlanapi.dll over SMB attempt (os-windows.rules) * 1:23164 <-> DISABLED <-> SERVER-OTHER Microsoft Lync Online ncrypt.dll dll-load exploit attempt (server-other.rules) * 1:23165 <-> DISABLED <-> SERVER-OTHER Microsoft Lync Online wlanapi.dll dll-load exploit attempt (server-other.rules) * 1:23166 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XDP encoded download attempt (file-pdf.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:2317 <-> DISABLED <-> INDICATOR-COMPROMISE CVS non-relative path error response (indicator-compromise.rules) * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23171 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory (indicator-compromise.rules) * 1:23172 <-> DISABLED <-> SERVER-WEBAPP Microsoft ASP.NET improper comment handling XSS attempt (server-webapp.rules) * 1:23173 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan command and control channel traffic (os-mobile.rules) * 1:23174 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:23175 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules) * 1:23179 <-> DISABLED <-> INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:2318 <-> DISABLED <-> SERVER-OTHER CVS non-relative path access attempt (server-other.rules) * 1:23181 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework xbap DataObject object pointer attempt (file-executable.rules) * 1:23182 <-> ENABLED <-> SERVER-OTHER Joomla com_maqmahelpdesk task parameter local file inclusion attempt (server-other.rules) * 1:23186 <-> DISABLED <-> BROWSER-PLUGINS Dell CrazyTalk.DLL ActiveX clsid access (browser-plugins.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:2319 <-> DISABLED <-> SERVER-OTHER ebola PASS overflow attempt (server-other.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:232 <-> DISABLED <-> MALWARE-OTHER Trin00 Daemon to Master *HELLO* message detected (malware-other.rules) * 1:2320 <-> DISABLED <-> SERVER-OTHER ebola USER overflow attempt (server-other.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23209 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules) * 1:2321 <-> DISABLED <-> SERVER-IIS foxweb.exe access (server-iis.rules) * 1:23210 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules) * 1:23211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:23212 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:23213 <-> DISABLED <-> SQL Ruby on rails SQL injection attempt (sql.rules) * 1:23214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waprox.A variant outbound connection (malware-cnc.rules) * 1:23215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waprox.A variant outbound connection (malware-cnc.rules) * 1:23216 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails SQL injection attempt (server-webapp.rules) * 1:23217 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_utf8_tolower javascript encoder (indicator-shellcode.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:23219 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit Java Exploit request to .class file (exploit-kit.rules) * 1:2322 <-> DISABLED <-> SERVER-IIS foxweb.dll access (server-iis.rules) * 1:23220 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit Java Exploit Requested - 5 digit jar (exploit-kit.rules) * 1:23221 <-> DISABLED <-> EXPLOIT-KIT Redkit Jar File Naming Algorithm (exploit-kit.rules) * 1:23222 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Received - applet and 5 digit jar attempt (exploit-kit.rules) * 1:23223 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Received - applet and code (exploit-kit.rules) * 1:23224 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Requested - 8Digit.html (exploit-kit.rules) * 1:23225 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page Received - applet and flowbit (exploit-kit.rules) * 1:23226 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript error suppression routine (indicator-obfuscation.rules) * 1:23227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:23228 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX clsid access (browser-plugins.rules) * 1:23229 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX function call access (browser-plugins.rules) * 1:2323 <-> DISABLED <-> SERVER-WEBAPP iSoft-Solutions QuickStore shopping cart quickstore.cgi access (server-webapp.rules) * 1:23230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:23231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules) * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules) * 1:23236 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case javascript decoder (indicator-shellcode.rules) * 1:23237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:23238 <-> DISABLED <-> NETBIOS Wireshark console.lua file load exploit attempt (netbios.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules) * 1:2324 <-> DISABLED <-> SERVER-IIS VP-ASP shopsearch.asp access (server-iis.rules) * 1:23240 <-> DISABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules) * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules) * 1:23243 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:23246 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer url outbound connection - post install (pua-adware.rules) * 1:23247 <-> DISABLED <-> PUA-ADWARE Wajam Monitizer outbound connection - post install (pua-adware.rules) * 1:2325 <-> DISABLED <-> SERVER-IIS VP-ASP ShopDisplayProducts.asp access (server-iis.rules) * 1:23251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connection (malware-cnc.rules) * 1:23252 <-> DISABLED <-> MALWARE-CNC MacOS.MacKontrol variant outbound connection (malware-cnc.rules) * 1:23253 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care XMLSimpleAccessor ActiveX function call access attempt (browser-plugins.rules) * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules) * 1:23255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules) * 1:23256 <-> DISABLED <-> FILE-EXECUTABLE Armadillo v1.71 packer file magic detected (file-executable.rules) * 1:23257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules) * 1:23258 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23259 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:2326 <-> DISABLED <-> SERVER-IIS sgdynamo.exe access (server-iis.rules) * 1:23260 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver cross site scripting attempt (server-webapp.rules) * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules) * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23263 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:23267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:23268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:23269 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:2327 <-> DISABLED <-> SERVER-WEBAPP bsml.pl access (server-webapp.rules) * 1:23270 <-> DISABLED <-> FILE-OFFICE Microsoft Office Malformed MSODrawing Record attempt (file-office.rules) * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23273 <-> DISABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23274 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23275 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23276 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23277 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23278 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested list memory corruption attempt (browser-ie.rules) * 1:23279 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:2328 <-> DISABLED <-> SERVER-WEBAPP authentication_index.php access (server-webapp.rules) * 1:23280 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer corrupted HROW instance write access violation attempt (browser-ie.rules) * 1:23281 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint scriptresx.ashx XSS attempt (server-webapp.rules) * 1:23282 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint query.iqy XSS attempt (server-webapp.rules) * 1:23283 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX clsid access attempt (browser-plugins.rules) * 1:23284 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX clsid access attempt (browser-plugins.rules) * 1:23285 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:23286 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23287 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23288 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23289 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:2329 <-> DISABLED <-> SERVER-MSSQL probe response overflow attempt (server-mssql.rules) * 1:23290 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23291 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23292 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23295 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23297 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23299 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:233 <-> DISABLED <-> MALWARE-OTHER Trin00 Attacker to Master default startup password (malware-other.rules) * 1:2330 <-> DISABLED <-> PROTOCOL-IMAP auth overflow attempt (protocol-imap.rules) * 1:23300 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23302 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:23306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealer connect to server (malware-cnc.rules) * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules) * 1:23308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bucriv variant outbound connection (malware-cnc.rules) * 1:23309 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:2331 <-> DISABLED <-> SERVER-WEBAPP MatrikzGB privilege escalation attempt (server-webapp.rules) * 1:23310 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23311 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23312 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23313 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt (file-executable.rules) * 1:23314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid character argument injection attempt (os-windows.rules) * 1:23315 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for imeshare.dll over SMB attempt (file-office.rules) * 1:23316 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word imeshare.dll dll-load exploit attempt (file-office.rules) * 1:23317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper initial variant outbound connection (malware-cnc.rules) * 1:23318 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23319 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:2332 <-> DISABLED <-> PROTOCOL-FTP MKD format string attempt (protocol-ftp.rules) * 1:23320 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23321 <-> ENABLED <-> FILE-IDENTIFY TAR file attachment detected (file-identify.rules) * 1:23322 <-> ENABLED <-> FILE-IDENTIFY TAR file download request (file-identify.rules) * 1:23323 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23324 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23325 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23326 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23327 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23328 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23329 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:2333 <-> DISABLED <-> PROTOCOL-FTP RENAME format string attempt (protocol-ftp.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:23331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mybot variant outbound connection (malware-cnc.rules) * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules) * 1:23333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker initial C&C checkin (malware-cnc.rules) * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules) * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:23336 <-> DISABLED <-> MALWARE-CNC Linfo.A variant outbound connection (malware-cnc.rules) * 1:23337 <-> DISABLED <-> MALWARE-CNC Bluenet.A variant outbound connection (malware-cnc.rules) * 1:23338 <-> DISABLED <-> MALWARE-BACKDOOR Spindest.A runtime detection - initial connection (malware-backdoor.rules) * 1:23339 <-> DISABLED <-> MALWARE-CNC Prier.A variant outbound connection (malware-cnc.rules) * 1:2334 <-> DISABLED <-> PROTOCOL-FTP Yak! FTP server default account login attempt (protocol-ftp.rules) * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules) * 1:23341 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Tinrot.A runtime detection (malware-backdoor.rules) * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:23344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Harvso.A variant outbound connection (malware-cnc.rules) * 1:23345 <-> DISABLED <-> MALWARE-CNC RunTime Win.Trojan.tchfro.A variant outbound connection (malware-cnc.rules) * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:23347 <-> ENABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:2335 <-> DISABLED <-> PROTOCOL-FTP RMD / attempt (protocol-ftp.rules) * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (malware-other.rules) * 1:23351 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23352 <-> DISABLED <-> BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX clsid access attempt (browser-plugins.rules) * 1:23353 <-> DISABLED <-> BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX function call access attempt (browser-plugins.rules) * 1:23354 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules) * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules) * 1:23356 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23357 <-> DISABLED <-> FILE-OTHER ELF multiple antivirus evasion attempts (file-other.rules) * 1:23358 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:23359 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array parameter DoS attempt (server-other.rules) * 1:23360 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23361 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23362 <-> DISABLED <-> SERVER-IIS tilde character file name discovery attempt (server-iis.rules) * 1:23363 <-> DISABLED <-> SERVER-OTHER Novell Netware XNFS.NLM xdrdecodeString heap buffer overflow attempt (server-other.rules) * 1:23364 <-> DISABLED <-> SERVER-OTHER Novell Netware XNFS.NLM v2 xdrdecodeString heap buffer overflow attempt (server-other.rules) * 1:23365 <-> DISABLED <-> SERVER-OTHER Novell Netware XNFS.NLM NFS v3 xdrdecodeString heap buffer overflow attempt (server-other.rules) * 1:23366 <-> DISABLED <-> SERVER-OTHER Novell Netware XNFS.NLM NFS v2 xdrdecodeString heap buffer overflow attempt (server-other.rules) * 1:23368 <-> DISABLED <-> PROTOCOL-DNS Tftpd32 DNS server denial of service attempt (protocol-dns.rules) * 1:23369 <-> DISABLED <-> PUA-ADWARE Adware.Phono post infection download attempt (pua-adware.rules) * 1:2337 <-> DISABLED <-> PROTOCOL-TFTP PUT filename overflow attempt (protocol-tftp.rules) * 1:23370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:23371 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:23372 <-> DISABLED <-> BROWSER-PLUGINS Teechart Professional ActiveX clsid access (browser-plugins.rules) * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:23374 <-> DISABLED <-> BROWSER-PLUGINS Teechart Professional ActiveX clsid access (browser-plugins.rules) * 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:23376 <-> DISABLED <-> BROWSER-PLUGINS Teechart Professional ActiveX clsid access (browser-plugins.rules) * 1:23377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules) * 1:23378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules) * 1:23379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leepload variant outbound connection (malware-cnc.rules) * 1:2338 <-> DISABLED <-> PROTOCOL-FTP LIST buffer overflow attempt (protocol-ftp.rules) * 1:23380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ventana initial variant outbound connection (malware-cnc.rules) * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules) * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:23383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chaori.A variant outbound connection (malware-cnc.rules) * 1:23384 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger nmma.exe login memory corruption attempt (server-webapp.rules) * 1:23387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:23388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeMSN.I variant outbound connection (malware-cnc.rules) * 1:23389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules) * 1:2339 <-> DISABLED <-> PROTOCOL-TFTP NULL command attempt (protocol-tftp.rules) * 1:23390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules) * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules) * 1:23392 <-> DISABLED <-> SERVER-OTHER IBM SolidDB redundant where clause DoS attempt (server-other.rules) * 1:23393 <-> ENABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Govdi.A variant outbound connection (malware-cnc.rules) * 1:234 <-> DISABLED <-> MALWARE-OTHER Trin00 Attacker to Master default password (malware-other.rules) * 1:2340 <-> DISABLED <-> PROTOCOL-FTP SITE CHMOD overflow attempt (protocol-ftp.rules) * 1:23400 <-> DISABLED <-> FILE-OTHER Apple Quicktime JPEG2000 length integer underflow attempt (file-other.rules) * 1:23401 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish server REST interface cross site request forgery attempt (server-webapp.rules) * 1:23402 <-> DISABLED <-> SERVER-WEBAPP CVS remote file information disclosure attempt (server-webapp.rules) * 1:23403 <-> DISABLED <-> SERVER-WEBAPP Adobe JRun directory traversal attempt (server-webapp.rules) * 1:23404 <-> DISABLED <-> SERVER-MAIL Mortal Universe POP Peeper date header overflow attempt (server-mail.rules) * 1:23405 <-> DISABLED <-> SERVER-WEBAPP PHP-Nuke index.php SQL injection attempt (server-webapp.rules) * 1:23406 <-> DISABLED <-> SERVER-WEBAPP PHP-Nuke index.php SQL injection attempt (server-webapp.rules) * 1:23407 <-> DISABLED <-> SERVER-WEBAPP Apple iChat url format string exploit attempt (server-webapp.rules) * 1:23408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows large image resize denial of service attempt (os-windows.rules) * 1:23409 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:2341 <-> DISABLED <-> SERVER-WEBAPP DCP-Portal remote file include editor script attempt (server-webapp.rules) * 1:23410 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23411 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23412 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23413 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23414 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23415 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23416 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23417 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23418 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23419 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:2342 <-> DISABLED <-> SERVER-WEBAPP DCP-Portal remote file include lib script attempt (server-webapp.rules) * 1:23420 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23421 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23422 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23423 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23424 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23425 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23426 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23427 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23428 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23429 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:2343 <-> DISABLED <-> PROTOCOL-FTP STOR overflow attempt (protocol-ftp.rules) * 1:23430 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23431 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23432 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23433 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino cross site scripting attempt (server-webapp.rules) * 1:23434 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino cross site scripting attempt (server-webapp.rules) * 1:23435 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon file attachment directory traversal attempt (server-mail.rules) * 1:23436 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23437 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX IDirectPlay4 denial of service attempt (os-windows.rules) * 1:23438 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell initialization attempt (indicator-compromise.rules) * 1:23439 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:2344 <-> DISABLED <-> PROTOCOL-FTP XCWD overflow attempt (protocol-ftp.rules) * 1:23440 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23441 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command shell upload attempt (indicator-compromise.rules) * 1:23442 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell remote command injection attempt (indicator-compromise.rules) * 1:23443 <-> DISABLED <-> INDICATOR-COMPROMISE php-shell failed remote command injection attempt (indicator-compromise.rules) * 1:23444 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet License Server buffer overflow attempt (server-other.rules) * 1:23445 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox use-after free remote code execution attempt (browser-firefox.rules) * 1:23446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules) * 1:23447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules) * 1:23448 <-> DISABLED <-> MALWARE-CNC Win.Worm.Psyokym variant outbound connection (malware-cnc.rules) * 1:23449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Servstart.ax variant outbound connection (malware-cnc.rules) * 1:2345 <-> DISABLED <-> SERVER-WEBAPP PhpGedView search.php access (server-webapp.rules) * 1:23450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.McRat connect to server (malware-cnc.rules) * 1:23451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedSip.A variant outbound connection (malware-cnc.rules) * 1:23456 <-> DISABLED <-> SERVER-OTHER IBM Tivoli name overflow attempt (server-other.rules) * 1:2346 <-> DISABLED <-> SERVER-WEBAPP myPHPNuke chatheader.php access (server-webapp.rules) * 1:23460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Belesak.A variant outbound connection (malware-cnc.rules) * 1:23461 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23462 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23463 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23464 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23465 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23466 <-> DISABLED <-> SERVER-WEBAPP IBM System Storage DS storage manager profiler XSS attempt (server-webapp.rules) * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules) * 1:23468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:23469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:2347 <-> DISABLED <-> SERVER-WEBAPP myPHPNuke partner.php access (server-webapp.rules) * 1:23470 <-> DISABLED <-> BROWSER-PLUGINS StoneTrip S3DPlayer ActiveX clsid access attempt (browser-plugins.rules) * 1:23471 <-> DISABLED <-> BROWSER-CHROME Google Chrome net-internals uri fragment identifier XSS attempt (browser-chrome.rules) * 1:23472 <-> DISABLED <-> PUA-ADWARE FakeAV landing page request (pua-adware.rules) * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules) * 1:23474 <-> ENABLED <-> FILE-IDENTIFY PLP file download request (file-identify.rules) * 1:23475 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23476 <-> ENABLED <-> FILE-IDENTIFY PLP file attachment detected (file-identify.rules) * 1:23477 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23478 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23479 <-> DISABLED <-> FILE-OTHER ACDSee FotoSlate PLP file buffer overflow attempt (file-other.rules) * 1:23480 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino webadmin.nsf directory traversal attempt (server-webapp.rules) * 1:23481 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in setTimeout call (indicator-obfuscation.rules) * 1:23482 <-> DISABLED <-> INDICATOR-OBFUSCATION hex escaped characters in addEventListener call (indicator-obfuscation.rules) * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules) * 1:23485 <-> DISABLED <-> SERVER-WEBAPP Wordpress Invit0r plugin php upload attempt (server-webapp.rules) * 1:23486 <-> ENABLED <-> FILE-IDENTIFY JOB file download request (file-identify.rules) * 1:23487 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> ENABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23490 <-> DISABLED <-> FILE-MULTIMEDIA Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (file-multimedia.rules) * 1:23491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kura variant outbound connection (malware-cnc.rules) * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules) * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules) * 1:23495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kugdifod.A variant outbound connection (malware-cnc.rules) * 1:23496 <-> ENABLED <-> FILE-IDENTIFY CUR file download request (file-identify.rules) * 1:23497 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> ENABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23499 <-> DISABLED <-> FILE-OTHER Microsoft Windows CUR file parsing overflow attempt (file-other.rules) * 1:235 <-> DISABLED <-> MALWARE-OTHER Trin00 Attacker to Master default mdie password (malware-other.rules) * 1:23500 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:23501 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23502 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23503 <-> DISABLED <-> FILE-PDF Adobe Acrobat JavaScript getIcon method buffer overflow attempt (file-pdf.rules) * 1:23504 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:23506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:23508 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:23509 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:23510 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:23511 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:23512 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23513 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23514 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23515 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23516 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:23517 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:23518 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:23520 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules) * 1:23521 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules) * 1:23522 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules) * 1:23523 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:23524 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:23525 <-> DISABLED <-> FILE-OFFICE Microsoft Office BMP header biClrUsed integer overflow attempt (file-office.rules) * 1:23526 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23527 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:23528 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:2353 <-> DISABLED <-> SERVER-WEBAPP IdeaBox cord.php file include (server-webapp.rules) * 1:23530 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:23531 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23532 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23533 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record (file-office.rules) * 1:23534 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint paragraph format array inner header overflow attempt (file-office.rules) * 1:23535 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:23536 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:23537 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:23538 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:23539 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Legacy file format picture object code execution attempt (file-office.rules) * 1:2354 <-> DISABLED <-> SERVER-WEBAPP IdeaBox notification.php file include (server-webapp.rules) * 1:23540 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel GDI+ Office Art Property Table remote code execution attempt (file-office.rules) * 1:23542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel integer field in row record improper validation remote code execution attempt (file-office.rules) * 1:23543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file SxView record exploit attempt (file-office.rules) * 1:23544 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:23545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:23546 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:23547 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:23548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:23549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:2355 <-> DISABLED <-> SERVER-WEBAPP Invision Board emailer.php file include (server-webapp.rules) * 1:23550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules) * 1:23551 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:23553 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23554 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:23555 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:23556 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23557 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office text converters integer underflow attempt (file-office.rules) * 1:23558 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:23559 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:2356 <-> DISABLED <-> SERVER-WEBAPP WebChat db_mysql.php file include (server-webapp.rules) * 1:23560 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23561 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:23562 <-> DISABLED <-> FILE-OTHER Microsoft MHTML XSS attempt (file-other.rules) * 1:23563 <-> DISABLED <-> FILE-OTHER Microsoft Windows MHTML XSS attempt (file-other.rules) * 1:23564 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:23565 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:23566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (file-other.rules) * 1:23567 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:23568 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:23569 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:2357 <-> DISABLED <-> SERVER-WEBAPP WebChat english.php file include (server-webapp.rules) * 1:23570 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:23571 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:23572 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:23573 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:23574 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:23575 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23576 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:23577 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:23578 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed ASF voice codec memory corruption attempt (file-other.rules) * 1:23579 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:2358 <-> DISABLED <-> SERVER-WEBAPP Typo3 translations.php file include (server-webapp.rules) * 1:23580 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23582 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23583 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23584 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23585 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23586 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:2359 <-> DISABLED <-> SERVER-WEBAPP Invision Board ipchat.php file include (server-webapp.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23591 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:23593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:23594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:23595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules) * 1:23596 <-> DISABLED <-> INDICATOR-COMPROMISE iframe before DOCTYPE possible malicious redirect attempt (indicator-compromise.rules) * 1:23597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.DHD variant outbound connection (malware-cnc.rules) * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:236 <-> DISABLED <-> PROTOCOL-ICMP Stacheldraht client check gag (protocol-icmp.rules) * 1:2360 <-> DISABLED <-> SERVER-WEBAPP myphpPagetool pt_config.inc file include (server-webapp.rules) * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules) * 1:23601 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan default agent string (indicator-scan.rules) * 1:23602 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan Firefox agent string (indicator-scan.rules) * 1:23603 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan MSIE agent string (indicator-scan.rules) * 1:23604 <-> DISABLED <-> INDICATOR-SCAN Skipfish scan iPhone agent string (indicator-scan.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules) * 1:23609 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:2361 <-> DISABLED <-> SERVER-WEBAPP news.php file include (server-webapp.rules) * 1:23610 <-> DISABLED <-> MALWARE-CNC Worm.Crass.A variant outbound connection (malware-cnc.rules) * 1:23611 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules) * 1:23612 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules) * 1:23613 <-> DISABLED <-> SERVER-WEBAPP Arbitrary file location upload attempt (server-webapp.rules) * 1:23614 <-> DISABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules) * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules) * 1:23616 <-> ENABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules) * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (app-detect.rules) * 1:23618 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:23619 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch broken (exploit-kit.rules) * 1:2362 <-> DISABLED <-> SERVER-WEBAPP YaBB SE packages.php file include (server-webapp.rules) * 1:23620 <-> ENABLED <-> MALWARE-OTHER Malvertising network attempted redirect (malware-other.rules) * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules) * 1:23622 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page request - tkr (exploit-kit.rules) * 1:23623 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules) * 1:23625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox resource URL handling directory traversal attempt (browser-firefox.rules) * 1:23626 <-> DISABLED <-> SERVER-IIS cmd.exe access (server-iis.rules) * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules) * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules) * 1:2363 <-> DISABLED <-> SERVER-WEBAPP Cyboards default_header.php access (server-webapp.rules) * 1:23630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.YMrelay variant outbound connection (malware-cnc.rules) * 1:23631 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (server-apache.rules) * 1:23632 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules) * 1:23634 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant outbound connection (malware-cnc.rules) * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:2364 <-> DISABLED <-> SERVER-WEBAPP Cyboards options_form.php access (server-webapp.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23641 <-> DISABLED <-> FILE-IDENTIFY GZip file magic detected (file-identify.rules) * 1:23642 <-> ENABLED <-> FILE-IDENTIFY Script encoder file magic detected (file-identify.rules) * 1:23643 <-> ENABLED <-> FILE-IDENTIFY Postscript file magic detected (file-identify.rules) * 1:23644 <-> ENABLED <-> FILE-IDENTIFY BinHex file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23646 <-> ENABLED <-> FILE-IDENTIFY bzip file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23649 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CAB file magic detected (file-identify.rules) * 1:2365 <-> DISABLED <-> SERVER-WEBAPP newsPHP Language file include attempt (server-webapp.rules) * 1:23650 <-> ENABLED <-> FILE-IDENTIFY Ogg Stream file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> ENABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:2366 <-> DISABLED <-> SERVER-WEBAPP PhpGedView PGV authentication_index.php base directory manipulation attempt (server-webapp.rules) * 1:23660 <-> ENABLED <-> FILE-IDENTIFY Symantec file magic detected (file-identify.rules) * 1:23661 <-> ENABLED <-> FILE-IDENTIFY ARJ file magic detected (file-identify.rules) * 1:23662 <-> ENABLED <-> FILE-IDENTIFY TNEF file magic detected (file-identify.rules) * 1:23663 <-> ENABLED <-> FILE-IDENTIFY ELF file magic detected (file-identify.rules) * 1:23664 <-> ENABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23665 <-> ENABLED <-> FILE-IDENTIFY CryptFF file magic detected (file-identify.rules) * 1:23666 <-> ENABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23668 <-> ENABLED <-> FILE-IDENTIFY SIS file magic detected (file-identify.rules) * 1:23669 <-> ENABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules) * 1:2367 <-> DISABLED <-> SERVER-WEBAPP PhpGedView PGV functions.php base directory manipulation attempt (server-webapp.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23671 <-> ENABLED <-> FILE-IDENTIFY 7zip file magic detected (file-identify.rules) * 1:23672 <-> ENABLED <-> FILE-IDENTIFY MachO Little Endian file magic detected (file-identify.rules) * 1:23673 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Little Endian file magic detected (file-identify.rules) * 1:23674 <-> ENABLED <-> FILE-IDENTIFY MachO Big Endian file magic detected (file-identify.rules) * 1:23675 <-> ENABLED <-> FILE-IDENTIFY MachO x64 Big Endian file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23679 <-> ENABLED <-> FILE-IDENTIFY compressed Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:2368 <-> DISABLED <-> SERVER-WEBAPP PhpGedView PGV config_gedcom.php base directory manipulation attempt (server-webapp.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23688 <-> ENABLED <-> FILE-IDENTIFY bcproj file magic detected (file-identify.rules) * 1:23689 <-> ENABLED <-> FILE-IDENTIFY mx4 file magic detected (file-identify.rules) * 1:2369 <-> DISABLED <-> SERVER-WEBAPP ISAPISkeleton.dll access (server-webapp.rules) * 1:23690 <-> ENABLED <-> FILE-IDENTIFY ffmpeg file magic detected (file-identify.rules) * 1:23691 <-> ENABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23692 <-> ENABLED <-> FILE-IDENTIFY ivr file magic detected (file-identify.rules) * 1:23693 <-> ENABLED <-> FILE-IDENTIFY caff file magic detected (file-identify.rules) * 1:23694 <-> ENABLED <-> FILE-IDENTIFY vmd file magic detected (file-identify.rules) * 1:23695 <-> ENABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> ENABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23699 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:237 <-> DISABLED <-> MALWARE-OTHER Trin00 Master to Daemon default password attempt (malware-other.rules) * 1:2370 <-> DISABLED <-> SERVER-WEBAPP BugPort config.conf file access (server-webapp.rules) * 1:23700 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23702 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:23703 <-> ENABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23704 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.51-v0.61 packed file magic detected (file-identify.rules) * 1:23705 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:23706 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v2.90 v2.93-v3.00 packed file magic detected (file-identify.rules) * 1:23707 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23708 <-> ENABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v4 file magic detected (file-identify.rules) * 1:23709 <-> ENABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:2371 <-> DISABLED <-> SERVER-WEBAPP Sample_showcode.html access (server-webapp.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23713 <-> DISABLED <-> FILE-IDENTIFY Metastock mwl file magic detected (file-identify.rules) * 1:23714 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules) * 1:23715 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:23716 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access JSDB file magic detected (file-identify.rules) * 1:23717 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access TJDB file magic detected (file-identify.rules) * 1:23718 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access MSISAM file magic detected (file-identify.rules) * 1:2372 <-> DISABLED <-> SERVER-WEBAPP Photopost PHP Pro showphoto.php access (server-webapp.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23722 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23726 <-> ENABLED <-> FILE-IDENTIFY Portable Executable compact binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> ENABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:2373 <-> DISABLED <-> PROTOCOL-FTP XMKD overflow attempt (protocol-ftp.rules) * 1:23730 <-> ENABLED <-> FILE-IDENTIFY amf file magic detected (file-identify.rules) * 1:23731 <-> ENABLED <-> FILE-IDENTIFY CDR file magic detected (file-identify.rules) * 1:23732 <-> ENABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23733 <-> ENABLED <-> FILE-IDENTIFY webm file magic detected (file-identify.rules) * 1:23734 <-> ENABLED <-> FILE-IDENTIFY Autodesk Maya file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> ENABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:2374 <-> DISABLED <-> PROTOCOL-FTP NLST overflow attempt (protocol-ftp.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> ENABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:2375 <-> DISABLED <-> MALWARE-CNC DoomJuice/mydoom.a backdoor upload/execute (malware-cnc.rules) * 1:23750 <-> ENABLED <-> FILE-IDENTIFY Microsoft Money file magic detected (file-identify.rules) * 1:23751 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:23752 <-> ENABLED <-> FILE-IDENTIFY cy3 Cytel Studio file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23756 <-> DISABLED <-> FILE-IDENTIFY New Executable binary file magic detected (file-identify.rules) * 1:23757 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:2376 <-> DISABLED <-> SERVER-OTHER ISAKMP first payload certificate request length overflow attempt (server-other.rules) * 1:23760 <-> ENABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> ENABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> ENABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23766 <-> ENABLED <-> FILE-IDENTIFY EMF file magic detected (file-identify.rules) * 1:23767 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows hlp file magic detected (file-identify.rules) * 1:23768 <-> DISABLED <-> FILE-IDENTIFY Microsoft Visual Basic v6.0 - additional file magic detected (file-identify.rules) * 1:23769 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio DBP file magic detected (file-identify.rules) * 1:2377 <-> DISABLED <-> SERVER-OTHER ISAKMP second payload certificate request length overflow attempt (server-other.rules) * 1:23770 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio PKP file magic detected (file-identify.rules) * 1:23771 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio SLN file magic detected (file-identify.rules) * 1:23772 <-> ENABLED <-> FILE-IDENTIFY Microsoft Visual Studio VAP file magic detected (file-identify.rules) * 1:23773 <-> ENABLED <-> FILE-IDENTIFY XM file magic detected (file-identify.rules) * 1:23774 <-> ENABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23776 <-> ENABLED <-> FILE-IDENTIFY PLP file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:2378 <-> DISABLED <-> SERVER-OTHER ISAKMP third payload certificate request length overflow attempt (server-other.rules) * 1:23780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begfanit.A outbound connection (malware-cnc.rules) * 1:23781 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:23782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.kych variant outbound connection (malware-cnc.rules) * 1:23783 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (server-webapp.rules) * 1:23785 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.floor catch (exploit-kit.rules) * 1:23786 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - Math.round catch (exploit-kit.rules) * 1:23787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules) * 1:23788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules) * 1:23789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules) * 1:2379 <-> DISABLED <-> SERVER-OTHER ISAKMP forth payload certificate request length overflow attempt (server-other.rules) * 1:23790 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules) * 1:23791 <-> DISABLED <-> SERVER-WEBAPP PHP use-after-free in substr_replace attempt (server-webapp.rules) * 1:23792 <-> DISABLED <-> SERVER-WEBAPP PHP use-after-free in substr_replace attempt (server-webapp.rules) * 1:23793 <-> DISABLED <-> SERVER-WEBAPP use-after-free in substr_replace attempt (server-webapp.rules) * 1:23794 <-> DISABLED <-> MALWARE-CNC known command and control traffic (malware-cnc.rules) * 1:23796 <-> DISABLED <-> SERVER-WEBAPP exif invalid tag data buffer overflow attempt (server-webapp.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23798 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection page (malware-other.rules) * 1:238 <-> DISABLED <-> PROTOCOL-ICMP TFN server response (protocol-icmp.rules) * 1:2380 <-> DISABLED <-> SERVER-OTHER ISAKMP fifth payload certificate request length overflow attempt (server-other.rules) * 1:23805 <-> DISABLED <-> BROWSER-WEBKIT WebKit button column memory corruption attempt (browser-webkit.rules) * 1:23806 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 1:23807 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules) * 1:23810 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:2382 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules) * 1:23825 <-> DISABLED <-> MALWARE-CNC FinFisher initial variant outbound connection (malware-cnc.rules) * 1:23826 <-> DISABLED <-> MALWARE-CNC FinFisher variant outbound connection (malware-cnc.rules) * 1:23827 <-> DISABLED <-> SERVER-WEBAPP Joomla Remote File Include upload attempt (server-webapp.rules) * 1:23828 <-> DISABLED <-> SERVER-WEBAPP Joomla Remote File Include upload attempt (server-webapp.rules) * 1:23829 <-> DISABLED <-> INDICATOR-COMPROMISE Loaderz Web Shell (indicator-compromise.rules) * 1:2383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules) * 1:23830 <-> DISABLED <-> INDICATOR-COMPROMISE Alsa3ek Web Shell (indicator-compromise.rules) * 1:23831 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23832 <-> DISABLED <-> INDICATOR-OBFUSCATION non-alphanumeric javascript detected (indicator-obfuscation.rules) * 1:23833 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection campaign - blackmuscat (malware-other.rules) * 1:23834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules) * 1:23835 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules) * 1:23836 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:23837 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules) * 1:23838 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NetServerEnum response host format string exploit attempt (os-windows.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23840 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules) * 1:23841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules) * 1:23842 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23843 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23844 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:23846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP freed memory write attempt (os-windows.rules) * 1:23848 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23849 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules) * 1:23850 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - hwehes (exploit-kit.rules) * 1:23851 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23852 <-> DISABLED <-> FILE-PDF Blackhole exploit kit related malicious file detection (file-pdf.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23855 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules) * 1:23856 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules) * 1:23857 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules) * 1:23858 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules) * 1:23859 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules) * 1:2386 <-> DISABLED <-> SERVER-IIS NTLM ASN1 vulnerability scan attempt (server-iis.rules) * 1:23860 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules) * 1:23861 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules) * 1:23862 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules) * 1:23863 <-> DISABLED <-> PUA-ADWARE LiveSecurityPlatinum.A outbound connection - initial connection (pua-adware.rules) * 1:23864 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23865 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23866 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23874 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23875 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scirib variant outbound connection (malware-cnc.rules) * 1:23877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dtfanri variant outbound connection (malware-cnc.rules) * 1:23878 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules) * 1:23879 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:2388 <-> DISABLED <-> SERVER-WEBAPP Apple QuickTime streaming server view_broadcast.cgi access (server-webapp.rules) * 1:23880 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23881 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23882 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23883 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23884 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23889 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:2389 <-> DISABLED <-> PROTOCOL-FTP RNTO overflow attempt (protocol-ftp.rules) * 1:23890 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23891 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23892 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules) * 1:23894 <-> DISABLED <-> SERVER-WEBAPP truncated crypt function attempt (server-webapp.rules) * 1:23895 <-> DISABLED <-> SERVER-WEBAPP PHP truncated crypt function attempt (server-webapp.rules) * 1:23896 <-> DISABLED <-> SERVER-WEBAPP PHP truncated crypt function attempt (server-webapp.rules) * 1:23897 <-> DISABLED <-> FILE-PDF Sending of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:23898 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader collab.collectEmailInfo exploit attempt (file-pdf.rules) * 1:23899 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:239 <-> DISABLED <-> MALWARE-OTHER shaft handler to agent (malware-other.rules) * 1:2390 <-> DISABLED <-> PROTOCOL-FTP STOU overflow attempt (protocol-ftp.rules) * 1:23900 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23901 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23902 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Javascript buffer overflow attempt (file-pdf.rules) * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules) * 1:23905 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23906 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23907 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23908 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23909 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:2391 <-> DISABLED <-> PROTOCOL-FTP APPE overflow attempt (protocol-ftp.rules) * 1:23910 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23911 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23912 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23913 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23914 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23915 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23916 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23917 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23918 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23919 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:2392 <-> DISABLED <-> PROTOCOL-FTP RETR overflow attempt (protocol-ftp.rules) * 1:23920 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23921 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23922 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23923 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23924 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23925 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23926 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23927 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23928 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23929 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:2393 <-> DISABLED <-> SERVER-WEBAPP /_admin access (server-webapp.rules) * 1:23930 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23931 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23932 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23933 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - execute dropped file (indicator-compromise.rules) * 1:23934 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt (server-webapp.rules) * 1:23935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules) * 1:23936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules) * 1:23937 <-> DISABLED <-> SERVER-WEBAPP Invalid global flag attachment attempt (server-webapp.rules) * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:2394 <-> DISABLED <-> SERVER-WEBAPP Compaq web-based management agent denial of service attempt (server-webapp.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23941 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Aharm variant outbound connection (malware-cnc.rules) * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules) * 1:23943 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:23944 <-> DISABLED <-> SERVER-WEBAPP empty zip file upload attempt (server-webapp.rules) * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules) * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules) * 1:23947 <-> DISABLED <-> SQL IBM System Storage DS storage manager profiler sql injection attempt (sql.rules) * 1:23948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sicisono variant outbound connection (malware-cnc.rules) * 1:23949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TKcik variant outbound connection (malware-cnc.rules) * 1:2395 <-> DISABLED <-> SERVER-WEBAPP InteractiveQuery.jsp access (server-webapp.rules) * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules) * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules) * 1:23953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comfoo variant outbound connection (malware-cnc.rules) * 1:23954 <-> DISABLED <-> OS-MOBILE Android SMSZombie APK file download attempt (os-mobile.rules) * 1:23955 <-> DISABLED <-> MALWARE-CNC Xhuna.A variant outbound connection (malware-cnc.rules) * 1:23956 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23958 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23959 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:2396 <-> DISABLED <-> SERVER-WEBAPP CCBill whereami.cgi arbitrary command execution attempt (server-webapp.rules) * 1:23960 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23961 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23962 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - fewbgazr catch (exploit-kit.rules) * 1:23963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Runagry variant outbound connection (malware-cnc.rules) * 1:23964 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules) * 1:23965 <-> DISABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules) * 1:23966 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk invite malformed SDP denial of service attempt (protocol-voip.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules) * 1:23969 <-> ENABLED <-> OS-MOBILE Android SMSZombie APK file download (os-mobile.rules) * 1:2397 <-> DISABLED <-> SERVER-WEBAPP CCBill whereami.cgi access (server-webapp.rules) * 1:23971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabwak variant outbound connection (malware-cnc.rules) * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:23973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vampols variant inbound connection (malware-cnc.rules) * 1:23974 <-> DISABLED <-> SERVER-WEBAPP calendar conversion remote integer overflow attempt (server-webapp.rules) * 1:23975 <-> DISABLED <-> SERVER-WEBAPP calendar conversion remote integer overflow attempt (server-webapp.rules) * 1:23976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome initial variant outbound connection (malware-cnc.rules) * 1:23977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome runtime update to cnc-server (malware-cnc.rules) * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules) * 1:23979 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:2398 <-> DISABLED <-> SERVER-WEBAPP WAnewsletter newsletter.php file include attempt (server-webapp.rules) * 1:23980 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23981 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23982 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23983 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23984 <-> DISABLED <-> SERVER-WEBAPP LongTail Video JW Player XSS attempt link param (server-webapp.rules) * 1:23985 <-> DISABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules) * 1:23986 <-> DISABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules) * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules) * 1:23988 <-> DISABLED <-> SERVER-WEBAPP ocPortal cms cross site request forgery attempt (server-webapp.rules) * 1:23989 <-> DISABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:2399 <-> DISABLED <-> SERVER-WEBAPP WAnewsletter db_type.php access (server-webapp.rules) * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (policy-social.rules) * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (policy-social.rules) * 1:23992 <-> DISABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules) * 1:23994 <-> DISABLED <-> SERVER-WEBAPP zend_strndup null pointer dereference attempt (server-webapp.rules) * 1:23995 <-> DISABLED <-> SERVER-WEBAPP libtidy null pointer dereference attempt (server-webapp.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23998 <-> DISABLED <-> SERVER-OTHER DHCP discover broadcast flood attempt (server-other.rules) * 1:23999 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:240 <-> DISABLED <-> MALWARE-OTHER shaft agent to handler (malware-other.rules) * 1:2400 <-> DISABLED <-> SERVER-WEBAPP edittag.pl access (server-webapp.rules) * 1:24000 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24001 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24002 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24003 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24006 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:24007 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules) * 1:2401 <-> DISABLED <-> NETBIOS SMB Session Setup andx username overflow attempt (netbios.rules) * 1:24010 <-> DISABLED <-> MALWARE-CNC runtime Trojan.Radil variant outbound connection (malware-cnc.rules) * 1:24011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransomer variant outbound connection (malware-cnc.rules) * 1:24012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules) * 1:24015 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Magania variant outbound connection (malware-cnc.rules) * 1:24016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madon variant outbound connection - variant outbound connection (malware-cnc.rules) * 1:24017 <-> ENABLED <-> MALWARE-OTHER Possible malicious redirect - rebots.php (malware-other.rules) * 1:24018 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - hello.icon.pk (malware-cnc.rules) * 1:24019 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - ok.XXX4.net/meeting/hi.exe (malware-cnc.rules) * 1:2402 <-> DISABLED <-> NETBIOS SMB-DS Session Setup andx username overflow attempt (netbios.rules) * 1:24020 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24022 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24024 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24026 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24028 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:2403 <-> DISABLED <-> NETBIOS SMB Session Setup unicode username overflow attempt (netbios.rules) * 1:24035 <-> DISABLED <-> MALWARE-CNC Downloader.Inject variant outbound connection (malware-cnc.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24037 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24039 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:2404 <-> DISABLED <-> NETBIOS SMB-DS Session Setup unicode andx username overflow attempt (netbios.rules) * 1:24040 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24041 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24042 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24043 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24044 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24045 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file download request (file-identify.rules) * 1:24046 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24047 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wsz file attachment detected (file-identify.rules) * 1:24048 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file download request (file-identify.rules) * 1:24049 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:2405 <-> DISABLED <-> SERVER-WEBAPP phptest.php access (server-webapp.rules) * 1:24050 <-> ENABLED <-> FILE-IDENTIFY Winamp skin file wal file attachment detected (file-identify.rules) * 1:24051 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24052 <-> DISABLED <-> FILE-OTHER Winamp skin file arbitrary code execution attempt (file-other.rules) * 1:24053 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24055 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24057 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24059 <-> DISABLED <-> SERVER-WEBAPP 5.3.3 mt_rand integer overflow attempt (server-webapp.rules) * 1:2406 <-> DISABLED <-> PROTOCOL-TELNET APC SmartSlot default admin account attempt (protocol-telnet.rules) * 1:24060 <-> DISABLED <-> SERVER-WEBAPP PHP 5.3.3 mt_rand integer overflow attempt (server-webapp.rules) * 1:24061 <-> DISABLED <-> SERVER-WEBAPP PHP 5.3.3 mt_rand integer overflow attempt (server-webapp.rules) * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules) * 1:24063 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24065 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24067 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24068 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 bufer over-read attempt (file-other.rules) * 1:24069 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:2407 <-> DISABLED <-> SERVER-WEBAPP util.pl access (server-webapp.rules) * 1:24070 <-> DISABLED <-> FILE-OTHER Expat xml UTF-8 buffer over-read attempt (file-other.rules) * 1:24071 <-> DISABLED <-> FILE-IDENTIFY GZip file download request (file-identify.rules) * 1:24072 <-> ENABLED <-> FILE-IDENTIFY GZip file attachment detected (file-identify.rules) * 1:24073 <-> ENABLED <-> FILE-IDENTIFY GZip file attachment detected (file-identify.rules) * 1:24074 <-> ENABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:2408 <-> DISABLED <-> SERVER-WEBAPP Invision Power Board search.pl access (server-webapp.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24083 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:24084 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24086 <-> DISABLED <-> PUA-ADWARE Adware.AdultAds outbound connection (pua-adware.rules) * 1:24087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bledoor TCP tunnel in UDP (malware-cnc.rules) * 1:24088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bledoor TCP tunnel in ICMP (malware-cnc.rules) * 1:24089 <-> ENABLED <-> OS-WINDOWS Microsoft WebDAV PROPFIND request (os-windows.rules) * 1:2409 <-> DISABLED <-> PROTOCOL-POP APOP USER overflow attempt (protocol-pop.rules) * 1:24090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:24091 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SOAP interface command injection attempt (server-webapp.rules) * 1:24092 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clisbot variant outbound connection (malware-cnc.rules) * 1:24093 <-> DISABLED <-> SERVER-WEBAPP RFC1867 file-upload implementation denial of service attempt (server-webapp.rules) * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (app-detect.rules) * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (app-detect.rules) * 1:24096 <-> DISABLED <-> CONTENT-REPLACE Teamviewer remote connection attempt (content-replace.rules) * 1:24097 <-> DISABLED <-> CONTENT-REPLACE Teamviewer remote connection attempt (content-replace.rules) * 1:24098 <-> DISABLED <-> CONTENT-REPLACE Teamviewer remote connection attempt (content-replace.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:2410 <-> DISABLED <-> SERVER-WEBAPP IGeneric Free Shopping Cart page.php access (server-webapp.rules) * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:2411 <-> DISABLED <-> SERVER-WEBAPP RealNetworks RealSystem Server DESCRIBE buffer overflow attempt (server-webapp.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules) * 1:24112 <-> DISABLED <-> SERVER-WEBAPP inTouch SQL injection in index.php user attempt (server-webapp.rules) * 1:24113 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 ieframe.dll ActiveX clsid access (browser-plugins.rules) * 1:24114 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic avoid_underscore_tolower encoder (indicator-shellcode.rules) * 1:24115 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24116 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24117 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24118 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24119 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:2412 <-> DISABLED <-> INDICATOR-COMPROMISE successful cross site scripting forced download attempt (indicator-compromise.rules) * 1:24120 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24121 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24122 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Demtranc variant outbound connection (malware-backdoor.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:24125 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24127 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.DistTrack propagation - QUERY_PATH_INFO csrss.exe (indicator-compromise.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules) * 1:24129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:2413 <-> DISABLED <-> SERVER-OTHER ISAKMP delete hash with empty hash attempt (server-other.rules) * 1:24130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel catLabel pointer manipulation attempt (file-office.rules) * 1:24131 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24132 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24133 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24134 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24135 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24136 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24137 <-> DISABLED <-> OS-WINDOWS Visual Studio Team Web Access console cross site scripting attempt (os-windows.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:2414 <-> DISABLED <-> SERVER-OTHER ISAKMP initial contact notification without SPI attempt (server-other.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:24143 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt query for machine name KASPERSKY (malware-other.rules) * 1:24144 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt download (malware-other.rules) * 1:24145 <-> ENABLED <-> MALWARE-OTHER Dorifel/Quervar/XDocCrypt sent over email (malware-other.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:24148 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:2415 <-> DISABLED <-> SERVER-OTHER ISAKMP second payload initial contact notification without SPI attempt (server-other.rules) * 1:24150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TrueType font corrupt header attempt (file-pdf.rules) * 1:24151 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TrueType font corrupt header attempt (file-pdf.rules) * 1:24152 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24153 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24156 <-> DISABLED <-> FILE-IDENTIFY .rtx file download request (file-identify.rules) * 1:24157 <-> ENABLED <-> FILE-IDENTIFY .rtx file attachment detected (file-identify.rules) * 1:24158 <-> ENABLED <-> FILE-IDENTIFY .rtx file attachment detected (file-identify.rules) * 1:24159 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:2416 <-> DISABLED <-> PROTOCOL-FTP invalid MDTM command attempt (protocol-ftp.rules) * 1:24160 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24161 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24162 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24163 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24164 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24165 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24166 <-> DISABLED <-> FILE-OTHER AOL Desktop RTX file parsing buffer overflow attempt (file-other.rules) * 1:24167 <-> DISABLED <-> INDICATOR-OBFUSCATION document write of unescaped value with remote script (indicator-obfuscation.rules) * 1:24168 <-> DISABLED <-> INDICATOR-OBFUSCATION hidden iframe - potential include of malicious content (indicator-obfuscation.rules) * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:2417 <-> DISABLED <-> PROTOCOL-FTP format string attempt (protocol-ftp.rules) * 1:24172 <-> DISABLED <-> SQL use of concat function with select - likely SQL injection (sql.rules) * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules) * 1:24174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules) * 1:24175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules) * 1:24176 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24177 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24178 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24179 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:2418 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Terminal Server no encryption session initiation attempt (policy-other.rules) * 1:24180 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24181 <-> DISABLED <-> FILE-OTHER eZip Wizard stack overflow attempt (file-other.rules) * 1:24182 <-> DISABLED <-> MALWARE-CNC Win.Worm.Helompy variant outbound connection (malware-cnc.rules) * 1:24184 <-> DISABLED <-> MALWARE-CNC Win.Worm.Rokiwobi variant outbound connection (malware-cnc.rules) * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules) * 1:24186 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24189 <-> DISABLED <-> FILE-IMAGE XPM file format overflow attempt (file-image.rules) * 1:2419 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> ENABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raven variant outbound connection (malware-cnc.rules) * 1:24192 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules) * 1:24193 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules) * 1:24194 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules) * 1:24195 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules) * 1:24196 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:24197 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:24198 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint name field cross site scripting attempt (server-webapp.rules) * 1:24199 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24200 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:24201 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24205 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24207 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24208 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules) * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules) * 1:24212 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules) * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules) * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24218 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> ENABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:24220 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:24225 <-> ENABLED <-> MALWARE-OTHER malicious redirection attempt (malware-other.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:2423 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24230 <-> DISABLED <-> FILE-OTHER RealNetworks Netzip Classic zip archive long filename buffer overflow attempt (file-other.rules) * 1:24231 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:24232 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24233 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24234 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit outbound connection (exploit-kit.rules) * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules) * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules) * 1:24237 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24238 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Heap overflow attempt (file-executable.rules) * 1:24239 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Internet Agent content-length integer overflow attempt (server-webapp.rules) * 1:2424 <-> DISABLED <-> PROTOCOL-NNTP sendsys overflow attempt (protocol-nntp.rules) * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24243 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - base64 encoded (malware-cnc.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24246 <-> DISABLED <-> BROWSER-PLUGINS AdminStudio and InstallShield ActiveX clsid access attempt (browser-plugins.rules) * 1:24247 <-> DISABLED <-> BROWSER-PLUGINS AdminStudio and InstallShield ActiveX clsid access attempt (browser-plugins.rules) * 1:24248 <-> DISABLED <-> BROWSER-PLUGINS AdminStudio and InstallShield ActiveX function call access attempt (browser-plugins.rules) * 1:24249 <-> DISABLED <-> BROWSER-PLUGINS AdminStudio and InstallShield ActiveX function call access attempt (browser-plugins.rules) * 1:2425 <-> DISABLED <-> PROTOCOL-NNTP senduuname overflow attempt (protocol-nntp.rules) * 1:24250 <-> DISABLED <-> SERVER-OTHER telephone URI to USSD code for factory reset (server-other.rules) * 1:24251 <-> DISABLED <-> OS-MOBILE Android/Fakelash.A!tr.spy trojan command and control channel traffic (os-mobile.rules) * 1:24252 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use embedded within javascript tags (browser-ie.rules) * 1:24253 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24254 <-> DISABLED <-> INDICATOR-COMPROMISE IP only webpage redirect attempt (indicator-compromise.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules) * 1:24257 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24258 <-> ENABLED <-> MALWARE-OTHER mygeeksmail.dll download (malware-other.rules) * 1:24259 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:2426 <-> DISABLED <-> PROTOCOL-NNTP version overflow attempt (protocol-nntp.rules) * 1:24260 <-> ENABLED <-> MALWARE-OTHER PwDump7.exe download (malware-other.rules) * 1:24261 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24262 <-> ENABLED <-> MALWARE-OTHER Lanman2.dll download (malware-other.rules) * 1:24263 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24264 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24265 <-> ENABLED <-> MALWARE-OTHER Malicious UA detected on non-standard port (malware-other.rules) * 1:24266 <-> DISABLED <-> FILE-PDF xpdf ObjectStream integer overflow (file-pdf.rules) * 1:24267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24269 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:2427 <-> DISABLED <-> PROTOCOL-NNTP checkgroups overflow attempt (protocol-nntp.rules) * 1:24270 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt (protocol-voip.rules) * 1:24271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Bancos variant outbound connection (malware-cnc.rules) * 1:24272 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24273 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:24274 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24275 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24276 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:24277 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24278 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:24279 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:2428 <-> DISABLED <-> PROTOCOL-NNTP ihave overflow attempt (protocol-nntp.rules) * 1:24280 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:24281 <-> DISABLED <-> BROWSER-PLUGINS Cisco Secure Desktop CSDWebInstaller ActiveX clsid access (browser-plugins.rules) * 1:24282 <-> DISABLED <-> BROWSER-PLUGINS Cisco Secure Desktop CSDWebInstaller ActiveX function call access (browser-plugins.rules) * 1:24283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules) * 1:24284 <-> ENABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nomno variant outbound connection (malware-cnc.rules) * 1:24286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lurk variant outbound connection (malware-cnc.rules) * 1:24287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Minitalviv variant outbound connection (malware-cnc.rules) * 1:24288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flexty variant outbound connection (malware-cnc.rules) * 1:24289 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS appliedTags field cross site scripting attempt (server-webapp.rules) * 1:2429 <-> DISABLED <-> PROTOCOL-NNTP sendme overflow attempt (protocol-nntp.rules) * 1:24290 <-> DISABLED <-> SERVER-OTHER Fortinet FortiOS appliedTags field cross site scripting attempt (server-other.rules) * 1:24291 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24292 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24293 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC buffer overflow attempt (server-other.rules) * 1:24294 <-> DISABLED <-> PROTOCOL-ICMP IPv6 neighbor advertisement flood attempt (protocol-icmp.rules) * 1:24295 <-> DISABLED <-> PROTOCOL-ICMP suspicious IPv6 router advertisement attempt (protocol-icmp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules) * 1:24297 <-> DISABLED <-> PROTOCOL-ICMP IPv6 oversized ICMP ping attempt (protocol-icmp.rules) * 1:24298 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xdeadbeef ICMP ping attempt (protocol-icmp.rules) * 1:24299 <-> DISABLED <-> PROTOCOL-ICMP IPv6 invalid router advertisement attempt (protocol-icmp.rules) * 1:243 <-> DISABLED <-> MALWARE-OTHER mstream agent to handler (malware-other.rules) * 1:2430 <-> DISABLED <-> PROTOCOL-NNTP newgroup overflow attempt (protocol-nntp.rules) * 1:24301 <-> DISABLED <-> PROTOCOL-ICMP IPv6 MLD multicast listener query attempt (protocol-icmp.rules) * 1:24302 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor delete attempt (protocol-icmp.rules) * 1:24303 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor add attempt (protocol-icmp.rules) * 1:24304 <-> DISABLED <-> PROTOCOL-DNS dead alive6 DNS attempt (protocol-dns.rules) * 1:24305 <-> DISABLED <-> PROTOCOL-ICMP invalid ICMPv6 header attempt (protocol-icmp.rules) * 1:24306 <-> DISABLED <-> SERVER-APACHE HP Operations Dashboard Apache Tomcat default admin account access attempt (server-apache.rules) * 1:24307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules) * 1:24308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules) * 1:2431 <-> DISABLED <-> PROTOCOL-NNTP rmgroup overflow attempt (protocol-nntp.rules) * 1:24311 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader download (malware-other.rules) * 1:24312 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Downloader inbound email (malware-other.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24314 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24315 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24316 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24317 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24318 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24319 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:2432 <-> DISABLED <-> PROTOCOL-NNTP article post without path attempt (protocol-nntp.rules) * 1:24320 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules) * 1:24322 <-> DISABLED <-> BROWSER-PLUGINS EMC ApplicationXtender Desktop ActiveX function call attempt (browser-plugins.rules) * 1:24323 <-> DISABLED <-> BROWSER-PLUGINS EMC ApplicationXtender Desktop ActiveX function call attempt (browser-plugins.rules) * 1:24324 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24325 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24326 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24327 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24328 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24329 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:2433 <-> DISABLED <-> SERVER-WEBAPP MDaemon form2raw.cgi overflow attempt (server-webapp.rules) * 1:24330 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24331 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24332 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24333 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:24335 <-> DISABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in buffer overflow attempt (browser-plugins.rules) * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:24338 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules) * 1:2434 <-> DISABLED <-> SERVER-WEBAPP MDaemon form2raw.cgi access (server-webapp.rules) * 1:24340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab initial CNC connection (malware-cnc.rules) * 1:24341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24342 <-> ENABLED <-> SERVER-WEBAPP JBoss web console access attempt (server-webapp.rules) * 1:24343 <-> ENABLED <-> SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (server-webapp.rules) * 1:24344 <-> DISABLED <-> EXPLOIT-KIT Unknown exploit kit redirection page (exploit-kit.rules) * 1:24345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drexonin variant outbound connection (malware-cnc.rules) * 1:24346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:24347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bloropac variant outbound connection (malware-cnc.rules) * 1:24348 <-> DISABLED <-> SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt (server-apache.rules) * 1:24349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules) * 1:24350 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:24351 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules) * 1:24352 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules) * 1:24353 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules) * 1:24354 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules) * 1:24355 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24356 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Reporting Services cross site scripting attempt (server-mssql.rules) * 1:24357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules) * 1:24358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules) * 1:24359 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:2436 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules) * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24368 <-> ENABLED <-> MALWARE-CNC Lizamoon sql injection campaign phone-home (malware-cnc.rules) * 1:24369 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign ur.php response detected (malware-cnc.rules) * 1:2437 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer arbitrary javascript command attempt (file-multimedia.rules) * 1:24370 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24371 <-> DISABLED <-> OS-LINUX Linux kernel IA32 out-of-bounds system call attempt (os-linux.rules) * 1:24372 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:24373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:24374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules) * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:24379 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:2438 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist file URL overflow attempt (file-multimedia.rules) * 1:24380 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules) * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules) * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:24386 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24387 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products xdomain object information disclosure attempt (browser-firefox.rules) * 1:24388 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro file upload (indicator-compromise.rules) * 1:24389 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro status check (indicator-compromise.rules) * 1:2439 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist http URL overflow attempt (file-multimedia.rules) * 1:24390 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start perl (indicator-compromise.rules) * 1:24391 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start php (indicator-compromise.rules) * 1:24392 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro write file (indicator-compromise.rules) * 1:24393 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro stop attack (indicator-compromise.rules) * 1:24394 <-> DISABLED <-> INDICATOR-COMPROMISE itsoknoproblembro start attack (indicator-compromise.rules) * 1:24395 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro TCP flood (malware-other.rules) * 1:24396 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro UDP flood (malware-other.rules) * 1:24397 <-> DISABLED <-> APP-DETECT Steam game URI handler (app-detect.rules) * 1:24398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules) * 1:24399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules) * 1:244 <-> DISABLED <-> MALWARE-OTHER mstream handler to agent (malware-other.rules) * 1:2440 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist rtsp URL overflow attempt (file-multimedia.rules) * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules) * 1:24401 <-> DISABLED <-> OS-WINDOWS PCT Client_Hello overflow attempt (os-windows.rules) * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules) * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules) * 1:24405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MiniFlame variant outbound connection (malware-cnc.rules) * 1:24408 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:24409 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Miniflame download attempt (malware-other.rules) * 1:2441 <-> DISABLED <-> SERVER-WEBAPP NetObserve authentication bypass attempt (server-webapp.rules) * 1:24410 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24411 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gauss download attempt (malware-other.rules) * 1:24412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRM encrypted file detected (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:2442 <-> DISABLED <-> SERVER-WEBAPP generic server user-agent buffer overflow attempt (server-webapp.rules) * 1:24420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Misun variant outbound connection (malware-cnc.rules) * 1:24421 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24422 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL injection attempt (protocol-scada.rules) * 1:24423 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24424 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi SQL hard coded user login attempt (protocol-scada.rules) * 1:24425 <-> DISABLED <-> PROTOCOL-SCADA Sinapsi command injection attempt (protocol-scada.rules) * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules) * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24432 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24433 <-> DISABLED <-> BROWSER-OTHER HTML5 canvas element heap spray attempt (browser-other.rules) * 1:24434 <-> DISABLED <-> INDICATOR-COMPROMISE fx29shell.php connection attempt (indicator-compromise.rules) * 1:24435 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules) * 1:24436 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules) * 1:24437 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules) * 1:24438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules) * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules) * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules) * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules) * 1:24443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:24446 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (server-other.rules) * 1:24447 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope DownloadFilesHandler directory traversal attempt (server-webapp.rules) * 1:24448 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope UploadFilesHandler directory traversal attempt (server-webapp.rules) * 1:24449 <-> DISABLED <-> MALWARE-CNC Java.Exploit.Agent variant outbound connection (malware-cnc.rules) * 1:24450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tibeli variant outbound connection (malware-cnc.rules) * 1:24451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quervar variant outbound connection (malware-cnc.rules) * 1:24452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:24453 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24454 <-> ENABLED <-> FILE-IDENTIFY Webm file attachment detected (file-identify.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24459 <-> ENABLED <-> FILE-IDENTIFY PSD file download request (file-identify.rules) * 1:2446 <-> DISABLED <-> SERVER-OTHER ICQ SRV_MULTI/SRV_META_USER overflow attempt - ISS Witty Worm (server-other.rules) * 1:24460 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24461 <-> ENABLED <-> FILE-IDENTIFY PSD file attachment detected (file-identify.rules) * 1:24462 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows WMF file magic detected (file-identify.rules) * 1:24466 <-> ENABLED <-> FILE-IDENTIFY PSD file magic detection (file-identify.rules) * 1:24467 <-> ENABLED <-> FILE-IDENTIFY XCF file download request (file-identify.rules) * 1:24468 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:24469 <-> ENABLED <-> FILE-IDENTIFY XCF file attachment detected (file-identify.rules) * 1:2447 <-> DISABLED <-> SERVER-WEBAPP ServletManager access (server-webapp.rules) * 1:24470 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24471 <-> ENABLED <-> FILE-IDENTIFY XCF file magic detection (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24474 <-> DISABLED <-> BROWSER-OTHER Puffin Browser usage detected (browser-other.rules) * 1:24476 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24477 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24478 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24479 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:2448 <-> DISABLED <-> SERVER-WEBAPP setinfo.hts access (server-webapp.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24481 <-> DISABLED <-> PROTOCOL-SCADA DATAC RealWin System buffer overflow attempt (protocol-scada.rules) * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules) * 1:24483 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24485 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24486 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:2449 <-> DISABLED <-> PROTOCOL-FTP ALLO overflow attempt (protocol-ftp.rules) * 1:24490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI common name spoofing attempt (os-windows.rules) * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules) * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules) * 1:24498 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24499 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:245 <-> DISABLED <-> MALWARE-OTHER mstream handler ping to agent (malware-other.rules) * 1:2450 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM successful logon (policy-social.rules) * 1:24500 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules) * 1:24502 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-graph_formula.php remote php code execution attempt (server-webapp.rules) * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules) * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24505 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BanSpy variant outbound connection (malware-cnc.rules) * 1:24506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24509 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:2451 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM voicechat (policy-social.rules) * 1:24510 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24511 <-> DISABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules) * 1:24515 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24516 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lucuis malware file download (malware-other.rules) * 1:24517 <-> DISABLED <-> SERVER-WEBAPP F5 Networks FirePass my.activation.php3 state parameter sql injection attempt (server-webapp.rules) * 1:24518 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code injection attempt (server-webapp.rules) * 1:24519 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code execution attempt (server-webapp.rules) * 1:2452 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM ping (policy-social.rules) * 1:24520 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:24521 <-> DISABLED <-> SERVER-WEBAPP OpenStack Compute directory traversal attempt (server-webapp.rules) * 1:24522 <-> DISABLED <-> SERVER-OTHER VxWorks RPC request to MGCP service attempt (server-other.rules) * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules) * 1:24525 <-> DISABLED <-> BROWSER-PLUGINS Samsung Kies arbitrary file execution attempt (browser-plugins.rules) * 1:24526 <-> DISABLED <-> BROWSER-PLUGINS Samsung Kies arbitrary file execution attempt (browser-plugins.rules) * 1:24527 <-> DISABLED <-> BROWSER-PLUGINS Samsung Kies arbitrary file execution attempt (browser-plugins.rules) * 1:24528 <-> DISABLED <-> BROWSER-PLUGINS Samsung Kies arbitrary file execution attempt (browser-plugins.rules) * 1:24529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begman variant connection to cnc-server (malware-cnc.rules) * 1:2453 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference invitation (policy-social.rules) * 1:24530 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Ransomlock runtime detection (malware-backdoor.rules) * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules) * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules) * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:24535 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24539 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:2454 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference logon success (policy-social.rules) * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules) * 1:24541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unebot variant outbound connection (malware-cnc.rules) * 1:24542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beystreet variant outbound connection (malware-cnc.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules) * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24549 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:2455 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference message (policy-social.rules) * 1:24550 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:24551 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24552 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24553 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24556 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24557 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24558 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:24559 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX clsid access (browser-plugins.rules) * 1:2456 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger File Transfer Receive Request (policy-social.rules) * 1:24560 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX function call access (browser-plugins.rules) * 1:24561 <-> DISABLED <-> SERVER-WEBAPP WordPress XSS fs-admin.php injection attempt (server-webapp.rules) * 1:24562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules) * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules) * 1:24564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helai variant outbound connection (malware-cnc.rules) * 1:24565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer variant outbound connection (malware-cnc.rules) * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olmarik variant outbound connection (malware-cnc.rules) * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules) * 1:24569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:2457 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM message (policy-social.rules) * 1:24570 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24571 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24572 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24573 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24574 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules) * 1:24576 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Barus variant outbound connection (malware-cnc.rules) * 1:24578 <-> DISABLED <-> BROWSER-PLUGINS Viscom Movie Player Pro DrawText ActiveX clsid access (browser-plugins.rules) * 1:24579 <-> DISABLED <-> BROWSER-PLUGINS Viscom Movie Player Pro DrawText ActiveX function call access (browser-plugins.rules) * 1:2458 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM successful chat join (policy-social.rules) * 1:24580 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24581 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24582 <-> DISABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Barkiofork variant outbound connection (malware-cnc.rules) * 1:24587 <-> DISABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules) * 1:24588 <-> DISABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules) * 1:24589 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:2459 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference offer invitation (policy-social.rules) * 1:24590 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24591 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24592 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24594 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.MiniFlame C&C command response attempt (malware-other.rules) * 1:24598 <-> DISABLED <-> POLICY-SPAM 1.usa.gov URL in email, possible spam redirect (policy-spam.rules) * 1:24599 <-> ENABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:246 <-> DISABLED <-> MALWARE-OTHER mstream agent pong to handler (malware-other.rules) * 1:2460 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference request (policy-social.rules) * 1:24600 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24601 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24602 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24603 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24604 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24605 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24606 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24607 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24609 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:2461 <-> DISABLED <-> POLICY-SOCIAL Yahoo IM conference watch (policy-social.rules) * 1:24610 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24611 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24612 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24613 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24614 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24615 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24616 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24617 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24618 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24619 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:2462 <-> DISABLED <-> SERVER-OTHER Ethereal IGMP IGAP account overflow attempt (server-other.rules) * 1:24620 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24621 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24622 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:24623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:24625 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24626 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24627 <-> DISABLED <-> SERVER-OTHER Quest NetVault SmartDisk libnvbasics.dll denial of service attempt (server-other.rules) * 1:24628 <-> DISABLED <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt (server-webapp.rules) * 1:24629 <-> DISABLED <-> SERVER-WEBAPP Oracle Fusion Middleware WebCenter selectedLocale parameter sql injection attempt (server-webapp.rules) * 1:2463 <-> DISABLED <-> SERVER-OTHER Ethereal IGMP IGAP message overflow attempt (server-other.rules) * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules) * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules) * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules) * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules) * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules) * 1:24635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Dycler variant outbound connection (malware-cnc.rules) * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:24639 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 122 invalid function call attempt (protocol-rpc.rules) * 1:2464 <-> DISABLED <-> SERVER-OTHER Ethereal EIGRP prefix length overflow attempt (server-other.rules) * 1:24640 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24641 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24642 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX code execution attempt (server-webapp.rules) * 1:24643 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules) * 1:24644 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX clsid access attempt (browser-plugins.rules) * 1:24645 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX clsid access attempt (browser-plugins.rules) * 1:24646 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX clsid access attempt (browser-plugins.rules) * 1:24647 <-> DISABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (server-webapp.rules) * 1:24648 <-> DISABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24649 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24650 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24651 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file download request (file-identify.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:24653 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 table th element use after free attempt (browser-ie.rules) * 1:24654 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 table th element use after free attempt (browser-ie.rules) * 1:24655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET fully qualified System.Data.dll assembly name exploit attempt (os-windows.rules) * 1:24657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:24658 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24659 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record code execution attempt (file-office.rules) * 1:24660 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 style properties use after free attempt (browser-ie.rules) * 1:24661 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 style properties use after free attempt (browser-ie.rules) * 1:24662 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer button object use after free memory corruption attempt (browser-ie.rules) * 1:24663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer button object use after free memory corruption attempt (browser-ie.rules) * 1:24664 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24665 <-> DISABLED <-> FILE-EXECUTABLE Microsoft .NET blacklisted method reflection sandbox bypass attempt (file-executable.rules) * 1:24667 <-> DISABLED <-> EXPLOIT-KIT KaiXin exploit kit attack vector attempt (exploit-kit.rules) * 1:24668 <-> DISABLED <-> EXPLOIT-KIT KaiXin exploit kit attack vector attempt (exploit-kit.rules) * 1:24669 <-> ENABLED <-> EXPLOIT-KIT KaiXin exploit kit attack vector attempt (exploit-kit.rules) * 1:24670 <-> ENABLED <-> EXPLOIT-KIT KaiXin exploit kit attack vector attempt (exploit-kit.rules) * 1:24672 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:24673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record invalid length memory corruption attempt (file-office.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24677 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix server open PDU denial of service attempt (server-other.rules) * 1:24678 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24679 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24680 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24681 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24682 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24683 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24684 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24685 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24686 <-> DISABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (server-other.rules) * 1:24687 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:24688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:24689 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules) * 1:24690 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX clsid access attempt (browser-plugins.rules) * 1:24691 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX clsid access attempt (browser-plugins.rules) * 1:24692 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX clsid access attempt (browser-plugins.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24694 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24695 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24696 <-> DISABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (protocol-rpc.rules) * 1:24697 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:24698 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:247 <-> DISABLED <-> MALWARE-OTHER mstream client to handler (malware-other.rules) * 1:24700 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24701 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24707 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24708 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24711 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24712 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24713 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24714 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24715 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24716 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24717 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24718 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24719 <-> ENABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24720 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP keypad button message denial of service attempt (protocol-voip.rules) * 1:24721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader empty object page tree node reference attempt (file-pdf.rules) * 1:24723 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access attempt (browser-plugins.rules) * 1:24724 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX function call access attempt (browser-plugins.rules) * 1:24725 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access attempt (browser-plugins.rules) * 1:24726 <-> DISABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX function call access attempt (browser-plugins.rules) * 1:24727 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24728 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24729 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24730 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24731 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24732 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24733 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24734 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24735 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24736 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24737 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish cross site scripting attempt (server-webapp.rules) * 1:24738 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24739 <-> DISABLED <-> SERVER-OTHER Gimp Script-Fu server buffer overflow attempt (server-other.rules) * 1:2474 <-> DISABLED <-> NETBIOS SMB-DS ADMIN$ share access (netbios.rules) * 1:24740 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Transaction Management flashtunnelservice arbitrary file deletion attempt (server-webapp.rules) * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24763 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24764 <-> DISABLED <-> FILE-PDF Sophos Antivirus PDF parsing stack overflow attempt (file-pdf.rules) * 1:24765 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter SRS request heap overflow attempt (server-webapp.rules) * 1:24766 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter SRS request arbitrary file download attempt (server-webapp.rules) * 1:24767 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter FSFUI request directory traversal attempt (server-webapp.rules) * 1:24768 <-> DISABLED <-> SERVER-OTHER RealPlayer Helix rn5auth credential overflow attempt (server-other.rules) * 1:24769 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24771 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24772 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:24773 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachement_Times ActiveX clsid access (browser-plugins.rules) * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24775 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24777 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:24785 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible redirection attempt (exploit-kit.rules) * 1:24786 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:24787 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit download (exploit-kit.rules) * 1:24788 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit request structure (exploit-kit.rules) * 1:24789 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit PDF Exploit download attempt (exploit-kit.rules) * 1:24790 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable request (exploit-kit.rules) * 1:24791 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit Portable Executable download (exploit-kit.rules) * 1:24792 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Google page (malware-cnc.rules) * 1:24793 <-> ENABLED <-> EXPLOIT-KIT KaiXin exploit kit Java Class download (exploit-kit.rules) * 1:24794 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit Class download attempt (exploit-kit.rules) * 1:24795 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit Class download attempt (exploit-kit.rules) * 1:24796 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit Class download attempt (exploit-kit.rules) * 1:24797 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit Class download attempt (exploit-kit.rules) * 1:24799 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:248 <-> DISABLED <-> MALWARE-OTHER mstream handler to client (malware-other.rules) * 1:24800 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Imuler suspicious download (malware-other.rules) * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (server-webapp.rules) * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules) * 1:24803 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Real-Time Information Portal directory traversal attempt (protocol-scada.rules) * 1:24804 <-> DISABLED <-> SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt (server-webapp.rules) * 1:24805 <-> DISABLED <-> SERVER-OTHER lighthttpd connection header denial of service attempt (server-other.rules) * 1:24806 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess directory traversal attempt - POST request (server-webapp.rules) * 1:24807 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess directory traversal attempt - GET request (server-webapp.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24814 <-> DISABLED <-> PROTOCOL-SNMP Samsung printer default community string (protocol-snmp.rules) * 1:24815 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> ENABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24823 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:24824 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24827 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24828 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24829 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24830 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24831 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24832 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24833 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24834 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24835 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24836 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24839 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:2484 <-> DISABLED <-> SERVER-WEBAPP source.jsp access (server-webapp.rules) * 1:24840 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - JAR redirection (exploit-kit.rules) * 1:24841 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit outbound JAR download attempt (exploit-kit.rules) * 1:2485 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton Internet Security 2004 ActiveX clsid access (browser-plugins.rules) * 1:24857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules) * 1:2486 <-> DISABLED <-> SERVER-OTHER ISAKMP invalid identification payload attempt (server-other.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules) * 1:24866 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24867 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS UNC mapped virtual host file source code access attempt (server-iis.rules) * 1:24868 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:24869 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:2487 <-> DISABLED <-> SERVER-MAIL WinZip MIME content-type buffer overflow (server-mail.rules) * 1:24870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24871 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24872 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:2488 <-> DISABLED <-> SERVER-MAIL WinZip MIME content-disposition buffer overflow (server-mail.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24883 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24884 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules) * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:24888 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:2489 <-> DISABLED <-> SERVER-OTHER esignal STREAMQUOTE buffer overflow attempt (server-other.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24897 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL grant file long database name stack overflow attempt (server-mysql.rules) * 1:24898 <-> DISABLED <-> SERVER-OTHER ABB Multiple Product RobNetScanHost.exe buffer overflow attempt (server-other.rules) * 1:24899 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:2490 <-> DISABLED <-> SERVER-OTHER esignal SNAPQUOTE buffer overflow attempt (server-other.rules) * 1:24900 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:24901 <-> ENABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24905 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24906 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24908 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL user enumeration attempt (server-mysql.rules) * 1:24909 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL select UpdateXML nested xml elements denial of service attempt (server-mysql.rules) * 1:24910 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL MDL free corrupted pointer heap overflow attempt (server-mysql.rules) * 1:24911 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24912 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24915 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:24917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules) * 1:24918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules) * 1:24955 <-> DISABLED <-> FILE-MULTIMEDIA AVI file chunk length integer overflow attempt (file-multimedia.rules) * 1:24956 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property use after free memory corruption attempt (browser-ie.rules) * 1:24957 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24958 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24959 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24960 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24961 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24962 <-> DISABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24963 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24964 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24965 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24966 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24967 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24968 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24969 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24970 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24972 <-> ENABLED <-> NETBIOS SMB Trans2 FIND_FIRST2 find file and directory info request (netbios.rules) * 1:24974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules) * 1:24975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules) * 1:24976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:24977 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection attempt (exploit-kit.rules) * 1:24978 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound payload request (exploit-kit.rules) * 1:24979 <-> ENABLED <-> EXPLOIT-KIT ProPack exploit kit outbound connection (exploit-kit.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:24988 <-> DISABLED <-> MALWARE-OTHER itsoknoproblembro v2 UDP flood attempt (malware-other.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24993 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:24995 <-> DISABLED <-> SERVER-OTHER Free Software Foundation GnuTLS record application integer overflow attempt (server-other.rules) * 1:24996 <-> DISABLED <-> SERVER-OTHER Free Software Foundation GnuTLS record application integer overflow attempt (server-other.rules) * 1:24997 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24998 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24999 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:250 <-> DISABLED <-> MALWARE-OTHER mstream handler to client (malware-other.rules) * 1:25000 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25001 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant outbound connection (malware-other.rules) * 1:25002 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Narilam variant inbound attachemtn (malware-other.rules) * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules) * 1:25004 <-> DISABLED <-> BROWSER-PLUGINS ClearQuest session ActiveX control access (browser-plugins.rules) * 1:25005 <-> DISABLED <-> BROWSER-PLUGINS ClearQuest session ActiveX control access (browser-plugins.rules) * 1:25006 <-> DISABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25008 <-> DISABLED <-> SERVER-WEBAPP PmWiki pagelist injection attempt (server-webapp.rules) * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25012 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25013 <-> DISABLED <-> FILE-OTHER Sophos CAB CFDATA cbData overflow attempt (file-other.rules) * 1:25014 <-> ENABLED <-> FILE-IDENTIFY Microsoft proxy autoconfig script file magic detected (file-identify.rules) * 1:25015 <-> ENABLED <-> MALWARE-BACKDOOR Arucer backdoor traffic - NOP command attempt (malware-backdoor.rules) * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25017 <-> DISABLED <-> SERVER-WEBAPP httpdx tolog function format string code execution attempt (server-webapp.rules) * 1:25018 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:25019 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules) * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules) * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules) * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules) * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules) * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules) * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules) * 1:25031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant outbound connection (malware-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules) * 1:25036 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit form elements virtual function DoS attempt (browser-webkit.rules) * 1:25037 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25038 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25039 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25040 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25041 <-> ENABLED <-> EXPLOIT-KIT Java User-Agent flowbit set (exploit-kit.rules) * 1:25042 <-> DISABLED <-> EXPLOIT-KIT Java User-Agent downloading Portable Executable - Possible exploit kit (exploit-kit.rules) * 1:25043 <-> ENABLED <-> EXPLOIT-KIT Blackholev2 exploit kit url structure detected (exploit-kit.rules) * 1:25044 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25046 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:25047 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:25048 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit PDF Library exploit download (exploit-kit.rules) * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules) * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:25051 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit landing page redirection (exploit-kit.rules) * 1:25052 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit Java Exploit requested - 3 digit (exploit-kit.rules) * 1:25053 <-> DISABLED <-> EXPLOIT-KIT Redkit outbound class retrieval (exploit-kit.rules) * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules) * 1:25057 <-> DISABLED <-> PROTOCOL-SCADA Tridium Niagara directory traversal config.bog access attempt (protocol-scada.rules) * 1:25058 <-> DISABLED <-> SERVER-OTHER IBM Director CIM server alert indication request dll injection attempt (server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25060 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveX multiple adjacent object tags (indicator-obfuscation.rules) * 1:25061 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Software Installer MSI binary file magic detected (file-executable.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25063 <-> DISABLED <-> SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt (server-webapp.rules) * 1:25064 <-> DISABLED <-> SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt (server-webapp.rules) * 1:25065 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25066 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:25067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler variant outbound connection (malware-cnc.rules) * 1:25068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riler inbound connection (malware-cnc.rules) * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules) * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules) * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules) * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules) * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules) * 1:25078 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules) * 1:25079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules) * 1:2508 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (os-windows.rules) * 1:25080 <-> DISABLED <-> APP-DETECT Apple Messages push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25081 <-> DISABLED <-> APP-DETECT Apple Messages courier.push.apple.com DNS TXT request attempt (app-detect.rules) * 1:25082 <-> DISABLED <-> APP-DETECT Apple Messages client side certificate request attempt (app-detect.rules) * 1:25083 <-> DISABLED <-> APP-DETECT Apple Messages service server request attempt (app-detect.rules) * 1:25084 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25085 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25086 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25087 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25088 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25089 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25090 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25091 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool suspicious file download (malware-other.rules) * 1:25092 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool variant outbound connection (malware-other.rules) * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules) * 1:25094 <-> ENABLED <-> MALWARE-OTHER PERL.Exploit.C99 suspicious file download (malware-other.rules) * 1:25095 <-> ENABLED <-> MALWARE-OTHER HTML.Exploit.C99 suspicious file download (malware-other.rules) * 1:25096 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25097 <-> ENABLED <-> MALWARE-OTHER PHP.Exploit.C99 suspicious file download (malware-other.rules) * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules) * 1:251 <-> DISABLED <-> PROTOCOL-ICMP - TFN client command LE (protocol-icmp.rules) * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:25101 <-> DISABLED <-> SERVER-OTHER Cisco IOS syslog message flood denial of service attempt (server-other.rules) * 1:25102 <-> DISABLED <-> SERVER-OTHER Zabbix Agent net.tcp.listen command injection attempt (server-other.rules) * 1:25103 <-> DISABLED <-> SERVER-OTHER Zabbix Server arbitrary command execution attempt (server-other.rules) * 1:25104 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway directory traversal attempt (server-webapp.rules) * 1:25105 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway directory traversal attempt (server-webapp.rules) * 1:25106 <-> DISABLED <-> MALWARE-BACKDOOR UnrealIRCd backdoor command execution attempt (malware-backdoor.rules) * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:2511 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP lsass DsRolerUpgradeDownlevelServer overflow attempt (os-windows.rules) * 1:25111 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:25112 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25113 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25114 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25115 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:25116 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25117 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25118 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules) * 1:25120 <-> DISABLED <-> SERVER-WEBAPP W3 Total Cache for Wordpress access - likely information disclosure (server-webapp.rules) * 1:25121 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25122 <-> DISABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25123 <-> DISABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25124 <-> DISABLED <-> BROWSER-OTHER suspicious named empty form detected (browser-other.rules) * 1:25125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25126 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25127 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25128 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25129 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25130 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25131 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25132 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25133 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25134 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25136 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection (exploit-kit.rules) * 1:25137 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules) * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules) * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules) * 1:25140 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download request (exploit-kit.rules) * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules) * 1:25225 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:25226 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:25227 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25228 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules) * 1:2523 <-> DISABLED <-> SERVER-OTHER BGP spoofed connection reset attempt (server-other.rules) * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules) * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25232 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25233 <-> DISABLED <-> BROWSER-FIREFOX appendChild multiple parent nodes stack corruption attempt (browser-firefox.rules) * 1:25234 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:25236 <-> DISABLED <-> SERVER-WEBAPP WikkaWikki php code injection attempt (server-webapp.rules) * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules) * 1:25238 <-> DISABLED <-> SERVER-WEBAPP OpenX server file upload PHP code execution attempt (server-webapp.rules) * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules) * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules) * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules) * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules) * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules) * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:25247 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25248 <-> DISABLED <-> FILE-OTHER Lattice PAC Designer symbol value buffer overflow attempt (file-other.rules) * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules) * 1:25250 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25251 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25252 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:25253 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:25254 <-> DISABLED <-> BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX clsid access attempt (browser-plugins.rules) * 1:25255 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit redirection attempt (exploit-kit.rules) * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules) * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules) * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules) * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules) * 1:25260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozila (malware-cnc.rules) * 1:25261 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE (malware-cnc.rules) * 1:25262 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IEToolbar (malware-cnc.rules) * 1:25263 <-> DISABLED <-> SERVER-WEBAPP fraudulent digital certificate for google.com detected (server-webapp.rules) * 1:25264 <-> DISABLED <-> SERVER-WEBAPP revoked subsidiary CA certificate for e-islem.kktcmerkezbankasi.org detected (server-webapp.rules) * 1:25265 <-> DISABLED <-> SERVER-WEBAPP revoked subsidiary CA certificate for ego.gov.tr detected (server-webapp.rules) * 1:25266 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25267 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion Admin API arbitrary command execution attempt (server-other.rules) * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules) * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:25270 <-> DISABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25272 <-> DISABLED <-> SERVER-WEBAPP Microsoft System Center Operations Manager cross site scripting attempt (server-webapp.rules) * 1:25273 <-> DISABLED <-> SERVER-WEBAPP Microsoft SCOM Web Console cross-site scripting attempt (server-webapp.rules) * 1:25274 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:25275 <-> ENABLED <-> FILE-OTHER MSXML dynamic pointer casting arbitrary code execution attempt (file-other.rules) * 1:25276 <-> DISABLED <-> SERVER-OTHER Digium Asterisk oversized Content-Length memory corruption attempt (server-other.rules) * 1:25277 <-> ENABLED <-> MALWARE-OTHER Request for a non-legit postal receipt (malware-other.rules) * 1:25278 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25279 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25280 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25281 <-> DISABLED <-> MALWARE-BACKDOOR Htran banner (malware-backdoor.rules) * 1:25282 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - listen (malware-backdoor.rules) * 1:25283 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - slave (malware-backdoor.rules) * 1:25284 <-> DISABLED <-> MALWARE-BACKDOOR possible Htran setup command - tran (malware-backdoor.rules) * 1:25285 <-> DISABLED <-> SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt (server-other.rules) * 1:25286 <-> DISABLED <-> SERVER-WEBAPP MoinMoin arbitrary file upload attempt (server-webapp.rules) * 1:25287 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules) * 1:25288 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules) * 1:25289 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25290 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript arbitrary memory reading attempt (browser-firefox.rules) * 1:25293 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25294 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25295 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25296 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25297 <-> DISABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25298 <-> DISABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25299 <-> DISABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules) * 1:253 <-> DISABLED <-> PROTOCOL-DNS SPOOF query response PTR with TTL of 1 min. and no authority (protocol-dns.rules) * 1:25300 <-> DISABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules) * 1:25301 <-> ENABLED <-> EXPLOIT-KIT redirect to malicious java archive attempt (exploit-kit.rules) * 1:25302 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar archive download (exploit-kit.rules) * 1:25303 <-> DISABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules) * 1:25304 <-> DISABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25309 <-> DISABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:25310 <-> DISABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:25311 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25314 <-> DISABLED <-> OS-LINUX Linux kernel IGMP queries denial of service attempt (os-linux.rules) * 1:25315 <-> DISABLED <-> SERVER-ORACLE Oracle TNS listener service registration (server-oracle.rules) * 1:25316 <-> DISABLED <-> BROWSER-PLUGINS InduSoft ISSymbol InternationalSeparator heap overflow attempt (browser-plugins.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25320 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:25321 <-> DISABLED <-> SERVER-ORACLE Oracle Database tablefunc_asown buffer overflow attempt (server-oracle.rules) * 1:25329 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:25330 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:25331 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:25332 <-> DISABLED <-> FILE-OTHER Adobe Audition Session file tkrm stack buffer overflow attempt (file-other.rules) * 1:25333 <-> DISABLED <-> PROTOCOL-DNS Exim DKIM decoding buffer overflow attempt (protocol-dns.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25341 <-> DISABLED <-> FILE-OTHER Cisco WebEx player remote code execution attempt (file-other.rules) * 1:25342 <-> DISABLED <-> SERVER-OTHER ISC dhcpd bootp request missing options field DOS attempt (server-other.rules) * 1:25343 <-> DISABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:25344 <-> DISABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:25345 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Web interface arbitrary command execution attempt (server-webapp.rules) * 1:25346 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25347 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25348 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25352 <-> DISABLED <-> SERVER-OTHER HP HP Intelligent Management Center syslog remote code execution attempt (server-other.rules) * 1:25353 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25354 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25355 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25356 <-> DISABLED <-> SERVER-OTHER Squid Gopher response processing buffer overflow attempt (server-other.rules) * 1:25357 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:25358 <-> ENABLED <-> APP-DETECT Acunetix web vulnerability scan attempt (app-detect.rules) * 1:25359 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner probe attempt (app-detect.rules) * 1:25360 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner authentication attempt (app-detect.rules) * 1:25361 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner RFI attempt (app-detect.rules) * 1:25362 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner base64 XSS attempt (app-detect.rules) * 1:25363 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner URI injection attempt (app-detect.rules) * 1:25364 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner prompt XSS attempt (app-detect.rules) * 1:25365 <-> DISABLED <-> APP-DETECT Acunetix web vulnerability scanner XSS attempt (app-detect.rules) * 1:25366 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules) * 1:25370 <-> DISABLED <-> SERVER-OTHER CakePHP unserialize method vulnerability exploitation attempt (server-other.rules) * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules) * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules) * 1:25373 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file download request (file-identify.rules) * 1:25374 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25375 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime Targa Image file attachment detected (file-identify.rules) * 1:25376 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25378 <-> DISABLED <-> FILE-IMAGE Apple QuickTime Targa image file buffer overflow attempt (file-image.rules) * 1:25380 <-> DISABLED <-> SERVER-OTHER EMC AutoStart domain name logging stack buffer overflow attempt (server-other.rules) * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25383 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.exe (exploit-kit.rules) * 1:25384 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.exe (exploit-kit.rules) * 1:25385 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.exe (exploit-kit.rules) * 1:25386 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.exe (exploit-kit.rules) * 1:25387 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.exe (exploit-kit.rules) * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25389 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25390 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page - specific structure (exploit-kit.rules) * 1:25391 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit obfuscated payload download (exploit-kit.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25393 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules) * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules) * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules) * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules) * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules) * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules) * 1:254 <-> DISABLED <-> PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority (protocol-dns.rules) * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules) * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:2545 <-> DISABLED <-> SERVER-OTHER AFP FPLoginExt username buffer overflow attempt (server-other.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25453 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25454 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25459 <-> DISABLED <-> FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected (file-pdf.rules) * 1:2546 <-> DISABLED <-> PROTOCOL-FTP MDTM overflow attempt (protocol-ftp.rules) * 1:25460 <-> DISABLED <-> FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected (file-pdf.rules) * 1:25461 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25462 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:25466 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25467 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:2547 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin remote file upload attempt (server-other.rules) * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules) * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:25472 <-> DISABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25473 <-> DISABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25474 <-> DISABLED <-> SERVER-OTHER Citrix Access Gateway legacy authentication attempt (server-other.rules) * 1:25475 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules) * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules) * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25478 <-> DISABLED <-> POLICY-SOCIAL IRC G-line active (policy-social.rules) * 1:25479 <-> DISABLED <-> POLICY-SOCIAL IRC K-line active (policy-social.rules) * 1:2548 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin setinfo access attempt (server-other.rules) * 1:2549 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:255 <-> DISABLED <-> PROTOCOL-DNS dns zone transfer via TCP detected (protocol-dns.rules) * 1:2550 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp XM file buffer overflow attempt (file-other.rules) * 1:25502 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft GDI EMF malformed file buffer overflow attempt (file-multimedia.rules) * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules) * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules) * 1:2551 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache GET overflow attempt (server-other.rules) * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:25512 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSsend variant outbound connection (os-mobile.rules) * 1:25513 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25514 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25515 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:25516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25518 <-> DISABLED <-> OS-MOBILE Apple iPod User-Agent detected (os-mobile.rules) * 1:25519 <-> DISABLED <-> OS-MOBILE Apple iPad User-Agent detected (os-mobile.rules) * 1:2552 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache HEAD overflow attempt (server-other.rules) * 1:25520 <-> DISABLED <-> OS-MOBILE Apple iPhone User-Agent detected (os-mobile.rules) * 1:25521 <-> DISABLED <-> OS-MOBILE Android User-Agent detected (os-mobile.rules) * 1:25522 <-> DISABLED <-> OS-MOBILE Nokia User-Agent detected (os-mobile.rules) * 1:25523 <-> DISABLED <-> OS-MOBILE Samsung User-Agent detected (os-mobile.rules) * 1:25524 <-> DISABLED <-> OS-MOBILE Kindle User-Agent detected (os-mobile.rules) * 1:25525 <-> DISABLED <-> OS-OTHER Nintendo User-Agent detected (os-other.rules) * 1:25527 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TextCharsAtom record buffer overflow attempt (file-office.rules) * 1:25528 <-> DISABLED <-> SERVER-WEBAPP Moveable Type unauthenticated remote command execution attempt (server-webapp.rules) * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:2553 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache PUT overflow attempt (server-other.rules) * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25535 <-> DISABLED <-> PROTOCOL-SERVICES Cisco Prime Lan Management rsh command execution attempt (protocol-services.rules) * 1:25536 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25537 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25538 <-> ENABLED <-> EXPLOIT-KIT Red Dot landing page (exploit-kit.rules) * 1:25539 <-> ENABLED <-> EXPLOIT-KIT Red Dot java retrieval attempt (exploit-kit.rules) * 1:2554 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache POST overflow attempt (server-other.rules) * 1:25540 <-> ENABLED <-> EXPLOIT-KIT Red Dot executable retrieval attempt (exploit-kit.rules) * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules) * 1:25542 <-> DISABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (protocol-rpc.rules) * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules) * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules) * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules) * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules) * 1:25547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules) * 1:25549 <-> DISABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:2555 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache TRACE overflow attempt (server-other.rules) * 1:25550 <-> DISABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:25551 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dipasik variant outbound connection (malware-cnc.rules) * 1:25552 <-> DISABLED <-> SERVER-OTHER Rails JSON to YAML parsing deserialization attempt (server-other.rules) * 1:25553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules) * 1:25556 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative user credential retrieval attempt (server-other.rules) * 1:25557 <-> DISABLED <-> SERVER-OTHER RaySharp CCTV derivative command injection attempt (server-other.rules) * 1:25558 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit redirection (exploit-kit.rules) * 1:25559 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page retrieval (exploit-kit.rules) * 1:2556 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache DELETE overflow attempt (server-other.rules) * 1:25560 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25561 <-> ENABLED <-> EXPLOIT-KIT JDB exploit kit landing page (exploit-kit.rules) * 1:25562 <-> DISABLED <-> FILE-JAVA Oracle Java obfuscated jar file download attempt (file-java.rules) * 1:25563 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25564 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap-based buffer overflow attempt (file-pdf.rules) * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:25567 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop web access cross site scripting attempt - POST request (os-windows.rules) * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:2557 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache LOCK overflow attempt (server-other.rules) * 1:25570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medialabs variant outbound connection (malware-cnc.rules) * 1:25572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:25577 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs possible URI with encrypted POST (malware-cnc.rules) * 1:25578 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:25579 <-> ENABLED <-> MALWARE-OTHER Fake bookinginfo HTTP Response phishing attack (malware-other.rules) * 1:2558 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MKCOL overflow attempt (server-other.rules) * 1:25580 <-> ENABLED <-> MALWARE-OTHER Fake bookingdetails HTTP Response phishing attack (malware-other.rules) * 1:25581 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25582 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25583 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25584 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25585 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25586 <-> DISABLED <-> SERVER-WEBAPP Nagios Core get_history buffer overflow attempt (server-webapp.rules) * 1:25587 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:25588 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:25589 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:2559 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache COPY overflow attempt (server-other.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:25592 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated document command - used in IFRAMEr tool injection (indicator-obfuscation.rules) * 1:25599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupboot variant outbound connection (malware-cnc.rules) * 1:256 <-> DISABLED <-> PROTOCOL-DNS named authors attempt (protocol-dns.rules) * 1:2560 <-> DISABLED <-> SERVER-OTHER Oracle Web Cache MOVE overflow attempt (server-other.rules) * 1:25600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dilavtor variant outbound connection (malware-cnc.rules) * 1:25601 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25602 <-> ENABLED <-> SERVER-OTHER Sybase Open Server TDS login request (server-other.rules) * 1:25603 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login packet stack memory corruption attempt (server-other.rules) * 1:25604 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file download request (file-identify.rules) * 1:25605 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25606 <-> ENABLED <-> FILE-IDENTIFY cSounds.com Csound audio file file attachment detected (file-identify.rules) * 1:25607 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25608 <-> DISABLED <-> FILE-OTHER cSounds.com Csound hetro audio file buffer overflow attempt (file-other.rules) * 1:25609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:2561 <-> DISABLED <-> SERVER-OTHER rsync backup-dir directory traversal attempt (server-other.rules) * 1:25610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mofsmall variant outbound connection (malware-cnc.rules) * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules) * 1:25612 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25615 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25616 <-> DISABLED <-> OS-MOBILE Apple iOS 6.x jailbreak download attempt (os-mobile.rules) * 1:25617 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25618 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25619 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:2562 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO file upload attempt (server-webapp.rules) * 1:25620 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25621 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25622 <-> DISABLED <-> BROWSER-OTHER Opera use after free attempt (browser-other.rules) * 1:25623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jimpime variant outbound connection (malware-cnc.rules) * 1:25625 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daws variant outbound connection (malware-cnc.rules) * 1:25626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules) * 1:25628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant connect to cnc-server (malware-cnc.rules) * 1:2563 <-> DISABLED <-> NETBIOS NS lookup response name overflow attempt (netbios.rules) * 1:25630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Document remote code execution attempt (file-office.rules) * 1:25632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Golisy variant outbound connection (malware-cnc.rules) * 1:25633 <-> DISABLED <-> FILE-OTHER ELF file parsing in different antivirus evasion attempt (file-other.rules) * 1:25634 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoder shellcode (indicator-shellcode.rules) * 1:25635 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25636 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25637 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25638 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25639 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:2564 <-> DISABLED <-> NETBIOS NS lookup short response attempt (netbios.rules) * 1:25640 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25641 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25642 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25643 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25644 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25645 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25646 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25647 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25648 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25649 <-> DISABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:2565 <-> DISABLED <-> SERVER-WEBAPP modules.php access (server-webapp.rules) * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:25652 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic variant outbound connection (malware-cnc.rules) * 1:25653 <-> DISABLED <-> BROWSER-OTHER Opera browser window null pointer dereference attempt (browser-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25657 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25658 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations directory traversal attempt (server-other.rules) * 1:25659 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - spam_bot (malware-cnc.rules) * 1:2566 <-> DISABLED <-> SERVER-WEBAPP PHPBB viewforum.php access (server-webapp.rules) * 1:25660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:25661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chowspy variant outbound connection (malware-cnc.rules) * 1:25663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rimod variant outbound connection (malware-cnc.rules) * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules) * 1:25665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sycomder variant outbound connection (malware-cnc.rules) * 1:25666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25668 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nflog variant outbound connection (malware-cnc.rules) * 1:25669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selasloot variant outbound connection (malware-cnc.rules) * 1:2567 <-> DISABLED <-> SERVER-WEBAPP Emumail init.emu access (server-webapp.rules) * 1:25670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:25671 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:25672 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules) * 1:25673 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.QQDragon variant outbound connection (malware-cnc.rules) * 1:25674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shimwoc variant outbound connection (malware-cnc.rules) * 1:25675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection (malware-cnc.rules) * 1:25676 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:2568 <-> DISABLED <-> SERVER-WEBAPP Emumail emumail.fcgi access (server-webapp.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25681 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25683 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:2569 <-> DISABLED <-> SERVER-WEBAPP cPanel resetpass access (server-webapp.rules) * 1:257 <-> DISABLED <-> PROTOCOL-DNS named version attempt (protocol-dns.rules) * 1:2570 <-> DISABLED <-> SERVER-WEBAPP invalid HTTP version string (server-webapp.rules) * 1:2571 <-> DISABLED <-> SERVER-IIS SmarterTools SmarterMail frmGetAttachment.aspx access (server-iis.rules) * 1:2572 <-> DISABLED <-> SERVER-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt (server-iis.rules) * 1:2573 <-> DISABLED <-> SERVER-IIS SmarterTools SmarterMail frmCompose.asp access (server-iis.rules) * 1:2574 <-> DISABLED <-> PROTOCOL-FTP RETR format string attempt (protocol-ftp.rules) * 1:2575 <-> DISABLED <-> SERVER-WEBAPP Opt-X header.php remote file include attempt (server-webapp.rules) * 1:2576 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.generate_replication_support buffer overflow attempt (server-oracle.rules) * 1:25764 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit Oracle Java file download (exploit-kit.rules) * 1:25765 <-> DISABLED <-> MALWARE-CNC Trojan Agent YEH variant outbound connection (malware-cnc.rules) * 1:25766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:25768 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unchecked index value remote code execution attempt (file-office.rules) * 1:25769 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:2577 <-> DISABLED <-> FILE-OTHER local resource redirection attempt (file-other.rules) * 1:25770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:25771 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer custom cursor file use after free attempt (browser-ie.rules) * 1:25772 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onbeforeeditfocus element attribute use after free attempt (browser-ie.rules) * 1:25773 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML shape object malformed path attempt (browser-ie.rules) * 1:25775 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer pre-line use after free attempt (browser-ie.rules) * 1:25776 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free memory corruption attempt (browser-ie.rules) * 1:25777 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free memory corruption attempt (browser-ie.rules) * 1:25778 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG use after free attempt (browser-ie.rules) * 1:25779 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:2578 <-> DISABLED <-> SERVER-OTHER kerberos principal name overflow UDP (server-other.rules) * 1:25780 <-> ENABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:25782 <-> DISABLED <-> MALWARE-OTHER WIN.Trojan.Nap Malicious executable file download from webroot (malware-other.rules) * 1:25783 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:25784 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer text layout calculation use after free attempt (browser-ie.rules) * 1:25785 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer text layout calculation use after free attempt (browser-ie.rules) * 1:25786 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 deleted object access memory corruption attempt (browser-ie.rules) * 1:25787 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 deleted object access memory corruption attempt (browser-ie.rules) * 1:25788 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe use after free attempt (browser-ie.rules) * 1:25789 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe use after free attempt (browser-ie.rules) * 1:2579 <-> DISABLED <-> SERVER-OTHER kerberos principal name overflow TCP (server-other.rules) * 1:25790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer compatibility mode invalid memory access attempt (browser-ie.rules) * 1:25791 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer compatibility mode invalid memory access attempt (browser-ie.rules) * 1:25792 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG object use after free attempt (browser-ie.rules) * 1:25793 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid Shift_JIS character xss attempt (browser-ie.rules) * 1:25794 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid Shift_JIS character xss attempt (browser-ie.rules) * 1:25795 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25796 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow MPEG heap overflow attempt (file-multimedia.rules) * 1:25797 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:25798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit 32-alpha jar request (exploit-kit.rules) * 1:25799 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit pdf request (exploit-kit.rules) * 1:258 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow via NXT records (server-other.rules) * 1:2580 <-> DISABLED <-> SERVER-WEBAPP server negative Content-Length attempt (server-webapp.rules) * 1:25800 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit Javascript request (exploit-kit.rules) * 1:25801 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit jar file request (exploit-kit.rules) * 1:25802 <-> DISABLED <-> EXPLOIT-KIT Stamp exploit kit encoded portable executable request (exploit-kit.rules) * 1:25803 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit jar file dropped (exploit-kit.rules) * 1:25804 <-> ENABLED <-> EXPLOIT-KIT Whitehole exploit kit malicious jar download attempt (exploit-kit.rules) * 1:25805 <-> ENABLED <-> EXPLOIT-KIT Whitehole exploit kit Java exploit retrieval (exploit-kit.rules) * 1:25806 <-> ENABLED <-> EXPLOIT-KIT Whitehole exploit kit landing page (exploit-kit.rules) * 1:25807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:2581 <-> DISABLED <-> SERVER-WEBAPP SAP Crystal Reports crystalimagehandler.aspx access (server-webapp.rules) * 1:25810 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25811 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25812 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25813 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player nested SWF cross domain clickjacking attempt (file-flash.rules) * 1:25815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:2582 <-> DISABLED <-> OS-WINDOWS SAP Crystal Reports crystalImageHandler.asp directory traversal attempt (os-windows.rules) * 1:25821 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit possible plugin detection attempt (exploit-kit.rules) * 1:25822 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious PDF retrieval (exploit-kit.rules) * 1:25823 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java V5 exploit download (exploit-kit.rules) * 1:25824 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit malicious payload retrieval (exploit-kit.rules) * 1:25825 <-> DISABLED <-> SERVER-OTHER TLSv1.0 plaintext recovery attempt (server-other.rules) * 1:25826 <-> DISABLED <-> SERVER-OTHER TLSv1.1 plaintext recovery attempt (server-other.rules) * 1:25827 <-> DISABLED <-> SERVER-OTHER TLSv1.2 plaintext recovery attempt (server-other.rules) * 1:25828 <-> DISABLED <-> SERVER-OTHER SSLv3 plaintext recovery attempt (server-other.rules) * 1:25829 <-> DISABLED <-> MALWARE-CNC Trojan Banker FTC variant outbound connection (malware-cnc.rules) * 1:2583 <-> DISABLED <-> SERVER-OTHER CVS Max-dotdot integer overflow attempt (server-other.rules) * 1:25830 <-> DISABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules) * 1:25831 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25833 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules) * 1:25834 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25835 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:25836 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Virtuallythere (indicator-compromise.rules) * 1:25837 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 IBM (indicator-compromise.rules) * 1:25838 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Webmail (indicator-compromise.rules) * 1:25839 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Alpha (indicator-compromise.rules) * 1:2584 <-> DISABLED <-> SERVER-OTHER eMule buffer overflow attempt (server-other.rules) * 1:25840 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Email (indicator-compromise.rules) * 1:25841 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Lame (indicator-compromise.rules) * 1:25842 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 NS (indicator-compromise.rules) * 1:25843 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Server (indicator-compromise.rules) * 1:25844 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Sur (indicator-compromise.rules) * 1:25845 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 AOL (indicator-compromise.rules) * 1:25846 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Yahoo (indicator-compromise.rules) * 1:25847 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 Moon-Night (indicator-compromise.rules) * 1:25848 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT1 No-Name (indicator-compromise.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:2585 <-> DISABLED <-> SERVER-WEBAPP nessus 2.x 404 probe (server-webapp.rules) * 1:25850 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25851 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25852 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25853 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt (browser-ie.rules) * 1:25854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:25855 <-> DISABLED <-> SERVER-WEBAPP Nagios XI alert cloud cross site scripting attempt (server-webapp.rules) * 1:25856 <-> DISABLED <-> PROTOCOL-TELNET Client env_opt_add Buffer Overflow attempt (protocol-telnet.rules) * 1:25863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.QBundle variant outbound connection (malware-cnc.rules) * 1:25864 <-> DISABLED <-> OS-MOBILE Android AngryBirdsRioUnlocker initial device info send (os-mobile.rules) * 1:25865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25868 <-> DISABLED <-> OS-MOBILE Android.Trojan.Rus.SMS outbound communication attempt (os-mobile.rules) * 1:25869 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:2587 <-> DISABLED <-> PUA-P2P eDonkey server response (pua-p2p.rules) * 1:25870 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25871 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25872 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25873 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25874 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25875 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25876 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25877 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25878 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25879 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:2588 <-> DISABLED <-> SERVER-WEBAPP TUTOS path disclosure attempt (server-webapp.rules) * 1:25880 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25881 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25882 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25883 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25884 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25885 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25886 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25887 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25888 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25889 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:25890 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25891 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25892 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25893 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25894 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25895 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25896 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25897 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25898 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25899 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:259 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow via NXT records named overflow ADM (server-other.rules) * 1:25900 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25901 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25902 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25903 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25904 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25905 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25906 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25907 <-> DISABLED <-> SERVER-WEBAPP PHPmyadmin brute force login attempt - User-Agent User-Agent (server-webapp.rules) * 1:25908 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25909 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25910 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25911 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25912 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25913 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25914 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25915 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25916 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25917 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25918 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25919 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25920 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25921 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25922 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25923 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25924 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25925 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25926 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25927 <-> DISABLED <-> MALWARE-TOOLS Dirt Jumper toolkit variant http flood attempt (malware-tools.rules) * 1:25928 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25929 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25930 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25931 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25932 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25933 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25934 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25935 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25936 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25937 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25938 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25939 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25940 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25941 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25942 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25943 <-> ENABLED <-> FILE-IDENTIFY Ogg file download request (file-identify.rules) * 1:25944 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25945 <-> ENABLED <-> FILE-IDENTIFY Ogg file attachment detected (file-identify.rules) * 1:25947 <-> DISABLED <-> APP-DETECT Ammyy remote access tool (app-detect.rules) * 1:25948 <-> ENABLED <-> EXPLOIT-KIT redirection to driveby download (exploit-kit.rules) * 1:25949 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound data connection (malware-cnc.rules) * 1:25969 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:2597 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization overflow attempt (server-webapp.rules) * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules) * 1:25973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boolflot variant outbound connection (malware-cnc.rules) * 1:25974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25975 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin interface access attempt (policy-other.rules) * 1:25976 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion admin API access attempt (policy-other.rules) * 1:25977 <-> ENABLED <-> POLICY-OTHER Adobe ColdFusion component browser access attempt (policy-other.rules) * 1:25978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:25979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lukprofin variant outbound connection (malware-cnc.rules) * 1:2598 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt (server-webapp.rules) * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules) * 1:25981 <-> DISABLED <-> APP-DETECT Chocoplayer successful installation (app-detect.rules) * 1:25983 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:25984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25986 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upof variant outbound connection (malware-cnc.rules) * 1:25988 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page (exploit-kit.rules) * 1:25989 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit landing page (exploit-kit.rules) * 1:2599 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_grouped_column buffer overflow attempt (server-oracle.rules) * 1:25990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules) * 1:25992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules) * 1:25994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:25995 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Banload variant outbound connection (malware-cnc.rules) * 1:25996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reswor variant outbound connection (malware-cnc.rules) * 1:25997 <-> DISABLED <-> OS-MOBILE Android jSMSHider initial encrypted device info send (os-mobile.rules) * 1:25998 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:25999 <-> DISABLED <-> OS-MOBILE Android ADRD encrypted information leak (os-mobile.rules) * 1:260 <-> DISABLED <-> SERVER-OTHER Bind Buffer Overflow via NXT records named overflow ADMROCKS (server-other.rules) * 1:26000 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26001 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26004 <-> DISABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26006 <-> DISABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML & Javascript SWF use-after-free execution attempt (file-flash.rules) * 1:26008 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:26009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF-based shellcode download attempt (file-flash.rules) * 1:2601 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_master_repgroup buffer overflow attempt (server-oracle.rules) * 1:26010 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> DISABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26013 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit redirection page received (exploit-kit.rules) * 1:26015 <-> DISABLED <-> OS-MOBILE Android Lovetrap initial connection (os-mobile.rules) * 1:26016 <-> DISABLED <-> OS-MOBILE Android GGTracker server communication (os-mobile.rules) * 1:26017 <-> DISABLED <-> OS-MOBILE Android GGTracker leak of device phone number (os-mobile.rules) * 1:26018 <-> DISABLED <-> OS-MOBILE Android GGTracker installation call out (os-mobile.rules) * 1:26019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredo variant outbound connection (malware-cnc.rules) * 1:26020 <-> ENABLED <-> EXPLOIT-KIT Sibhost exploit kit (exploit-kit.rules) * 1:26021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules) * 1:26022 <-> DISABLED <-> FILE-PDF EmbeddedFile contained within a PDF (file-pdf.rules) * 1:26023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant in.php outbound connection (malware-cnc.rules) * 1:26024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wecod variant outbound connection (malware-cnc.rules) * 1:26025 <-> ENABLED <-> INDICATOR-COMPROMISE Java user-agent request to svchost.jpg (indicator-compromise.rules) * 1:26026 <-> DISABLED <-> OS-MOBILE Android Gmaster device information send (os-mobile.rules) * 1:26027 <-> DISABLED <-> FILE-OTHER Adobe Director file file rcsL overflow attempt (file-other.rules) * 1:26028 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:26029 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:2603 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.create_mview_repgroup buffer overflow attempt (server-oracle.rules) * 1:26030 <-> ENABLED <-> FILE-OTHER Known malicious jar archive download attempt (file-other.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26034 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats access (exploit-kit.rules) * 1:26035 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - java on (exploit-kit.rules) * 1:26036 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java Exploit (exploit-kit.rules) * 1:26038 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java exploit download (exploit-kit.rules) * 1:26039 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Java exploit download (exploit-kit.rules) * 1:26040 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26041 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26042 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - stats loaded (exploit-kit.rules) * 1:26043 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - Portable Executable download attempt (exploit-kit.rules) * 1:26044 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - redirection attempt (exploit-kit.rules) * 1:26045 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit - setup (exploit-kit.rules) * 1:2605 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.compare_old_values buffer overflow attempt (server-oracle.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26059 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file magic detected (file-identify.rules) * 1:2606 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_repobject buffer overflow attempt (server-oracle.rules) * 1:26060 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:26061 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:26063 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file download request (file-identify.rules) * 1:26064 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26065 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docm file attachment detected (file-identify.rules) * 1:26066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26067 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26068 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:26070 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26071 <-> ENABLED <-> FILE-EXECUTABLE Ichitaro JSMISC32.dll dll-load exploit attempt (file-executable.rules) * 1:26072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locati variant outbound connection (malware-cnc.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26075 <-> DISABLED <-> MALWARE-CNC Bancos variant outbound connection SQL query POST data (malware-cnc.rules) * 1:26076 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:26077 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:26079 <-> DISABLED <-> FILE-PDF PDF file with embedded PDF object (file-pdf.rules) * 1:2608 <-> DISABLED <-> SERVER-ORACLE sysdbms_repcat_rgt.check_ddl_text buffer overflow attempt (server-oracle.rules) * 1:26081 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Suspected Crimepack (malware-cnc.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules) * 1:26083 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:26084 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26085 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:26086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exicon variant outbound connection (malware-cnc.rules) * 1:26087 <-> DISABLED <-> OS-MOBILE Android GoneIn60Seconds data upload (os-mobile.rules) * 1:26088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules) * 1:26089 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:2609 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.cancel_statistics buffer overflow attempt (server-oracle.rules) * 1:26090 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:26092 <-> ENABLED <-> INDICATOR-OBFUSCATION fromCharCode seen in exploit kit landing pages (indicator-obfuscation.rules) * 1:26093 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:26094 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page (exploit-kit.rules) * 1:26095 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:26096 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:26099 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection page (exploit-kit.rules) * 1:261 <-> DISABLED <-> SERVER-OTHER Bind named overflow attempt (server-other.rules) * 1:26100 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection page (exploit-kit.rules) * 1:26101 <-> ENABLED <-> INDICATOR-OBFUSCATION String.fromCharCode concatenation (indicator-obfuscation.rules) * 1:26102 <-> DISABLED <-> OS-MOBILE Android GoldDream device registration (os-mobile.rules) * 1:26103 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra ping request buffer overflow attempt (server-other.rules) * 1:26104 <-> DISABLED <-> OS-MOBILE Android KMin imei imsi leakage (os-mobile.rules) * 1:26105 <-> DISABLED <-> SERVER-OTHER BigAnt IM Server buffer overflow attempt (server-other.rules) * 1:26106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26109 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:2611 <-> DISABLED <-> SERVER-ORACLE LINK metadata buffer overflow attempt (server-oracle.rules) * 1:26110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26111 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26112 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26113 <-> DISABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:26114 <-> DISABLED <-> OS-MOBILE Android Zitmo trojan intercepted sms upload (os-mobile.rules) * 1:26115 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26116 <-> DISABLED <-> MALWARE-CNC NSIS.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarctox variant outbound connection (malware-cnc.rules) * 1:26118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:2612 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt (server-oracle.rules) * 1:26120 <-> DISABLED <-> MALWARE-CNC AutoIT.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26121 <-> DISABLED <-> MALWARE-CNC AutoIT.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26122 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26123 <-> DISABLED <-> FILE-OTHER Lattice Semiconductor ispXCF version attribute overflow attempt (file-other.rules) * 1:26124 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules) * 1:26125 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer text transform use after free attempt (browser-ie.rules) * 1:26126 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file download request (file-identify.rules) * 1:26127 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26128 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Explorer HTML Component file attachment detected (file-identify.rules) * 1:26129 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htc file use after free attempt (browser-ie.rules) * 1:26130 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htc file use after free attempt (browser-ie.rules) * 1:26131 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules) * 1:26132 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules) * 1:26133 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules) * 1:26134 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access memory corruption attempt (browser-ie.rules) * 1:26135 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules) * 1:26136 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules) * 1:26137 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onBeforeCopy use after free attempt (browser-ie.rules) * 1:26138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onBeforeCopy use after free attempt (browser-ie.rules) * 1:2614 <-> DISABLED <-> SERVER-ORACLE time_zone buffer overflow attempt (server-oracle.rules) * 1:2615 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_auth.grant_surrogate_repcat buffer overflow attempt (server-oracle.rules) * 1:26157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules) * 1:26158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules) * 1:26159 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules) * 1:26160 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules) * 1:26161 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules) * 1:26162 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules) * 1:26163 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26164 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:26165 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server directory traversal attempt (server-webapp.rules) * 1:26166 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server directory traversal attempt (server-webapp.rules) * 1:26167 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server directory traversal attempt (server-webapp.rules) * 1:26168 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CCaret use after free attempt (browser-ie.rules) * 1:26169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CCaret use after free attempt (browser-ie.rules) * 1:2617 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat.alter_mview_propagation buffer overflow attempt (server-oracle.rules) * 1:26170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26171 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote 2010 buffer overread info disclosure attempt (file-office.rules) * 1:26172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sortOn heap overflow attempt (file-flash.rules) * 1:26174 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:26176 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26177 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SXDB memory corruption attempt (file-office.rules) * 1:26178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules) * 1:26179 <-> DISABLED <-> SERVER-WEBAPP TP-Link http/tftp backdoor initiation attempt (server-webapp.rules) * 1:26180 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:26181 <-> DISABLED <-> BROWSER-PLUGINS Samsung NET-i viewer BackupToAvi ActiveX clsid access attempt (browser-plugins.rules) * 1:26182 <-> DISABLED <-> BROWSER-PLUGINS Samsung NET-i viewer BackupToAvi ActiveX function call access attempt (browser-plugins.rules) * 1:26183 <-> DISABLED <-> BROWSER-PLUGINS TRENDNet SecurView internet camera UltraMJCam ActiveX clsid access attempt (browser-plugins.rules) * 1:26184 <-> DISABLED <-> BROWSER-PLUGINS TRENDNet SecurView internet camera UltraMJCam ActiveX function call access attempt (browser-plugins.rules) * 1:26185 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules) * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules) * 1:26187 <-> DISABLED <-> BROWSER-PLUGINS McAfee Virtual Technician Security Bypass ActiveX clsid access attempt (browser-plugins.rules) * 1:26188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3.5 unicode stack overflow attempt (browser-firefox.rules) * 1:26189 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:2619 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_master_repobject buffer overflow attempt (server-oracle.rules) * 1:26190 <-> DISABLED <-> OS-MOBILE Android YZHC device registration (os-mobile.rules) * 1:26191 <-> DISABLED <-> SERVER-WEBAPP MobileCartly arbitrary PHP file upload attempt (server-webapp.rules) * 1:26192 <-> DISABLED <-> OS-MOBILE Android CruseWind imei leakage (os-mobile.rules) * 1:26193 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26194 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:262 <-> DISABLED <-> OS-LINUX x86 Linux overflow attempt (os-linux.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lobparck variant outbound connection (malware-cnc.rules) * 1:26202 <-> DISABLED <-> MALWARE-CNC VBS.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gupd variant outbound connection (malware-cnc.rules) * 1:26204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:26205 <-> DISABLED <-> OS-MOBILE Android Fakenetflix email password upload (os-mobile.rules) * 1:26206 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file download request (file-identify.rules) * 1:26207 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26208 <-> ENABLED <-> FILE-IDENTIFY CyberLink Power2Go file attachment detected (file-identify.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:2621 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_sna_utl.register_flavor_change buffer overflow attempt (server-oracle.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eldorado variant outbound connection (malware-cnc.rules) * 1:26212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules) * 1:26216 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26217 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26218 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26219 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26220 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26221 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26222 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26223 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26224 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26225 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditor object use after free attempt (browser-ie.rules) * 1:26226 <-> ENABLED <-> EXPLOIT-KIT Crimeboss exploit kit redirection attempt (exploit-kit.rules) * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26231 <-> DISABLED <-> FILE-PDF PDF version 1.1 with FlateDecode embedded - seen in exploit kits (file-pdf.rules) * 1:26232 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page (exploit-kit.rules) * 1:26233 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page (exploit-kit.rules) * 1:26238 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Snopexy variant outbound connection (malware-cnc.rules) * 1:26239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stehlox variant outbound connection (malware-cnc.rules) * 1:2624 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_admin.unregister_user_repgroup buffer overflow attempt (server-oracle.rules) * 1:26240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vkeikooc variant outbound connection (malware-cnc.rules) * 1:26241 <-> DISABLED <-> BROWSER-PLUGINS ActivePDF WebGrabber APWebGrb.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Troll variant outbound connection (malware-cnc.rules) * 1:26245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26246 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26247 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.PremiumSMS APK file download attempt (os-mobile.rules) * 1:26248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules) * 1:26249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Sonide variant outbound connection (malware-cnc.rules) * 1:26250 <-> DISABLED <-> BROWSER-PLUGINS Google Apps mailto URI argument injection attempt (browser-plugins.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26252 <-> ENABLED <-> EXPLOIT-KIT Impact exploit kit landing page (exploit-kit.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26257 <-> DISABLED <-> OS-MOBILE Android ANDR-WIN.MSIL variant PC-USB Malicious executable file download (os-mobile.rules) * 1:26258 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:26259 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari SVG Markers Memory Use-After-Free attempt (browser-webkit.rules) * 1:2626 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.send_old_values buffer overflow attempt (server-oracle.rules) * 1:26260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Vectmp variant outbound connection (malware-cnc.rules) * 1:26261 <-> ENABLED <-> MALWARE-OTHER Fake postal receipt HTTP Response phishing attack (malware-other.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules) * 1:26263 <-> DISABLED <-> SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt (server-webapp.rules) * 1:26264 <-> ENABLED <-> MALWARE-CNC Dapato banking Trojan variant outbound connection (malware-cnc.rules) * 1:26266 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:2627 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.repcat_import_check buffer overflow attempt (server-oracle.rules) * 1:26270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus v3 DGA DNS query detected (malware-cnc.rules) * 1:26272 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26273 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Chuli APK file download attempt (os-mobile.rules) * 1:26274 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules) * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:26278 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:26279 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi unauthenticated password reset attempt (server-webapp.rules) * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surok variant outbound connection (malware-cnc.rules) * 1:26285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Garveep variant outbound connection (malware-cnc.rules) * 1:26286 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.dnssearch.org (app-detect.rules) * 1:26287 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.namequery.com (app-detect.rules) * 1:26288 <-> DISABLED <-> MALWARE-CNC Brontok Worm variant outbound connection (malware-cnc.rules) * 1:26289 <-> DISABLED <-> MALWARE-CNC Daws Trojan Outbound Plaintext over SSL Port (malware-cnc.rules) * 1:2629 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_admin.register_user_repgroup buffer overflow attempt (server-oracle.rules) * 1:26290 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.RootSmart outbound communication attempt (os-mobile.rules) * 1:26291 <-> DISABLED <-> OS-MOBILE Android Ksapp device registration (os-mobile.rules) * 1:26292 <-> ENABLED <-> EXPLOIT-KIT Oracle Java Jar file downloaded when zip is defined (exploit-kit.rules) * 1:26293 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit request (exploit-kit.rules) * 1:26294 <-> ENABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules) * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules) * 1:26296 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:26297 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit redirection page (exploit-kit.rules) * 1:26298 <-> DISABLED <-> SERVER-WEBAPP Media Wiki script injection attempt (server-webapp.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules) * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26314 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26315 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26316 <-> DISABLED <-> SERVER-OTHER Coppermine Photo Gallery picEditor.php command execution attempt (server-other.rules) * 1:26317 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26318 <-> DISABLED <-> FILE-MULTIMEDIA Cool Player Plus M3U buffer overflow attempt (file-multimedia.rules) * 1:26319 <-> DISABLED <-> MALWARE-CNC file path used as User-Agent - potential Trojan (malware-cnc.rules) * 1:26320 <-> DISABLED <-> SERVER-WEBAPP Redmine SCM rev parameter command injection attempt (server-webapp.rules) * 1:26321 <-> DISABLED <-> NETBIOS SMB named pipe bruteforce attempt (netbios.rules) * 1:26323 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit redirection page (exploit-kit.rules) * 1:26324 <-> DISABLED <-> PROTOCOL-DNS ISC BIND NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:26326 <-> ENABLED <-> MALWARE-BACKDOOR DarkSeoul related wiper (malware-backdoor.rules) * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules) * 1:26328 <-> ENABLED <-> MALWARE-BACKDOOR Windows vernot download (malware-backdoor.rules) * 1:26329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:2633 <-> DISABLED <-> SERVER-ORACLE sys.dbms_rectifier_diff.rectify buffer overflow attempt (server-oracle.rules) * 1:26330 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:26331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qhost variant outbound connection (malware-cnc.rules) * 1:26332 <-> ENABLED <-> MALWARE-BACKDOOR Jokra dropper download (malware-backdoor.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26335 <-> DISABLED <-> MALWARE-CNC FBI Ransom Trojan variant outbound connection (malware-cnc.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26338 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr injection detection - leads to exploit kit (exploit-kit.rules) * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules) * 1:26340 <-> DISABLED <-> FILE-OTHER Corel WordPerfect document parsing buffer overflow attempt (file-other.rules) * 1:26341 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26342 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page - specific structure (exploit-kit.rules) * 1:26343 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page (exploit-kit.rules) * 1:26344 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page redirection (exploit-kit.rules) * 1:26345 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page (exploit-kit.rules) * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules) * 1:26348 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit delivery (exploit-kit.rules) * 1:26349 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit obfuscated portable executable (exploit-kit.rules) * 1:26350 <-> ENABLED <-> EXPLOIT-KIT TDS redirection - may lead to exploit kit (exploit-kit.rules) * 1:26351 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page redirection (exploit-kit.rules) * 1:26352 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated portable executable - seen in exploit kits (indicator-obfuscation.rules) * 1:26353 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to dyndns.org detected (indicator-compromise.rules) * 1:26354 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer expression clause in style tag cross site scripting attempt (browser-ie.rules) * 1:26355 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26356 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26357 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26358 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26359 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26360 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26361 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26362 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26363 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26364 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26365 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26366 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26367 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit outbound connection (exploit-kit.rules) * 1:26368 <-> DISABLED <-> EXPLOIT-KIT Egypack exploit kit landing page (exploit-kit.rules) * 1:26369 <-> ENABLED <-> MALWARE-OTHER Double HTTP Server declared (malware-other.rules) * 1:2637 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_master_repobject buffer overflow attempt (server-oracle.rules) * 1:26370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - ksa.txt (malware-cnc.rules) * 1:26371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - op POST (malware-cnc.rules) * 1:26372 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26373 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26374 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26377 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit java exploit request (exploit-kit.rules) * 1:26378 <-> DISABLED <-> BROWSER-PLUGINS Viscom Software Image Viewer ActiveX function call access (browser-plugins.rules) * 1:26379 <-> DISABLED <-> SERVER-OTHER Squid proxy Accept-Language denial of service attempt (server-other.rules) * 1:26380 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26381 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26382 <-> DISABLED <-> MALWARE-OTHER UTF-8 BOM in zip file attachment detected (malware-other.rules) * 1:26383 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page (exploit-kit.rules) * 1:26384 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page (exploit-kit.rules) * 1:26385 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file save onto SMB share attempt (file-executable.rules) * 1:26386 <-> DISABLED <-> SERVER-OTHER Polycom HDX authorization bypass attempt (server-other.rules) * 1:26387 <-> DISABLED <-> OS-MOBILE Android Stels initial server contact (os-mobile.rules) * 1:26388 <-> DISABLED <-> OS-MOBILE Android Stels server response (os-mobile.rules) * 1:26389 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DUPF command arbitrary file upload attempt (server-other.rules) * 1:2639 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_mview_repgroup buffer overflow attempt (server-oracle.rules) * 1:26390 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DUPF command arbitrary file upload attempt (server-other.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:26392 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:26393 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX function call access (browser-plugins.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26395 <-> DISABLED <-> APP-DETECT Ufasoft bitcoin miner possible data upload (app-detect.rules) * 1:26397 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to myip.dnsomatic.com detected (indicator-compromise.rules) * 1:26398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:264 <-> DISABLED <-> OS-LINUX x86 Linux overflow attempt (os-linux.rules) * 1:2641 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_instantiate.drop_site_instantiation buffer overflow attempt (server-oracle.rules) * 1:26410 <-> DISABLED <-> INDICATOR-COMPROMISE IP address check to j.maxmind.com detected (indicator-compromise.rules) * 1:26411 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot folder snkb0ptz creation attempt SMB (malware-other.rules) * 1:26412 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot executable snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26413 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot Desktop.ini snkb0ptz.exe creation attempt SMB (malware-other.rules) * 1:26414 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server executable file upload attempt (protocol-scada.rules) * 1:26415 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules) * 1:26416 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26417 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26418 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:26419 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules) * 1:26420 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 onbeforeprint use after free attempt (browser-ie.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26422 <-> ENABLED <-> FILE-IDENTIFY Metalink File file attachment detected (file-identify.rules) * 1:26423 <-> ENABLED <-> FILE-IDENTIFY Metalink File file attachment detected (file-identify.rules) * 1:26424 <-> DISABLED <-> FILE-IDENTIFY Metalink File file download request (file-identify.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26427 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:26428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:2643 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla.ensure_not_published buffer overflow attempt (server-oracle.rules) * 1:26430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP malformed onStatus message type confusion attempt (file-flash.rules) * 1:26431 <-> DISABLED <-> SERVER-WEBAPP Apache mod_proxy_balancer cross site scripting attempt (server-webapp.rules) * 1:26432 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26433 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (malware-cnc.rules) * 1:26436 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center FaultDownloadServlet information disclosure attempt (server-webapp.rules) * 1:26437 <-> DISABLED <-> PUA-OTHER Bitcoin inbound response attempt (pua-other.rules) * 1:26438 <-> DISABLED <-> PUA-OTHER Bitcoin outbound request attempt (pua-other.rules) * 1:26439 <-> DISABLED <-> FILE-JAVA Oracle Java known malicious jar file download - specific structure (file-java.rules) * 1:2644 <-> DISABLED <-> SERVER-ORACLE from_tz buffer overflow attempt (server-oracle.rules) * 1:26440 <-> DISABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules) * 1:26441 <-> ENABLED <-> INDICATOR-OBFUSCATION Obfuscated javascript/html generated by myobfuscate.com detected (indicator-obfuscation.rules) * 1:26442 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26443 <-> DISABLED <-> OS-MOBILE Android MDK encrypted information leak (os-mobile.rules) * 1:26444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules) * 1:26448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakesig variant outbound connection (malware-cnc.rules) * 1:26449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:2645 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_instantiate.instantiate_offline buffer overflow attempt (server-oracle.rules) * 1:26450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:26451 <-> DISABLED <-> INDICATOR-OBFUSCATION g01pack Javascript substr function wrapper attempt (indicator-obfuscation.rules) * 1:26452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26453 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE File Stream Buffer Overflow attempt (file-office.rules) * 1:26454 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26455 <-> DISABLED <-> SERVER-OTHER UltraVNC Listening mode stack buffer overflow attempt (server-other.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26459 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26460 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26461 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26462 <-> DISABLED <-> FILE-OTHER Shadow Stream Recorder asx file buffer overflow attempt (file-other.rules) * 1:26463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linog.A variant outbound connection (malware-cnc.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magic variant inbound connection (malware-cnc.rules) * 1:26468 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26469 <-> DISABLED <-> SERVER-ORACLE Oracle WebCenter FatWire Satellite Server header injection on blobheadername2 attempt (server-oracle.rules) * 1:26470 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download (malware-other.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules) * 1:26472 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:26473 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26474 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26475 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26476 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26477 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26478 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26479 <-> DISABLED <-> SERVER-OTHER ActFax LPD Server data field buffer overflow attempt (server-other.rules) * 1:26480 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot fake PNG config file download without User-Agent (malware-cnc.rules) * 1:26482 <-> DISABLED <-> MALWARE-CNC Unknown Thinner Encrypted POST botnet C&C (malware-cnc.rules) * 1:26483 <-> DISABLED <-> SERVER-WEBAPP JavaScript tag in User-Agent field possible XSS attempt (server-webapp.rules) * 1:26484 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:26485 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:26486 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:26487 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:26488 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules) * 1:26489 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:2649 <-> DISABLED <-> SERVER-ORACLE Oracle 9i TNS Listener SERVICE_NAME Remote Buffer Overflow attempt (server-oracle.rules) * 1:26490 <-> ENABLED <-> BROWSER-OTHER Novell Messenger Client nim URI handler buffer overflow attempt (browser-other.rules) * 1:26491 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26497 <-> DISABLED <-> BROWSER-PLUGINS Siemens SIMATIC WinCC RegReader ActiveX vulnerable function access attempt (browser-plugins.rules) * 1:26498 <-> DISABLED <-> BROWSER-PLUGINS Siemens SIMATIC WinCC RegReader ActiveX vulnerable function access attempt (browser-plugins.rules) * 1:26499 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:265 <-> DISABLED <-> OS-LINUX x86 Linux overflow attempt ADMv2 (os-linux.rules) * 1:2650 <-> DISABLED <-> SERVER-ORACLE user name buffer overflow attempt (server-oracle.rules) * 1:26500 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:26501 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DDNF request stack buffer overflow attempt (server-other.rules) * 1:26502 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26503 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26504 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26505 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center IctDownloadServlet information disclosure attempt (server-webapp.rules) * 1:26508 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:26509 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit java payload detection (exploit-kit.rules) * 1:2651 <-> DISABLED <-> SERVER-ORACLE NUMTODSINTERVAL/NUMTOYMINTERVAL buffer overflow attempt (server-oracle.rules) * 1:26511 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit redirection structure (exploit-kit.rules) * 1:26513 <-> DISABLED <-> FILE-PDF PDF with large embedded JavaScript - JS string attempt (file-pdf.rules) * 1:26514 <-> ENABLED <-> FILE-IDENTIFY maplet file download attempt (file-identify.rules) * 1:26515 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26516 <-> ENABLED <-> FILE-IDENTIFY maplet file attachment detected (file-identify.rules) * 1:26517 <-> ENABLED <-> FILE-IDENTIFY maplet bin file download attempt (file-identify.rules) * 1:2652 <-> DISABLED <-> SERVER-ORACLE dbms_offline_og.begin_load buffer overflow attempt (server-oracle.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules) * 1:26523 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center ReportImgServlet information disclosure attempt (server-webapp.rules) * 1:26524 <-> DISABLED <-> BROWSER-PLUGINS Java security warning bypass through JWS attempt (browser-plugins.rules) * 1:26525 <-> DISABLED <-> BROWSER-PLUGINS Java security warning bypass through JWS attempt (browser-plugins.rules) * 1:26526 <-> ENABLED <-> EXPLOIT-KIT Portable Executable downloaded with bad DOS stub (exploit-kit.rules) * 1:26527 <-> ENABLED <-> EXPLOIT-KIT Unix.Backdoor.Cdorked possible blackhole request attempt (exploit-kit.rules) * 1:26528 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirect attempt (indicator-compromise.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:26530 <-> DISABLED <-> INDICATOR-COMPROMISE Unix.Backdoor.Cdorked redirected URI attempt (indicator-compromise.rules) * 1:26531 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26532 <-> ENABLED <-> MALWARE-OTHER Unix.Backdoor.Cdorked download attempt (malware-other.rules) * 1:26533 <-> DISABLED <-> MALWARE-CNC Unknown malware - Incorrect headers - Referer HTTP/1.0 (malware-cnc.rules) * 1:26534 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit portable executable download (exploit-kit.rules) * 1:26535 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page - specific structure (exploit-kit.rules) * 1:26536 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit landing page (exploit-kit.rules) * 1:26537 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit jar download detection (exploit-kit.rules) * 1:26538 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit landing page received (exploit-kit.rules) * 1:26539 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit pdf download detection (exploit-kit.rules) * 1:2654 <-> DISABLED <-> SERVER-WEBAPP PHPNuke Forum viewtopic SQL insertion attempt (server-webapp.rules) * 1:26540 <-> ENABLED <-> EXPLOIT-KIT iFramer injection - specific structure (exploit-kit.rules) * 1:26541 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit successful redirection - jnlp bypass (exploit-kit.rules) * 1:26542 <-> DISABLED <-> SERVER-OTHER Autonomy Ultraseek cs.html url parameter with url - possible malicious redirection attempt (server-other.rules) * 1:26543 <-> DISABLED <-> BROWSER-PLUGINS SafeNet ActiveX clsid access (browser-plugins.rules) * 1:26544 <-> DISABLED <-> BROWSER-PLUGINS SafeNet ActiveX clsid access (browser-plugins.rules) * 1:26545 <-> DISABLED <-> BROWSER-PLUGINS SafeNet ActiveX clsid access (browser-plugins.rules) * 1:26546 <-> DISABLED <-> BROWSER-PLUGINS SafeNet ActiveX clsid access (browser-plugins.rules) * 1:26547 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace remote code execution attempt (server-webapp.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:26549 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:2655 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin ExecuteFile admin access (server-other.rules) * 1:26550 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:26551 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:26552 <-> DISABLED <-> FILE-JAVA Oracle Java JRE reflection types public final field overwrite attempt (file-java.rules) * 1:26553 <-> DISABLED <-> PUA-ADWARE Win.Adware.BProtector browser hijacker dll list download attempt (pua-adware.rules) * 1:26557 <-> DISABLED <-> SERVER-WEBAPP Wordpress brute-force login attempt (server-webapp.rules) * 1:26558 <-> DISABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules) * 1:26559 <-> DISABLED <-> OS-OTHER DLink IP camera remote command execution vulnerability - access to vulnerable rtpd.cgi (os-other.rules) * 1:2656 <-> DISABLED <-> SERVER-WEBAPP SSLv2 Client_Hello Challenge Length overflow attempt (server-webapp.rules) * 1:26560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection - getcomando POST data (malware-cnc.rules) * 1:26561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26562 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit Spoofed Host Header .com- requests (exploit-kit.rules) * 1:26563 <-> DISABLED <-> MALWARE-CNC Harakit botnet traffic (malware-cnc.rules) * 1:26564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:26565 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26566 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26567 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded nop sled detected (indicator-obfuscation.rules) * 1:26568 <-> DISABLED <-> INDICATOR-OBFUSCATION eval of base64-encoded data (indicator-obfuscation.rules) * 1:26569 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer null object access attempt (browser-ie.rules) * 1:2657 <-> DISABLED <-> SERVER-WEBAPP SSLv2 Client_Hello with pad Challenge Length overflow attempt (server-webapp.rules) * 1:26571 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer null object access attempt (browser-ie.rules) * 1:26572 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer null object access attempt (browser-ie.rules) * 1:26573 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26574 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26576 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:26577 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules) * 1:26578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy/FakeAV Checkin with IE6 User-Agent (malware-cnc.rules) * 1:26584 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:26585 <-> DISABLED <-> INDICATOR-COMPROMISE config.inc.php in iframe (indicator-compromise.rules) * 1:26586 <-> DISABLED <-> SERVER-OTHER PostgreSQL database name command line injection attempt (server-other.rules) * 1:26587 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules) * 1:26588 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules) * 1:26590 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:26591 <-> ENABLED <-> EXPLOIT-KIT unknown exploit kit script injection attempt (exploit-kit.rules) * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules) * 1:26593 <-> DISABLED <-> SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt (server-webapp.rules) * 1:26594 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:26595 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript hex character extraction routine detected (indicator-obfuscation.rules) * 1:26596 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript fromCharCode xor decryption routine detected (indicator-obfuscation.rules) * 1:26597 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:26598 <-> DISABLED <-> FILE-OTHER .tar multiple antivirus evasion attempt (file-other.rules) * 1:26599 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:266 <-> DISABLED <-> OS-OTHER x86 FreeBSD overflow attempt (os-other.rules) * 1:26600 <-> ENABLED <-> EXPLOIT-KIT Impact/Stamp exploit kit landing page (exploit-kit.rules) * 1:26601 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:26602 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:26604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bydra variant outbound connection (malware-cnc.rules) * 1:26606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sosork variant outbound connection (malware-cnc.rules) * 1:26607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korlia variant outbound connection (malware-cnc.rules) * 1:26608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rocra variant outbound connection (malware-cnc.rules) * 1:26609 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Dockster variant outbound connection (malware-cnc.rules) * 1:26610 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26611 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Dulevco.A runtime detection (malware-backdoor.rules) * 1:26613 <-> DISABLED <-> MALWARE-CNC Medfos Trojan variant outbound connection (malware-cnc.rules) * 1:26615 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript substr rename attempt (indicator-obfuscation.rules) * 1:26616 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript indexOf rename attempt (indicator-obfuscation.rules) * 1:26617 <-> ENABLED <-> EXPLOIT-KIT iFramer injection - specific structure (exploit-kit.rules) * 1:26619 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26620 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple comment tags used in embedded RTF object - potentially malicious (indicator-obfuscation.rules) * 1:26621 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion adminapi information disclosure attempt (server-other.rules) * 1:26622 <-> DISABLED <-> BROWSER-IE Microsoft Windows Live Writer wlw protocol handler information disclosure attempt (browser-ie.rules) * 1:26623 <-> DISABLED <-> BROWSER-IE Microsoft Windows Live Writer wlw protocol handler information disclosure attempt (browser-ie.rules) * 1:26624 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7-9 VBScript JSON reference information disclosure attempt (browser-ie.rules) * 1:26625 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7-9 VBScript JSON reference information disclosure attempt (browser-ie.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules) * 1:26627 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26628 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio SVG external entity local file disclosure attempt (file-office.rules) * 1:26629 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setInterval focus use after free attempt (browser-ie.rules) * 1:2663 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUpGold instancename overflow attempt (server-webapp.rules) * 1:26630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispNode float css element use after free attempt (browser-ie.rules) * 1:26631 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispNode float css element use after free attempt (browser-ie.rules) * 1:26632 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows 2012 Server additional empty Accept-Encoding field denial of service attempt (server-webapp.rules) * 1:26633 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html reload loop attempt (browser-ie.rules) * 1:26634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:26635 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:26636 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOMTextNode object use after free attempt (browser-ie.rules) * 1:26637 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOMTextNode object use after free attempt (browser-ie.rules) * 1:26638 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML array with negative length memory corruption attempt (browser-ie.rules) * 1:26639 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XML digital signature transformation of digest value (browser-ie.rules) * 1:2664 <-> DISABLED <-> PROTOCOL-IMAP login format string attempt (protocol-imap.rules) * 1:26640 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XML digital signature transformation of digest value (browser-ie.rules) * 1:26641 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle memory corruption attempt (browser-ie.rules) * 1:26642 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle memory corruption attempt (browser-ie.rules) * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules) * 1:26644 <-> ENABLED <-> SERVER-OTHER SSL TLS DEFLATE compression detected (server-other.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules) * 1:26646 <-> DISABLED <-> BROWSER-PLUGINS Java security warning bypass through JWS attempt (browser-plugins.rules) * 1:26647 <-> DISABLED <-> BROWSER-PLUGINS Java security warning bypass through JWS attempt (browser-plugins.rules) * 1:26648 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26649 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:2665 <-> DISABLED <-> PROTOCOL-IMAP login literal format string attempt (protocol-imap.rules) * 1:26650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26651 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26653 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page - specific structure (exploit-kit.rules) * 1:26655 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.PCRat data upload (malware-backdoor.rules) * 1:26656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Travnet Botnet data upload (malware-cnc.rules) * 1:26657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:26658 <-> DISABLED <-> BROWSER-WEBKIT Possible Google Chrome Plugin install from non-trusted source (browser-webkit.rules) * 1:26659 <-> DISABLED <-> BROWSER-FIREFOX Possible Mozilla Firefox Plugin install from non-Mozilla source (browser-firefox.rules) * 1:2666 <-> DISABLED <-> PROTOCOL-POP PASS format string attempt (protocol-pop.rules) * 1:26660 <-> ENABLED <-> MALWARE-OTHER Fake delivery information phishing attack (malware-other.rules) * 1:26661 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:26662 <-> DISABLED <-> FILE-PDF PDF with click-to-launch executable (file-pdf.rules) * 1:26663 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:26664 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26665 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26666 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ANIMATECOLOR SMIL access attempt (browser-ie.rules) * 1:26667 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes playlist overflow attempt (file-multimedia.rules) * 1:26668 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer null object access attempt (browser-ie.rules) * 1:26669 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SyslogDownloadServlet information disclosure attempt (server-webapp.rules) * 1:2667 <-> DISABLED <-> SERVER-IIS ping.asp access (server-iis.rules) * 1:26670 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26671 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.KitM file download (malware-other.rules) * 1:26672 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26676 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:26677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:2668 <-> DISABLED <-> SERVER-WEBAPP processit access (server-webapp.rules) * 1:26680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant inbound run command from cnc (malware-cnc.rules) * 1:26682 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules) * 1:26683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shyape variant outbound connection (malware-cnc.rules) * 1:26684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neshax variant outbound connection (malware-cnc.rules) * 1:26685 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules) * 1:26686 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules) * 1:26687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26689 <-> DISABLED <-> OS-MOBILE Android Denofow phone information exfiltration (os-mobile.rules) * 1:2669 <-> DISABLED <-> SERVER-WEBAPP ibillpm.pl access (server-webapp.rules) * 1:26690 <-> DISABLED <-> MALWARE-CNC Miniduke server contact (malware-cnc.rules) * 1:26691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UFRStealer variant outbound connection (malware-cnc.rules) * 1:26692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyremoav variant outbound connection (malware-cnc.rules) * 1:26693 <-> DISABLED <-> OS-MOBILE Android Antammi device information exfiltration (os-mobile.rules) * 1:26694 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:26695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:26696 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - Abnormal HTTP Headers (malware-cnc.rules) * 1:26697 <-> DISABLED <-> MALWARE-CNC Cbeplay Ransomware variant outbound connection - POST Body (malware-cnc.rules) * 1:26698 <-> ENABLED <-> MALWARE-OTHER Compromised Website response - leads to Exploit Kit (malware-other.rules) * 1:26699 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:267 <-> DISABLED <-> OS-SOLARIS EXPLOIT sparc overflow attempt (os-solaris.rules) * 1:2670 <-> DISABLED <-> SERVER-WEBAPP pgpmail.pl access (server-webapp.rules) * 1:26700 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26701 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules) * 1:26702 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules) * 1:26703 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upero variant outbound connection (malware-cnc.rules) * 1:26704 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:26705 <-> DISABLED <-> OS-MOBILE Android Ewalls device information exfiltration (os-mobile.rules) * 1:26706 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26707 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26708 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26709 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:2671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer bitmap BitmapOffset integer overflow attempt (browser-ie.rules) * 1:26710 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:26711 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed ftCMO record remote code execution attempt (file-office.rules) * 1:26712 <-> DISABLED <-> MALWARE-CNC Kazy Trojan check-in (malware-cnc.rules) * 1:26713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 1 outbound traffic (malware-cnc.rules) * 1:26714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 2 outbound traffic (malware-cnc.rules) * 1:26715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev rev 3 outbound traffic (malware-cnc.rules) * 1:26716 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:2672 <-> DISABLED <-> SERVER-WEBAPP sresult.exe access (server-webapp.rules) * 1:26720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules) * 1:26721 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules) * 1:26722 <-> DISABLED <-> MALWARE-CNC Bancos fake JPG encrypted config file download (malware-cnc.rules) * 1:26723 <-> DISABLED <-> MALWARE-CNC Trojan Downloader7 (malware-cnc.rules) * 1:26724 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules) * 1:26725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:2673 <-> DISABLED <-> FILE-IMAGE libpng tRNS overflow attempt (file-image.rules) * 1:26730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:2674 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_delete_resolution buffer overflow attempt (server-oracle.rules) * 1:26740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26741 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:2675 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_rgt.instantiate_offline buffer overflow attempt (server-oracle.rules) * 1:26750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:26751 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules) * 1:26753 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispNode float css element use after free attempt (browser-ie.rules) * 1:26754 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispNode float css element use after free attempt (browser-ie.rules) * 1:26756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Datcaen variant outbound connection (malware-cnc.rules) * 1:26758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elefin variant outbound connection (malware-cnc.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules) * 1:26760 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26761 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:26764 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX clsid access (browser-plugins.rules) * 1:26765 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX function call access (browser-plugins.rules) * 1:26766 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX clsid access (browser-plugins.rules) * 1:26767 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp embed access (browser-plugins.rules) * 1:26768 <-> DISABLED <-> OS-MOBILE Android Fakedoc device information leakage (os-mobile.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules) * 1:2677 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_rgt.instantiate_online buffer overflow attempt (server-oracle.rules) * 1:26770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules) * 1:26772 <-> DISABLED <-> SERVER-OTHER Apache Struts2 skillName remote code execution attempt (server-other.rules) * 1:26773 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Midwgif.A runtime detection (malware-backdoor.rules) * 1:26774 <-> DISABLED <-> MALWARE-CNC Win.Worm.Luder variant outbound connection (malware-cnc.rules) * 1:26775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection HTTP Header Structure (malware-cnc.rules) * 1:26776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker variant outbound connection POST (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:26778 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex encrypted POST check-in (malware-cnc.rules) * 1:2678 <-> DISABLED <-> SERVER-ORACLE ctx_output.start_log buffer overflow attempt (server-oracle.rules) * 1:26780 <-> DISABLED <-> MALWARE-CNC cridex HTTP Response - default0.js (malware-cnc.rules) * 1:26783 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake APK file download (os-mobile.rules) * 1:26784 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nivdort variant outbound connection (malware-cnc.rules) * 1:26785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qrmon variant outbound connection (malware-cnc.rules) * 1:26786 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26787 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26788 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26789 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:2679 <-> DISABLED <-> SERVER-ORACLE sys.dbms_system.ksdwrt buffer overflow attempt (server-oracle.rules) * 1:26790 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26791 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant outbound connection (malware-cnc.rules) * 1:26793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbula variant initial CNC contact (malware-cnc.rules) * 1:26794 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center UAM acmServletDownload information disclosure attempt (server-webapp.rules) * 1:26795 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.ZertSecurity apk download (os-mobile.rules) * 1:26796 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.ZertSecurity encrypted information leak (malware-other.rules) * 1:26797 <-> DISABLED <-> SERVER-WEBAPP Mutiny editdocument servlet arbitrary file access attempt (server-webapp.rules) * 1:26798 <-> DISABLED <-> SERVER-WEBAPP Mutiny editdocument servlet arbitrary file upload attempt (server-webapp.rules) * 1:26799 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:2680 <-> DISABLED <-> SERVER-ORACLE ctxsys.driddlr.subindexpopulate buffer overflow attempt (server-oracle.rules) * 1:26800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26801 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:26802 <-> DISABLED <-> MALWARE-OTHER WIN.Worm.Beagle.AZ SMTP propagation detection (malware-other.rules) * 1:26803 <-> ENABLED <-> MALWARE-OTHER DNS data exfiltration attempt (malware-other.rules) * 1:26805 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit encrypted binary download (exploit-kit.rules) * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules) * 1:26807 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit landing page (exploit-kit.rules) * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules) * 1:26809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor.Tomvode variant outbound connection (malware-cnc.rules) * 1:2681 <-> DISABLED <-> SERVER-ORACLE mdsys.sdo_admin.sdo_code_size buffer overflow attempt (server-oracle.rules) * 1:26811 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Payment Page Request (malware-cnc.rules) * 1:26812 <-> DISABLED <-> MALWARE-CNC XP Fake Antivirus Check-in (malware-cnc.rules) * 1:26813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato CMS spambot check-in (malware-cnc.rules) * 1:26814 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from Linked-In Mailing Campaign (exploit-kit.rules) * 1:26815 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection user-agent (malware-cnc.rules) * 1:26816 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.KitM variant outbound connection (malware-cnc.rules) * 1:26817 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript regex embedded sandbox escape attempt (file-pdf.rules) * 1:26818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Zawat variant outbound connection (malware-cnc.rules) * 1:26819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:2682 <-> DISABLED <-> SERVER-ORACLE mdsys.md2.validate_geom buffer overflow attempt (server-oracle.rules) * 1:26820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Datash variant outbound connection (malware-cnc.rules) * 1:26822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules) * 1:26823 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Neshgai.A runtime detection (malware-backdoor.rules) * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules) * 1:26825 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules) * 1:26826 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake credential theft attempt (os-mobile.rules) * 1:26827 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Opfake device information disclosure attempt (os-mobile.rules) * 1:26828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uperti variant outbound connection (malware-cnc.rules) * 1:26829 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules) * 1:2683 <-> DISABLED <-> SERVER-ORACLE mdsys.md2.sdo_code_size buffer overflow attempt (server-oracle.rules) * 1:26830 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control access (file-office.rules) * 1:26831 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control access (file-office.rules) * 1:26832 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26833 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSComctlLib.Toolbar ActiveX control exploit attempt (file-office.rules) * 1:26834 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page in.php base64 uri (exploit-kit.rules) * 1:26835 <-> DISABLED <-> MALWARE-CNC RDN Banker POST variant outbound connection (malware-cnc.rules) * 1:26836 <-> DISABLED <-> MALWARE-CNC RDN Banker Strange Google Traffic (malware-cnc.rules) * 1:26837 <-> DISABLED <-> MALWARE-CNC BitBot Idle C2 response (malware-cnc.rules) * 1:26838 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit Initial Gate from NatPay Mailing Campaign (exploit-kit.rules) * 1:2684 <-> DISABLED <-> SERVER-ORACLE sys.ltutil.pushdeferredtxns buffer overflow attempt (server-oracle.rules) * 1:26840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules) * 1:26842 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Boda Malware Checkin (malware-backdoor.rules) * 1:26843 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 array element property use after free attempt (browser-ie.rules) * 1:26844 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 layout engine memory corruption attempt (browser-ie.rules) * 1:26845 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 insertImage with designMode on deleted object access attempt (browser-ie.rules) * 1:26846 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 insertImage with designMode on deleted object access attempt (browser-ie.rules) * 1:26847 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:26848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 emulation via meta tag (browser-ie.rules) * 1:26849 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript use after free attempt (browser-ie.rules) * 1:2685 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_rq.add_column buffer overflow attempt (server-oracle.rules) * 1:26850 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt (browser-ie.rules) * 1:26851 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 5 compatibility mode use after free attempt (browser-ie.rules) * 1:26852 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules) * 1:26853 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules) * 1:26854 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules) * 1:26855 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:26856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:26857 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:26858 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:26859 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:2686 <-> DISABLED <-> SERVER-ORACLE sys.dbms_rectifier_diff.differences buffer overflow attempt (server-oracle.rules) * 1:26860 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:26861 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:26862 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (file-image.rules) * 1:26863 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:26864 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:26865 <-> ENABLED <-> FILE-IMAGE Microsoft Multiple Products malformed PNG detected tEXt overflow attempt (file-image.rules) * 1:26866 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:26867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 select element deleted object access attempt (browser-ie.rules) * 1:26868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 select element deleted object access attempt (browser-ie.rules) * 1:26869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer double-free memory corruption attempt (browser-ie.rules) * 1:2687 <-> DISABLED <-> SERVER-ORACLE sys.dbms_internal_repcat.validate buffer overflow attempt (server-oracle.rules) * 1:26870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer double-free memory corruption attempt (browser-ie.rules) * 1:26871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer double-free memory corruption attempt (browser-ie.rules) * 1:26872 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer double-free memory corruption attempt (browser-ie.rules) * 1:26873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CSS rules cache use-after-free attempt (browser-ie.rules) * 1:26874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CSS rules cache use-after-free attempt (browser-ie.rules) * 1:26875 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNodeobject use-after-free attempt (browser-ie.rules) * 1:26876 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 cached display node use-after-free attempt (browser-ie.rules) * 1:26878 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 tree element use after free attempt (browser-ie.rules) * 1:26879 <-> DISABLED <-> BROWSER-OTHER local loopback address in html (browser-other.rules) * 1:2688 <-> DISABLED <-> SERVER-ORACLE sys.dbms_internal_repcat.enable_receiver_trace buffer overflow attempt (server-oracle.rules) * 1:26880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zotob.E gc.exe download (malware-cnc.rules) * 1:26881 <-> DISABLED <-> MALWARE-OTHER HTML.Dropper.Agent uri scheme detected (malware-other.rules) * 1:26882 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26883 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26884 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26885 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26886 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26887 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26888 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use after free memory corruption attempt (browser-ie.rules) * 1:26889 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use after free memory corruption attempt (browser-ie.rules) * 1:2689 <-> DISABLED <-> SERVER-ORACLE sys.dbms_internal_repcat.disable_receiver_trace buffer overflow attempt (server-oracle.rules) * 1:26890 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules) * 1:26891 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download (exploit-kit.rules) * 1:26892 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download (exploit-kit.rules) * 1:26893 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit landing page (exploit-kit.rules) * 1:26894 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V6 exploit download (exploit-kit.rules) * 1:26895 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Java V7 exploit download (exploit-kit.rules) * 1:26896 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit Plugin detection response (exploit-kit.rules) * 1:26897 <-> ENABLED <-> EXPLOIT-KIT Flashpack/Safe/CritX exploit kit malware download (exploit-kit.rules) * 1:26898 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager fakedriver exploit attempt (browser-plugins.rules) * 1:26899 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager fakedriver exploit attempt (browser-plugins.rules) * 1:2690 <-> DISABLED <-> SERVER-ORACLE sys.dbms_defer_repcat.enable_propagation_to_dblink buffer overflow attempt (server-oracle.rules) * 1:26900 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager exploit attempt (browser-plugins.rules) * 1:26901 <-> DISABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager exploit attempt (browser-plugins.rules) * 1:26902 <-> ENABLED <-> FILE-IDENTIFY Android APK download request (file-identify.rules) * 1:26903 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26904 <-> ENABLED <-> FILE-IDENTIFY Android APK download file attachment detected (file-identify.rules) * 1:26905 <-> DISABLED <-> SERVER-WEBAPP FosWiki and TWiki MAKETEXT macro memory consumption denial of service attempt (server-webapp.rules) * 1:26906 <-> DISABLED <-> SERVER-OTHER Foswiki/Twiki MAKETEXT command execution attempt (server-other.rules) * 1:26907 <-> DISABLED <-> SERVER-WEBAPP TWiki search function remote code execution attempt (server-webapp.rules) * 1:26908 <-> DISABLED <-> SERVER-WEBAPP TWiki search function remote code execution attempt (server-webapp.rules) * 1:26909 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF denial of service attempt (file-image.rules) * 1:2691 <-> DISABLED <-> SERVER-ORACLE sys.dbms_defer_internal_sys.parallel_push_recovery buffer overflow attempt (server-oracle.rules) * 1:26910 <-> DISABLED <-> MALWARE-CNC ZeroAccess Encrypted 128-byte POST No Accept Headers (malware-cnc.rules) * 1:26911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:26912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules) * 1:2692 <-> DISABLED <-> SERVER-ORACLE sys.dbms_aqadm_sys.verify_queue_types buffer overflow attempt (server-oracle.rules) * 1:26921 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Kazy download attempt (malware-other.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:26923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:26924 <-> DISABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:26925 <-> DISABLED <-> SQL generic convert injection attempt - GET parameter (sql.rules) * 1:26926 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:26927 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26929 <-> ENABLED <-> SERVER-WEBAPP SAP ConfigServlet command execution attempt (server-webapp.rules) * 1:2693 <-> DISABLED <-> SERVER-ORACLE sys.dbms_aqadm.verify_queue_types_no_queue buffer overflow attempt (server-oracle.rules) * 1:26930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules) * 1:26933 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26934 <-> ENABLED <-> MALWARE-OTHER Clickserver ad harvesting redirection attempt (malware-other.rules) * 1:26935 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer image download spoofing attempt (browser-ie.rules) * 1:26936 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer image download spoofing attempt (browser-ie.rules) * 1:26937 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer image download spoofing attempt (browser-ie.rules) * 1:26938 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage (os-mobile.rules) * 1:26939 <-> DISABLED <-> OS-MOBILE Android Tetus device information leakage variant (os-mobile.rules) * 1:2694 <-> DISABLED <-> SERVER-ORACLE sys.dbms_aqadm.verify_queue_types_get_nrp buffer overflow attempt (server-oracle.rules) * 1:26940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TripleNine RAT beacon (malware-cnc.rules) * 1:26941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT dropper download (malware-cnc.rules) * 1:26942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PipCreat RAT beacon (malware-cnc.rules) * 1:26943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Post_Show RAT beacon (malware-cnc.rules) * 1:26945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonal RAT beacon (malware-cnc.rules) * 1:26946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uptime RAT beacon (malware-cnc.rules) * 1:26947 <-> DISABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download (exploit-kit.rules) * 1:26948 <-> DISABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download (exploit-kit.rules) * 1:26949 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit landing page (exploit-kit.rules) * 1:2695 <-> DISABLED <-> SERVER-ORACLE sys.dbms_aq_import_internal.aq_table_defn_update buffer overflow attempt (server-oracle.rules) * 1:26951 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Malvertising Campaign URI request (exploit-kit.rules) * 1:26952 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcim variant outbound connection (malware-cnc.rules) * 1:26953 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-300/DIR-600 unauthenticated remote command execution attempt (server-webapp.rules) * 1:26954 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26955 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Talsab variant outbound connection (malware-cnc.rules) * 1:26956 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 1 (exploit-kit.rules) * 1:26957 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 2 (exploit-kit.rules) * 1:26958 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 3 (exploit-kit.rules) * 1:26959 <-> ENABLED <-> EXPLOIT-KIT Topic exploit kit outbound connection - 4 (exploit-kit.rules) * 1:2696 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_utl.is_master buffer overflow attempt (server-oracle.rules) * 1:26960 <-> ENABLED <-> EXPLOIT-KIT Zuponcic exploit kit landing page (exploit-kit.rules) * 1:26961 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit landing page (exploit-kit.rules) * 1:26962 <-> ENABLED <-> EXPLOIT-KIT Flim exploit kit portable executable download (exploit-kit.rules) * 1:26963 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jar request (exploit-kit.rules) * 1:26964 <-> DISABLED <-> EXPLOIT-KIT Flim exploit kit outbound jnlp request (exploit-kit.rules) * 1:26965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Facebook Secure Cryptor C2 (malware-cnc.rules) * 1:26966 <-> DISABLED <-> MALWARE-CNC Win32/Autorun.JN variant outbound connection (malware-cnc.rules) * 1:26967 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:26968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Data Theft POST Data (malware-cnc.rules) * 1:26969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi Trojan Data Theft POST URL (malware-cnc.rules) * 1:2697 <-> DISABLED <-> SERVER-ORACLE alter file buffer overflow attempt (server-oracle.rules) * 1:26970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:26973 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:26974 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image uploader ActiveX clsid access attempt (browser-plugins.rules) * 1:26975 <-> DISABLED <-> BROWSER-PLUGINS Aurigma Image uploader ActiveX function call access attempt (browser-plugins.rules) * 1:26976 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26977 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26978 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26979 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:2698 <-> DISABLED <-> SERVER-ORACLE create file buffer overflow attempt (server-oracle.rules) * 1:26980 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix snmp master agent denial of service attempt (server-other.rules) * 1:26981 <-> DISABLED <-> SERVER-WEBAPP WordPress login denial of service attempt (server-webapp.rules) * 1:26982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector Info Stealer Trojan variant outbound connection (malware-cnc.rules) * 1:26985 <-> ENABLED <-> EXPLOIT-KIT Rawin exploit kit outbound java retrieval (exploit-kit.rules) * 1:26986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xenil variant outbound connection (malware-cnc.rules) * 1:26987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:26988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNodeobject use-after-free attempt (browser-ie.rules) * 1:26989 <-> DISABLED <-> FILE-OTHER Multiple products ZIP archive virus detection bypass attempt (file-other.rules) * 1:2699 <-> DISABLED <-> SERVER-ORACLE TO_CHAR buffer overflow attempt (server-oracle.rules) * 1:26990 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:26991 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:26992 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:26993 <-> DISABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access Login URL Redirection attempt (server-webapp.rules) * 1:26994 <-> DISABLED <-> BROWSER-PLUGINS Oracle Javadoc generated frame replacement attempt (browser-plugins.rules) * 1:26995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:26997 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut variant outbound connection (malware-cnc.rules) * 1:26998 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Morcut file download (malware-cnc.rules) * 1:26999 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27000 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chinoxy variant outbound connection (malware-cnc.rules) * 1:27001 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks Remote Management overflow attempt (server-other.rules) * 1:27002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27005 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit Portable Executable downloaded when mp3 is declared (exploit-kit.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:27007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:27008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:2701 <-> DISABLED <-> SERVER-WEBAPP Oracle iSQLPlus sid overflow attempt (server-webapp.rules) * 1:27010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot payment .scr download (malware-cnc.rules) * 1:27012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant outbound connection (malware-cnc.rules) * 1:27013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:27014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant outbound connection (malware-cnc.rules) * 1:27015 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexplorer (malware-cnc.rules) * 1:27016 <-> DISABLED <-> OS-MOBILE Android AnserverBot initial contact (os-mobile.rules) * 1:27017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant inbound response connection (malware-cnc.rules) * 1:27018 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27019 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:2702 <-> DISABLED <-> SERVER-WEBAPP Oracle iSQLPlus username overflow attempt (server-webapp.rules) * 1:27020 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Layvam variant outbound connection (malware-cnc.rules) * 1:27022 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules) * 1:27024 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27025 <-> DISABLED <-> MALWARE-OTHER UNIX.Trojan.Netweird.A file download attempt (malware-other.rules) * 1:27026 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27028 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27029 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:2703 <-> DISABLED <-> SERVER-WEBAPP Oracle iSQLPlus login.uix username overflow attempt (server-webapp.rules) * 1:27030 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27031 <-> DISABLED <-> OS-MOBILE Android Satfi device information leakage (os-mobile.rules) * 1:27032 <-> DISABLED <-> OS-MOBILE Android Walkinwat / Wandt information leakage generic (os-mobile.rules) * 1:27033 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Transhell variant outbound connection user-agent (malware-cnc.rules) * 1:27034 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27035 <-> DISABLED <-> MALWARE-OTHER Win.Backdoor.Transhell file download (malware-other.rules) * 1:27036 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager modifyAccounts policy bypass attempt (server-other.rules) * 1:27037 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips sms send instructions (os-mobile.rules) * 1:27038 <-> DISABLED <-> OS-MOBILE Android Vidro / EClips device information leakage (os-mobile.rules) * 1:27039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnlineGameHack variant outbound connection (malware-cnc.rules) * 1:2704 <-> DISABLED <-> SERVER-WEBAPP Oracle 10g iSQLPlus login.unix connectID overflow attempt (server-webapp.rules) * 1:27040 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection jorg (exploit-kit.rules) * 1:27041 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection jlnp (exploit-kit.rules) * 1:27042 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection jovf (exploit-kit.rules) * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules) * 1:27045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker Download (malware-cnc.rules) * 1:27046 <-> DISABLED <-> APP-DETECT iodine dns tunneling handshake server ACK (app-detect.rules) * 1:27047 <-> DISABLED <-> INDICATOR-COMPROMISE Unknown ?1 redirect (indicator-compromise.rules) * 1:27049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dokstormac variant outbound connection (malware-cnc.rules) * 1:2705 <-> DISABLED <-> FILE-IMAGE Microsoft Multiple Products JPEG parser heap overflow attempt (file-image.rules) * 1:27050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Dokstormac file download (malware-other.rules) * 1:27052 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27053 <-> DISABLED <-> MALWARE-OTHER Trojan.Java.JVDrop.A jar file download attempt (malware-other.rules) * 1:27054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:27055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Yakes download attempt (malware-other.rules) * 1:27057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalbot variant outbound connection (malware-cnc.rules) * 1:27058 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.HackBack variant outbound connection (malware-cnc.rules) * 1:27059 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file download attempt (malware-other.rules) * 1:27060 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.HackBack file upload attempt (malware-other.rules) * 1:27061 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:27062 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:27063 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer file type spoofing attempt (browser-ie.rules) * 1:27064 <-> DISABLED <-> OS-MOBILE Android Spy2Mobile device information leakage (os-mobile.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27068 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar file download (exploit-kit.rules) * 1:27069 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious portable executable download (exploit-kit.rules) * 1:2707 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (file-image.rules) * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules) * 1:27073 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules) * 1:27074 <-> ENABLED <-> INDICATOR-OBFUSCATION obfuscated getElementsByTagName string - seen in exploit kits (indicator-obfuscation.rules) * 1:27075 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager ldapagnt_eval remote code execution attempt (server-other.rules) * 1:27076 <-> DISABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27077 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27078 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page - specific structure (exploit-kit.rules) * 1:27079 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit landing page stage 2 (exploit-kit.rules) * 1:2708 <-> DISABLED <-> SERVER-ORACLE dbms_offline_og.begin_flavor_change buffer overflow attempt (server-oracle.rules) * 1:27080 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Firefox exploit download - autopwn (exploit-kit.rules) * 1:27081 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit Internet Explorer exploit download - autopwn (exploit-kit.rules) * 1:27082 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit flash remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27083 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit jmxbean remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27084 <-> ENABLED <-> EXPLOIT-KIT Nailed exploit kit rhino remote code execution exploit download - autopwn (exploit-kit.rules) * 1:27085 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit Hostile Jar pipe.class (exploit-kit.rules) * 1:27086 <-> ENABLED <-> EXPLOIT-KIT Unknown Malvertising exploit kit stage-1 redirect (exploit-kit.rules) * 1:27089 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:2709 <-> DISABLED <-> SERVER-ORACLE dbms_offline_og.begin_instantiation buffer overflow attempt (server-oracle.rules) * 1:27090 <-> DISABLED <-> FILE-OFFICE Microsoft Office eps filters memory corruption attempt (file-office.rules) * 1:27091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Weavun variant outbound connection (malware-cnc.rules) * 1:27093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:27094 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken information disclosure attempt (os-mobile.rules) * 1:27095 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeToken APK file download attempt (os-mobile.rules) * 1:27096 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:27097 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence APK file download attempt (os-mobile.rules) * 1:27098 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence unsolicited sms attempt (os-mobile.rules) * 1:27099 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SMSSilence device information disclosure attempt (os-mobile.rules) * 1:271 <-> DISABLED <-> SERVER-OTHER UDP echo+chargen bomb (server-other.rules) * 1:27100 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer double-free memory corruption attempt (browser-ie.rules) * 1:27101 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer double-free memory corruption attempt (browser-ie.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27104 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27105 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27106 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27107 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit malicious jar download (exploit-kit.rules) * 1:27108 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit malicious jar file downloaded when exe is declared (exploit-kit.rules) * 1:27109 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit malicious jar download (exploit-kit.rules) * 1:2711 <-> DISABLED <-> SERVER-ORACLE dbms_offline_og.end_flavor_change buffer overflow attempt (server-oracle.rules) * 1:27110 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit outbound portable executable request (exploit-kit.rules) * 1:27111 <-> DISABLED <-> BROWSER-PLUGINS PcVue SVUIGrd.ocx ActiveX clsid access (browser-plugins.rules) * 1:27112 <-> DISABLED <-> BROWSER-PLUGINS PcVue SVUIGrd.ocx ActiveX function call access (browser-plugins.rules) * 1:27113 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt (exploit-kit.rules) * 1:27114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.xii variant outbound connection (malware-cnc.rules) * 1:27115 <-> ENABLED <-> MALWARE-OTHER DirtJumper denial of service attack traffic (malware-other.rules) * 1:27116 <-> DISABLED <-> OS-MOBILE Android Androrat device information leakage (os-mobile.rules) * 1:27117 <-> DISABLED <-> OS-MOBILE Android Androrat sms message leakage (os-mobile.rules) * 1:27118 <-> DISABLED <-> OS-MOBILE Android Androrat contact list leakage (os-mobile.rules) * 1:27119 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple plugin version detection attempt (indicator-obfuscation.rules) * 1:2712 <-> DISABLED <-> SERVER-ORACLE dbms_offline_og.end_instantiation buffer overflow attempt (server-oracle.rules) * 1:27120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27122 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 buffer overflow attempt (server-other.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27124 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1092 buffer overflow attempt (server-other.rules) * 1:27125 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:27126 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setCapture use after free attempt (browser-ie.rules) * 1:27127 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTreePos use-after-free attempt (browser-ie.rules) * 1:27128 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTreePos use-after-free attempt (browser-ie.rules) * 1:27129 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 use after free attempt (browser-ie.rules) * 1:2713 <-> DISABLED <-> SERVER-ORACLE dbms_offline_og.end_load buffer overflow attempt (server-oracle.rules) * 1:27130 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 use after free attempt (browser-ie.rules) * 1:27131 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CTreePos use after free attempt (browser-ie.rules) * 1:27132 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer PreviousTreePos use after free attempt (browser-ie.rules) * 1:27133 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer display node use after free attempt (browser-ie.rules) * 1:27134 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer display node use after free attempt (browser-ie.rules) * 1:27135 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTreePos use after free attempt (browser-ie.rules) * 1:27136 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:27137 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use after free memory corruption attempt (browser-ie.rules) * 1:27138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use after free memory corruption attempt (browser-ie.rules) * 1:27139 <-> ENABLED <-> OS-WINDOWS Microsoft Windows .NET CLR mutlidimensional array handling remote code execution attempt (os-windows.rules) * 1:2714 <-> DISABLED <-> SERVER-ORACLE dbms_offline_og.resume_subset_of_masters buffer overflow attempt (server-oracle.rules) * 1:27140 <-> DISABLED <-> EXPLOIT-KIT Private exploit kit numerically named exe file dowload (exploit-kit.rules) * 1:27141 <-> DISABLED <-> EXPLOIT-KIT Private exploit kit landing page (exploit-kit.rules) * 1:27142 <-> ENABLED <-> EXPLOIT-KIT Private exploit kit landing page (exploit-kit.rules) * 1:27143 <-> ENABLED <-> EXPLOIT-KIT Private exploit kit landing page (exploit-kit.rules) * 1:27144 <-> ENABLED <-> EXPLOIT-KIT Private exploit kit outbound traffic (exploit-kit.rules) * 1:27147 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 IE5 compatibility mode use after free attempt (browser-ie.rules) * 1:27148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer beforeeditfocus use after free exploit attempt (browser-ie.rules) * 1:27149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer beforeeditfocus use after free exploit attempt (browser-ie.rules) * 1:2715 <-> DISABLED <-> SERVER-ORACLE dbms_offline_snapshot.begin_load buffer overflow attempt (server-oracle.rules) * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27151 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27153 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27154 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer pElement member use after free attempt (browser-ie.rules) * 1:27156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column-count integer overflow attempt (browser-ie.rules) * 1:27157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column-count integer overflow attempt (browser-ie.rules) * 1:27158 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eliseantry variant outbound connection (malware-cnc.rules) * 1:27159 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pesut variant outbound connection (malware-cnc.rules) * 1:2716 <-> DISABLED <-> SERVER-ORACLE dbms_offline_snapshot.end_load buffer overflow attempt (server-oracle.rules) * 1:27160 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27161 <-> DISABLED <-> SERVER-WEBAPP Dasdec unauthenticated information disclosure vulnerability (server-webapp.rules) * 1:27162 <-> DISABLED <-> SERVER-WEBAPP Dasdec unauthenticated information disclosure vulnerability (server-webapp.rules) * 1:27163 <-> DISABLED <-> SERVER-WEBAPP Dasdec unauthenticated information disclosure vulnerability (server-webapp.rules) * 1:27164 <-> DISABLED <-> SERVER-WEBAPP Dasdec unauthenticated information disclosure vulnerability (server-webapp.rules) * 1:27166 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27167 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27168 <-> DISABLED <-> FILE-OTHER Microsoft Windows HLP File Handling heap overflow attempt (file-other.rules) * 1:27169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atezag variant outbound connection (malware-cnc.rules) * 1:2717 <-> DISABLED <-> SERVER-ORACLE dbms_rectifier_diff.differences buffer overflow attempt (server-oracle.rules) * 1:27170 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 buffer overflow attempt (server-other.rules) * 1:27171 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27173 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect mobility client activex clsid access attempt (browser-plugins.rules) * 1:27174 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Socket ActiveX clsid access (browser-plugins.rules) * 1:27175 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Socket ActiveX clsid access (browser-plugins.rules) * 1:27176 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Socket ActiveX clsid access (browser-plugins.rules) * 1:27177 <-> DISABLED <-> BROWSER-PLUGINS Chilkat Socket ActiveX clsid access (browser-plugins.rules) * 1:27178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wergimog variant outbound connection (malware-cnc.rules) * 1:27179 <-> DISABLED <-> BROWSER-PLUGINS Oracle document capture EMPOP3Lib ActiveX clsid access attempt (browser-plugins.rules) * 1:2718 <-> DISABLED <-> SERVER-ORACLE dbms_rectifier_diff.rectify buffer overflow attempt (server-oracle.rules) * 1:27182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27188 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27189 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:2719 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.abort_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:27190 <-> DISABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27192 <-> DISABLED <-> SERVER-WEBAPP DM Albums album.php remote file include attempt (server-webapp.rules) * 1:27193 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27194 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27195 <-> DISABLED <-> SERVER-OTHER Kerberos KDC null pointer dereference denial of service attempt (server-other.rules) * 1:27196 <-> DISABLED <-> SERVER-WEBAPP OpenEngine filepool.php remote file include attempt (server-webapp.rules) * 1:27197 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27198 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Pintsized file download attempt (malware-other.rules) * 1:27199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection GET Request (malware-cnc.rules) * 1:272 <-> DISABLED <-> OS-WINDOWS Microsoft WIndows IGMP dos attack (os-windows.rules) * 1:2720 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_column_group_to_flavor buffer overflow attempt (server-oracle.rules) * 1:27200 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meredrop variant outbound connection POST Request (malware-cnc.rules) * 1:27201 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules) * 1:27203 <-> DISABLED <-> INDICATOR-COMPROMISE Apache auto_prepend_file a.control.bin C2 traffic (indicator-compromise.rules) * 1:27204 <-> DISABLED <-> MALWARE-CNC Potential Bancos Brazilian Banking Trojan Browser Proxy Autoconfig File (malware-cnc.rules) * 1:27205 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Services CallHTMLHelp ActiveX buffer overflow attempt (browser-plugins.rules) * 1:27206 <-> DISABLED <-> BROWSER-PLUGINS SigPlus Pro ActiveX clsid access (browser-plugins.rules) * 1:27207 <-> DISABLED <-> BROWSER-PLUGINS SigPlus Pro ActiveX clsid access (browser-plugins.rules) * 1:27208 <-> DISABLED <-> BROWSER-PLUGINS Symantec WinFax Pro ActiveX heap buffer overflow attempt (browser-plugins.rules) * 1:27209 <-> DISABLED <-> BROWSER-PLUGINS GeoVision LiveAudio ActiveX remote code execution attempt (browser-plugins.rules) * 1:2721 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_columns_to_flavor buffer overflow attempt (server-oracle.rules) * 1:27210 <-> DISABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules) * 1:27211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27213 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27214 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27215 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint schemes record buffer overflow (file-office.rules) * 1:27216 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint printer record buffer overflow (file-office.rules) * 1:27217 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (server-other.rules) * 1:27218 <-> DISABLED <-> SERVER-WEBAPP Themescript remote file include in CheckUpload.php Language (server-webapp.rules) * 1:27219 <-> DISABLED <-> BROWSER-PLUGINS DB Software Laboratory VImpX activex control ActiveX clsid access attempt (browser-plugins.rules) * 1:2722 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_object_to_flavor buffer overflow attempt (server-oracle.rules) * 1:27220 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer virtual function table corruption attempt (browser-ie.rules) * 1:27221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer virtual function table corruption attempt (browser-ie.rules) * 1:27222 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:27223 <-> DISABLED <-> BROWSER-PLUGINS Oracle document capture Actbar2.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules) * 1:27226 <-> DISABLED <-> SERVER-WEBAPP DokuWiki PHP file inclusion attempt (server-webapp.rules) * 1:27227 <-> DISABLED <-> SERVER-WEBAPP txtSQL startup.php remote file include attempt (server-webapp.rules) * 1:27228 <-> ENABLED <-> MALWARE-OTHER OSX.Trojan.Janicab file download attempt (malware-other.rules) * 1:27229 <-> ENABLED <-> MALWARE-OTHER IFRAMEr Tool code injection attack (malware-other.rules) * 1:2723 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_priority_char buffer overflow attempt (server-oracle.rules) * 1:27230 <-> DISABLED <-> SERVER-WEBAPP Pragyan CMS form.lib.php remove file include attempt (server-webapp.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:27232 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:27233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules) * 1:2724 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_priority_date buffer overflow attempt (server-oracle.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules) * 1:27241 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page detected (exploit-kit.rules) * 1:27242 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:27243 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirectAction (server-apache.rules) * 1:27244 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:27245 <-> ENABLED <-> SERVER-APACHE Apache Struts2 remote code execution attempt (server-apache.rules) * 1:27246 <-> ENABLED <-> MALWARE-OTHER Mac OSX FBI ransomware (malware-other.rules) * 1:27248 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue - Mozi1la User-Agent (malware-cnc.rules) * 1:27249 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:2725 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_priority_nchar buffer overflow attempt (server-oracle.rules) * 1:27250 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash.9 ActiveX function overflow attempt (browser-plugins.rules) * 1:27251 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules) * 1:27252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess 111-byte URL variant outbound connection (malware-cnc.rules) * 1:27253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex Encrypted POST w/ URL Pattern (malware-cnc.rules) * 1:27254 <-> DISABLED <-> MALWARE-CNC Yakes Trojan HTTP Header Structure (malware-cnc.rules) * 1:27255 <-> DISABLED <-> INDICATOR-COMPROMISE All Numbers .EXE file name from abnormally ordered HTTP headers - Potential Yakes Trojan Download (indicator-compromise.rules) * 1:27256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik Drive-by Download Malware (malware-cnc.rules) * 1:27257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptic 7-byte URI Invalid Firefox Headers - no Accept-Language (malware-cnc.rules) * 1:27258 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:27259 <-> DISABLED <-> INDICATOR-OBFUSCATION eval large block of fromCharCode (indicator-obfuscation.rules) * 1:2726 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_priority_number buffer overflow attempt (server-oracle.rules) * 1:27260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Agent.NFK variant connection (malware-cnc.rules) * 1:27261 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 215 buffer overflow attempt (server-other.rules) * 1:27262 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 263 buffer overflow attempt (server-other.rules) * 1:27263 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules) * 1:27264 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 1:27265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27269 <-> DISABLED <-> SERVER-OTHER GuildFTPd CWD command heap overflow attempt (server-other.rules) * 1:2727 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_priority_nvarchar2 buffer overflow attempt (server-oracle.rules) * 1:27270 <-> DISABLED <-> SERVER-OTHER GuildFTPd LIST command heap overflow attempt (server-other.rules) * 1:27271 <-> ENABLED <-> EXPLOIT-KIT iFramer toolkit injected iframe detected - specific structure (exploit-kit.rules) * 1:27272 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode (indicator-obfuscation.rules) * 1:27273 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit iframe redirection (exploit-kit.rules) * 1:27274 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit Java Exploit request structure (exploit-kit.rules) * 1:27275 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27276 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:27277 <-> ENABLED <-> FILE-IDENTIFY Trimble SketchUp file download request (file-identify.rules) * 1:27278 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27279 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:2728 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_priority_raw buffer overflow attempt (server-oracle.rules) * 1:27280 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27281 <-> DISABLED <-> FILE-OTHER Trimble SketchUp PICT color entries buffer overflow attempt (file-other.rules) * 1:27282 <-> DISABLED <-> BROWSER-PLUGINS PPMate PPMPlayer.dll ActiveX clsid access (browser-plugins.rules) * 1:27283 <-> DISABLED <-> BROWSER-PLUGINS PPMate PPMPlayer.dll ActiveX clsid access (browser-plugins.rules) * 1:27284 <-> DISABLED <-> SERVER-WEBAPP SezHoo remote file include in SezHooTabsAndActions.php (server-webapp.rules) * 1:27285 <-> DISABLED <-> SERVER-WEBAPP Gazi Download Portal down_indir.asp SQL injection attempt (server-webapp.rules) * 1:27286 <-> DISABLED <-> SERVER-WEBAPP DuWare DuClassmate default.asp iCity sql injection attempt (server-webapp.rules) * 1:27287 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:27288 <-> ENABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules) * 1:2729 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_priority_varchar2 buffer overflow attempt (server-oracle.rules) * 1:2730 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_site_priority_site buffer overflow attempt (server-oracle.rules) * 1:2731 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_unique_resolution buffer overflow attempt (server-oracle.rules) * 1:2732 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.add_update_resolution buffer overflow attempt (server-oracle.rules) * 1:2733 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_master_propagation buffer overflow attempt (server-oracle.rules) * 1:2734 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_mview_propagation buffer overflow attempt (server-oracle.rules) * 1:2735 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_priority_char buffer overflow attempt (server-oracle.rules) * 1:2736 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_priority_date buffer overflow attempt (server-oracle.rules) * 1:2737 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_priority_nchar buffer overflow attempt (server-oracle.rules) * 1:2738 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_priority_number buffer overflow attempt (server-oracle.rules) * 1:2739 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_priority_nvarchar2 buffer overflow attempt (server-oracle.rules) * 1:274 <-> DISABLED <-> PROTOCOL-ICMP ath (protocol-icmp.rules) * 1:2740 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_priority_raw buffer overflow attempt (server-oracle.rules) * 1:2741 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_priority buffer overflow attempt (server-oracle.rules) * 1:2742 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_priority_varchar2 buffer overflow attempt (server-oracle.rules) * 1:2743 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_site_priority_site buffer overflow attempt (server-oracle.rules) * 1:2744 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_site_priority buffer overflow attempt (server-oracle.rules) * 1:2745 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.alter_snapshot_propagation buffer overflow attempt (server-oracle.rules) * 1:2746 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt (server-oracle.rules) * 1:2747 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.begin_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:2748 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_column_group buffer overflow attempt (server-oracle.rules) * 1:2749 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_delete_resolution buffer overflow attempt (server-oracle.rules) * 1:2750 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_mview_repsites buffer overflow attempt (server-oracle.rules) * 1:2751 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_priority_group buffer overflow attempt (server-oracle.rules) * 1:2752 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_repgroup buffer overflow attempt (server-oracle.rules) * 1:27525 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27526 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27527 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27528 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:27529 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:2753 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_repsites buffer overflow attempt (server-oracle.rules) * 1:27530 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:27531 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 and 10 information disclosure attempt (browser-ie.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules) * 1:27533 <-> DISABLED <-> MALWARE-CNC Potential Win.Trojan.Kraziomel Download - 000.jpg (malware-cnc.rules) * 1:27536 <-> DISABLED <-> APP-DETECT TCP over DNS response attempt (app-detect.rules) * 1:27538 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default MyCompany Ltd organization name (malware-other.rules) * 1:27539 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 234 buffer overflow attempt (server-other.rules) * 1:2754 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_site_priority buffer overflow attempt (server-oracle.rules) * 1:27540 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling up attempt (app-detect.rules) * 1:27541 <-> DISABLED <-> APP-DETECT OzymanDNS dns tunneling down attempt (app-detect.rules) * 1:27542 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27543 <-> ENABLED <-> FILE-IDENTIFY Python bytecode file magic detected (file-identify.rules) * 1:27544 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected (malware-cnc.rules) * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:27548 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:27549 <-> ENABLED <-> MALWARE-OTHER Osx.Trojan.Janicab file download attempt (malware-other.rules) * 1:2755 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_unique_resolution buffer overflow attempt (server-oracle.rules) * 1:27550 <-> ENABLED <-> MALWARE-OTHER Compromised website response - leads to Exploit Kit (malware-other.rules) * 1:27551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorapu variant outbound connection (malware-cnc.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules) * 1:27558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bezigate variant outbound connection (malware-cnc.rules) * 1:2756 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.comment_on_update_resolution buffer overflow attempt (server-oracle.rules) * 1:27565 <-> ENABLED <-> MALWARE-OTHER HideMeBetter spam injection variant (malware-other.rules) * 1:27567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download request (malware-cnc.rules) * 1:27568 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:27569 <-> DISABLED <-> FILE-IMAGE JPEG parser multipacket heap overflow attempt (file-image.rules) * 1:2757 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.create_master_repgroup buffer overflow attempt (server-oracle.rules) * 1:27570 <-> DISABLED <-> BROWSER-PLUGINS CEnroll.CEnroll.2 ActiveX function stringtoBinary access attempt (browser-plugins.rules) * 1:27571 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 235 buffer overflow attempt (server-other.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27573 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:27575 <-> DISABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules) * 1:27576 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font maxComponentPoints overflow attempt (file-other.rules) * 1:27577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:27578 <-> DISABLED <-> SERVER-OTHER OpenX POST to known backdoored file (server-other.rules) * 1:27579 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:2758 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.create_master_repobject buffer overflow attempt (server-oracle.rules) * 1:27580 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27581 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27582 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27583 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27584 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27585 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27586 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27587 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27588 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27589 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:2759 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.create_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:27590 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27591 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27592 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:27593 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split (indicator-obfuscation.rules) * 1:27594 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player update warning enticing clicks to malware payload (malware-other.rules) * 1:27595 <-> ENABLED <-> MALWARE-OTHER Fake Adobe Flash Player malware binary requested (malware-other.rules) * 1:27596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redyms variant outbound connection (malware-cnc.rules) * 1:27597 <-> DISABLED <-> BROWSER-PLUGINS Morovia Barcode ActiveX Professional arbitrary file overwrite attempt (browser-plugins.rules) * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules) * 1:27599 <-> DISABLED <-> MALWARE-CNC Fort Disco Registration variant outbound connection (malware-cnc.rules) * 1:276 <-> DISABLED <-> SERVER-OTHER RealNetworks Audio Server denial of service attempt (server-other.rules) * 1:2760 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.define_column_group buffer overflow attempt (server-oracle.rules) * 1:27600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nawpers variant connection (malware-cnc.rules) * 1:27601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant connection (malware-cnc.rules) * 1:27602 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27603 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:27604 <-> DISABLED <-> POLICY-SPAM FedEX spam campaign outbound connection (policy-spam.rules) * 1:27605 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeNode use after free attempt (browser-ie.rules) * 1:27606 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectionManager use after free attempt (browser-ie.rules) * 1:27607 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer content generation use after free attempt (browser-ie.rules) * 1:27608 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object CSS text overflow attempt (browser-ie.rules) * 1:27609 <-> DISABLED <-> POLICY-OTHER Microsoft ADFS endpoint information disclosure attempt (policy-other.rules) * 1:2761 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.define_priority_group buffer overflow attempt (server-oracle.rules) * 1:27610 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27611 <-> DISABLED <-> PROTOCOL-ICMP Truncated ICMPv6 denial of service attempt (protocol-icmp.rules) * 1:27612 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer with SVG use-after-free attempt (browser-ie.rules) * 1:27613 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use-after-free attempt (browser-ie.rules) * 1:27614 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use-after-free attempt (browser-ie.rules) * 1:27615 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:27616 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:27617 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 264 buffer overflow attempt (server-other.rules) * 1:27618 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 6 usp10.dll Bengali font stack overrun attempt (browser-ie.rules) * 1:27619 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 6 usp10.dll Bengali font stack overrun attempt (browser-ie.rules) * 1:2762 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.define_site_priority buffer overflow attempt (server-oracle.rules) * 1:27620 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer merged stylesheet array use after free attempt (browser-ie.rules) * 1:27621 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules) * 1:27624 <-> DISABLED <-> OS-WINDOWS Microsoft ICMPv6 mismatched prefix length and length field denial of service attempt (os-windows.rules) * 1:27629 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:2763 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.do_deferred_repcat_admin buffer overflow attempt (server-oracle.rules) * 1:27630 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27631 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules) * 1:27633 <-> DISABLED <-> MALWARE-CNC Worm.Silly variant outbound connection (malware-cnc.rules) * 1:27634 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:27635 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:27636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Likseput variant connection (malware-cnc.rules) * 1:27637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syhcmd variant connection (malware-cnc.rules) * 1:27638 <-> DISABLED <-> SERVER-WEBAPP Hedgehog-CMS Directory traversal attempt (server-webapp.rules) * 1:27639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epipenwa variant connection (malware-cnc.rules) * 1:2764 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_column_group_from_flavor buffer overflow attempt (server-oracle.rules) * 1:27640 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chekafe variant connection (malware-cnc.rules) * 1:27641 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meilat variant connection (malware-cnc.rules) * 1:27642 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downbot variant connection (malware-cnc.rules) * 1:27643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betabot variant connection (malware-cnc.rules) * 1:27644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Merong variant connection (malware-cnc.rules) * 1:27645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Binjo variant outbound connection (malware-cnc.rules) * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules) * 1:27647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nelaja variant outbound connection (malware-cnc.rules) * 1:27648 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker.ZSL variant outbound connection (malware-cnc.rules) * 1:27649 <-> DISABLED <-> MALWARE-CNC Brazilian Banking Trojan data theft (malware-cnc.rules) * 1:2765 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_column_group buffer overflow attempt (server-oracle.rules) * 1:27654 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Agent variant outbound connection (malware-cnc.rules) * 1:27655 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enchanim variant connection (malware-cnc.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gapz variant connection (malware-cnc.rules) * 1:2766 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_columns_from_flavor buffer overflow attempt (server-oracle.rules) * 1:27660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27661 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reabfrus variant connection (malware-cnc.rules) * 1:27662 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galfun variant outbound connection (malware-cnc.rules) * 1:27663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 memory disclosure attempt (browser-ie.rules) * 1:27664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:27666 <-> DISABLED <-> SERVER-OTHER ISC BIND 9 DNS rdata length handling remote denial of service attempt (server-other.rules) * 1:27667 <-> DISABLED <-> SERVER-WEBAPP Joomla media.php file.upload direct administrator access attempt (server-webapp.rules) * 1:27668 <-> DISABLED <-> APP-DETECT Heyoka initial outbound connection attempt (app-detect.rules) * 1:27669 <-> DISABLED <-> APP-DETECT Heyoka outbound communication attempt (app-detect.rules) * 1:2767 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_delete_resolution buffer overflow attempt (server-oracle.rules) * 1:27670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.evf variant connection (malware-cnc.rules) * 1:27671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:27672 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27674 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27676 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goolelo variant connection (malware-cnc.rules) * 1:27679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:2768 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_grouped_column buffer overflow attempt (server-oracle.rules) * 1:27680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess variant outbound connection (malware-cnc.rules) * 1:27681 <-> DISABLED <-> SERVER-WEBAPP ASPMForum SQL injection attempt (server-webapp.rules) * 1:27682 <-> DISABLED <-> SERVER-WEBAPP ASPMForum SQL injection attempt (server-webapp.rules) * 1:27683 <-> DISABLED <-> SERVER-WEBAPP ASPMForum SQL injection attempt (server-webapp.rules) * 1:27684 <-> DISABLED <-> SERVER-WEBAPP ASPMForum SQL injection attempt (server-webapp.rules) * 1:27685 <-> DISABLED <-> SERVER-WEBAPP ASPMForum SQL injection attempt (server-webapp.rules) * 1:27686 <-> DISABLED <-> SERVER-WEBAPP ASPMForum SQL injection attempt (server-webapp.rules) * 1:27687 <-> DISABLED <-> SERVER-WEBAPP ASPMForum SQL injection attempt (server-webapp.rules) * 1:27688 <-> DISABLED <-> SERVER-WEBAPP mxBB MX Faq module_root_path file inclusion attempt (server-webapp.rules) * 1:27689 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:2769 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_mview_repobject buffer overflow attempt (server-oracle.rules) * 1:27690 <-> DISABLED <-> FILE-PDF Foxit PDF Reader authentication bypass attempt (file-pdf.rules) * 1:27691 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27693 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27694 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib BytePackedRaster signed integer overflow attempt (file-java.rules) * 1:27695 <-> DISABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27696 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit landing page (exploit-kit.rules) * 1:27697 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit successful Java exploit (exploit-kit.rules) * 1:27699 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tartober variant connection (malware-cnc.rules) * 1:277 <-> DISABLED <-> SERVER-OTHER RealNetworks Server template.html (server-other.rules) * 1:2770 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_object_from_flavor buffer overflow attempt (server-oracle.rules) * 1:27700 <-> DISABLED <-> APP-DETECT NSTX DNS tunnel outbound connection attempt (app-detect.rules) * 1:27702 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:27704 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit Java exploit requested (exploit-kit.rules) * 1:27705 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit Java exploit requested (exploit-kit.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:27708 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy outbound connection (malware-cnc.rules) * 1:27709 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules) * 1:2771 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_priority_char buffer overflow attempt (server-oracle.rules) * 1:27710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules) * 1:27711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:27712 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27713 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection injection (exploit-kit.rules) * 1:27715 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page (exploit-kit.rules) * 1:27716 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 deleted object access memory corruption attempt (browser-ie.rules) * 1:27717 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 deleted object access memory corruption attempt (browser-ie.rules) * 1:27718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:27719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:2772 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_priority_date buffer overflow attempt (server-oracle.rules) * 1:27720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolok variant connection (malware-cnc.rules) * 1:27721 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .su dns query (indicator-compromise.rules) * 1:27723 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27724 <-> DISABLED <-> SQL McAfee ePolicy Orchestrator timing based SQL injection attempt (sql.rules) * 1:27725 <-> DISABLED <-> OS-MOBILE Android SMSAgent.C outbound SMTP communication (os-mobile.rules) * 1:27726 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27727 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27728 <-> DISABLED <-> MALWARE-CNC Orbit Downloader denial of service update (malware-cnc.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules) * 1:2773 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_priority_nchar buffer overflow attempt (server-oracle.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules) * 1:27733 <-> DISABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - generic structure (exploit-kit.rules) * 1:27734 <-> ENABLED <-> EXPLOIT-KIT IFRAMEr Tool embedded javascript attack method - specific structure (exploit-kit.rules) * 1:27735 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool usage (indicator-obfuscation.rules) * 1:27736 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:27737 <-> DISABLED <-> MALWARE-CNC DNS suspicious .c0m.li dns query (malware-cnc.rules) * 1:27738 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit landing page (exploit-kit.rules) * 1:27739 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit redirection page (exploit-kit.rules) * 1:2774 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_priority_number buffer overflow attempt (server-oracle.rules) * 1:27741 <-> ENABLED <-> EXPLOIT-KIT Zip file downloaded by Java (exploit-kit.rules) * 1:27742 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules) * 1:27743 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules) * 1:27744 <-> DISABLED <-> BROWSER-PLUGINS BaoFeng Storm ActiveX control OnBeforeVideoDownload method buffer overflow attempt (browser-plugins.rules) * 1:27745 <-> DISABLED <-> BROWSER-PLUGINS BaoFeng Storm ActiveX control SetAttributeValue method buffer overflow attempt (browser-plugins.rules) * 1:27746 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Hanthie variant outbound connection (malware-cnc.rules) * 1:27747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banechant outbound variant connection (malware-cnc.rules) * 1:27748 <-> DISABLED <-> SERVER-WEBAPP Outfront Spooky Login register.asp SQL injection attempt (server-webapp.rules) * 1:27749 <-> DISABLED <-> SERVER-WEBAPP Outfront Spooky Login a_register.asp SQL injection attempt (server-webapp.rules) * 1:2775 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_priority_nvarchar2 buffer overflow attempt (server-oracle.rules) * 1:27750 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27752 <-> DISABLED <-> SERVER-WEBAPP Neocrome Land Down Under profile.inc.php SQL injection attempt (server-webapp.rules) * 1:27753 <-> DISABLED <-> SERVER-WEBAPP Click N Print Coupons coupon_detail.asp SQL injection attempt (server-webapp.rules) * 1:27754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27756 <-> DISABLED <-> SERVER-WEBAPP RedHat Piranha Virtual Server Package default passwd and arbitrary command execution attempt (server-webapp.rules) * 1:27757 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:27758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX function call access (browser-plugins.rules) * 1:27759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Treizt variant connection (malware-cnc.rules) * 1:2776 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_priority_raw buffer overflow attempt (server-oracle.rules) * 1:27760 <-> DISABLED <-> BROWSER-PLUGINS Ultra Shareware Office Control ActiveX function call access (browser-plugins.rules) * 1:27761 <-> DISABLED <-> BROWSER-PLUGINS Ultra Shareware Office Control ActiveX function call access (browser-plugins.rules) * 1:27762 <-> DISABLED <-> BROWSER-PLUGINS Ultra Shareware Office Control ActiveX clsid access (browser-plugins.rules) * 1:27763 <-> DISABLED <-> BROWSER-PLUGINS Husdawg System Requirements Lab Control ActiveX clsid access (browser-plugins.rules) * 1:27764 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27765 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27766 <-> ENABLED <-> BROWSER-PLUGINS Oracle Java Security Slider feature bypass attempt (browser-plugins.rules) * 1:27767 <-> DISABLED <-> BROWSER-PLUGINS Icona SpA C6 Messenger Downloader ActiveX clsid access (browser-plugins.rules) * 1:27768 <-> DISABLED <-> BROWSER-PLUGINS Icona SpA C6 Messenger Downloader ActiveX clsid access (browser-plugins.rules) * 1:27769 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 207 buffer overflow attempt (server-other.rules) * 1:2777 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_priority buffer overflow attempt (server-oracle.rules) * 1:27770 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 210 buffer overflow attempt (server-other.rules) * 1:27771 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 236 buffer overflow attempt (server-other.rules) * 1:27772 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 243 buffer overflow attempt (server-other.rules) * 1:27773 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 265 buffer overflow attempt (server-other.rules) * 1:27774 <-> DISABLED <-> MALWARE-CNC RDN Banker Data Exfiltration (malware-cnc.rules) * 1:27775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:2778 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_priority_varchar2 buffer overflow attempt (server-oracle.rules) * 1:27781 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:27782 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:27783 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit plugin detection page (exploit-kit.rules) * 1:27786 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27787 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:2779 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_site_priority_site buffer overflow attempt (server-oracle.rules) * 1:27790 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:27792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:27793 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:27794 <-> DISABLED <-> BROWSER-PLUGINS Black Ice Barcode SDK ActiveX clsid access (browser-plugins.rules) * 1:27795 <-> DISABLED <-> BROWSER-PLUGINS Black Ice Barcode SDK ActiveX function call access (browser-plugins.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:27798 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:27799 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:278 <-> DISABLED <-> SERVER-OTHER RealNetworks Server template.html (server-other.rules) * 1:2780 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_site_priority buffer overflow attempt (server-oracle.rules) * 1:27800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX function call access (browser-plugins.rules) * 1:27802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:27805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bisonha variant outbound connection (malware-cnc.rules) * 1:27806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retruse variant connection (malware-cnc.rules) * 1:2781 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules) * 1:27811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mindweq variant connection (malware-cnc.rules) * 1:27813 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page with payload (exploit-kit.rules) * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules) * 1:27815 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit malicious redirection attempt (exploit-kit.rules) * 1:27816 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit jar file download attempt (exploit-kit.rules) * 1:27817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenavt connection (malware-cnc.rules) * 1:27818 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:27819 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint denial of service attempt (server-other.rules) * 1:2782 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_snapshot_repobject buffer overflow attempt (server-oracle.rules) * 1:27820 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27821 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel PtgMemFunc zero-value cce-field read access violation attempt (file-office.rules) * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules) * 1:27823 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint malicious serialized viewstate evaluation attempt (server-webapp.rules) * 1:27824 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27825 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid external defined names read AV attempt (file-office.rules) * 1:27826 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint self cross site scripting attempt (server-webapp.rules) * 1:27827 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint self cross site scripting attempt (server-webapp.rules) * 1:27828 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint self cross site scripting attempt (server-webapp.rules) * 1:27829 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer hgroup element DOM reset use after free attempt (browser-ie.rules) * 1:2783 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_unique_resolution buffer overflow attempt (server-oracle.rules) * 1:27830 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer hgroup element DOM reset use after free attempt (browser-ie.rules) * 1:27831 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript call method type confusion attempt (browser-ie.rules) * 1:27832 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript apply method type confusion attempt (browser-ie.rules) * 1:27833 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript call method type confusion attempt (browser-ie.rules) * 1:27834 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript apply method type confusion attempt (browser-ie.rules) * 1:27835 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer AddOption use after free attempt (browser-ie.rules) * 1:27836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer AddOption use after free attempt (browser-ie.rules) * 1:27837 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:27838 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:27839 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer range markup switch use after free attempt (browser-ie.rules) * 1:2784 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.drop_update_resolution buffer overflow attempt (server-oracle.rules) * 1:27840 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer range markup switch use after free attempt (browser-ie.rules) * 1:27841 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 MutationEvent use after free attempt (browser-ie.rules) * 1:27842 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSegment object use after free attempt (browser-ie.rules) * 1:27843 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules) * 1:27844 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules) * 1:27845 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe execCommand use after free attempt (browser-ie.rules) * 1:27846 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe execCommand use after free attempt (browser-ie.rules) * 1:2785 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.execute_ddl buffer overflow attempt (server-oracle.rules) * 1:27850 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27851 <-> ENABLED <-> FILE-OFFICE Microsoft Office SDTI signed integer underflow attempt (file-office.rules) * 1:27852 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27853 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word invalid number of cells memory corruption attempt (file-office.rules) * 1:27854 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27855 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27856 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27857 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document invalid cell count memory corruption attempt (file-office.rules) * 1:27858 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:27859 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed OCXINFO element EoP attempt (file-office.rules) * 1:2786 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.generate_replication_package buffer overflow attempt (server-oracle.rules) * 1:27860 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules) * 1:27862 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:27863 <-> DISABLED <-> SERVER-WEBAPP Ektron CMS XSLT transform remote code execution attempt (server-webapp.rules) * 1:27864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal variant connection (malware-cnc.rules) * 1:27865 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Darkleech exploit kit landing page request (exploit-kit.rules) * 1:27866 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Darkleech exploit kit landing page (exploit-kit.rules) * 1:27867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:27868 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules) * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:2787 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_instantiate.instantiate_online buffer overflow attempt (server-oracle.rules) * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27873 <-> ENABLED <-> EXPLOIT-KIT Kore exploit kit outbound payload download attempt (exploit-kit.rules) * 1:27875 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation technique - has been observed in Rmayana/DotkaChef/DotCache exploit kit (indicator-obfuscation.rules) * 1:27876 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download (exploit-kit.rules) * 1:27877 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit landing page (exploit-kit.rules) * 1:27878 <-> ENABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit landing page (exploit-kit.rules) * 1:27879 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 (exploit-kit.rules) * 1:2788 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.make_column_group buffer overflow attempt (server-oracle.rules) * 1:27880 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 (exploit-kit.rules) * 1:27881 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27882 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Flash Player (exploit-kit.rules) * 1:27883 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Oracle Java (exploit-kit.rules) * 1:27885 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27886 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27887 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27888 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27889 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:2789 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.obsolete_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:27890 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27891 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit secondary payload (exploit-kit.rules) * 1:27892 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader (exploit-kit.rules) * 1:27893 <-> ENABLED <-> EXPLOIT-KIT Teletubbies exploit kit payload download (exploit-kit.rules) * 1:27894 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - about.dll (exploit-kit.rules) * 1:27895 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - info.dll (exploit-kit.rules) * 1:27896 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - contacts.dll (exploit-kit.rules) * 1:27897 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - calc.dll (exploit-kit.rules) * 1:27898 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit Payload detection - readme.dll (exploit-kit.rules) * 1:27899 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:279 <-> DISABLED <-> SERVER-OTHER Bay/Nortel Nautica Marlin (server-other.rules) * 1:2790 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.publish_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:27900 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27901 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27902 <-> DISABLED <-> PROTOCOL-VOIP Possible SIP OPTIONS service information gathering attempt (protocol-voip.rules) * 1:27903 <-> DISABLED <-> PROTOCOL-VOIP Ghost call attack attempt (protocol-voip.rules) * 1:27904 <-> DISABLED <-> PROTOCOL-VOIP Excessive number of SIP 4xx responses potential user or password guessing attempt (protocol-voip.rules) * 1:27905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helauto variant connection (malware-cnc.rules) * 1:27907 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:27908 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27909 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:2791 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.purge_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:27911 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27912 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:27913 <-> DISABLED <-> PUA-ADWARE Vittalia adware - get ads (pua-adware.rules) * 1:27914 <-> DISABLED <-> PUA-ADWARE Vittalia adware - post install (pua-adware.rules) * 1:27915 <-> DISABLED <-> PUA-ADWARE Vittalia adware outbound connection - pre install (pua-adware.rules) * 1:27916 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - Eazel toolbar install (pua-toolbars.rules) * 1:27917 <-> DISABLED <-> PUA-TOOLBARS Vittalia adware outbound connection - offers (pua-toolbars.rules) * 1:27918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:27919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus encrypted POST Data exfiltration (malware-cnc.rules) * 1:2792 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.purge_master_log buffer overflow attempt (server-oracle.rules) * 1:27920 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:27921 <-> DISABLED <-> SERVER-ORACLE Oracle Endeca Server createDataStore remote command injection attempt (server-oracle.rules) * 1:27922 <-> DISABLED <-> APP-DETECT Splashtop outbound connection attempt (app-detect.rules) * 1:27923 <-> DISABLED <-> APP-DETECT Splashtop connection negotiation attempt (app-detect.rules) * 1:27924 <-> DISABLED <-> APP-DETECT Splashtop Streamer download attempt (app-detect.rules) * 1:27925 <-> DISABLED <-> APP-DETECT Splashtop Personal download attempt (app-detect.rules) * 1:27926 <-> DISABLED <-> APP-DETECT Splashtop Streamer certificate server connect attempt (app-detect.rules) * 1:27927 <-> DISABLED <-> APP-DETECT Splashtop inbound connection negotiation attempt (app-detect.rules) * 1:27928 <-> DISABLED <-> APP-DETECT Splashtop connection attempt (app-detect.rules) * 1:27929 <-> DISABLED <-> APP-DETECT Splashtop communication attempt (app-detect.rules) * 1:2793 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.purge_statistics buffer overflow attempt (server-oracle.rules) * 1:27930 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.com (app-detect.rules) * 1:27931 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain splashtop.net (app-detect.rules) * 1:27932 <-> DISABLED <-> APP-DETECT DNS request for Splashtop domain devicevm.com (app-detect.rules) * 1:27933 <-> DISABLED <-> APP-DETECT Splashtop streamer download attempt (app-detect.rules) * 1:27934 <-> DISABLED <-> APP-DETECT Splashtop personal download attempt (app-detect.rules) * 1:27935 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:27936 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit portable executable download (exploit-kit.rules) * 1:27937 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateCertificatesServlet directory traversal attempt (server-other.rules) * 1:27938 <-> DISABLED <-> PROTOCOL-DNS IPv6 host name enumeration (protocol-dns.rules) * 1:27939 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Galock variant connection (malware-cnc.rules) * 1:2794 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.refresh_mview_repgroup buffer overflow attempt (server-oracle.rules) * 1:27940 <-> DISABLED <-> SERVER-WEBAPP Django web framework oversized password denial of service attempt (server-webapp.rules) * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (server-other.rules) * 1:27942 <-> ENABLED <-> SERVER-WEBAPP Sophos Web Protection Appliance sblistpack arbitrary command execution attempt (server-webapp.rules) * 1:27943 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules) * 1:27944 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules) * 1:27945 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:27947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:27948 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:2795 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.refresh_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:27955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:27956 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27957 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27958 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit download attempt (malware-other.rules) * 1:27959 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:2796 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.register_mview_repgroup buffer overflow attempt (server-oracle.rules) * 1:27960 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27961 <-> DISABLED <-> MALWARE-OTHER OSX.Trojan.Renepo rootkit upload attempt (malware-other.rules) * 1:27963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules) * 1:27964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:27965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eupuds variant connection (malware-cnc.rules) * 1:27966 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27967 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27968 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:27969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Updays variant connection (malware-cnc.rules) * 1:2797 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.register_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:27970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus dropper variant connection (malware-cnc.rules) * 1:2798 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.register_statistics buffer overflow attempt (server-oracle.rules) * 1:27980 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/adduser.php?uid= (malware-cnc.rules) * 1:27981 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /botnet/tasks.php?uid= (malware-cnc.rules) * 1:27982 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:27983 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:27984 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dfgvx.com (app-detect.rules) * 1:27985 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain hjuyv.com (app-detect.rules) * 1:27986 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain rfvcd.com (app-detect.rules) * 1:27987 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain vfrtg.com (app-detect.rules) * 1:27988 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.com (app-detect.rules) * 1:27989 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain mjuyh.com (app-detect.rules) * 1:2799 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.relocate_masterdef buffer overflow attempt (server-oracle.rules) * 1:27990 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain umikl.com (app-detect.rules) * 1:27991 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27992 <-> DISABLED <-> APP-DETECT DNS response for Dynamic Internet Technology domain ziyouforever.com (app-detect.rules) * 1:27993 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain xcder.com (app-detect.rules) * 1:27994 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dit-inc.us (app-detect.rules) * 1:27995 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain ewsxz.com (app-detect.rules) * 1:27996 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain nbgtr.com (app-detect.rules) * 1:27997 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain dongtaiwang.net (app-detect.rules) * 1:27998 <-> DISABLED <-> APP-DETECT DNS request for Dynamic Internet Technology domain washingtonchinareview.org (app-detect.rules) * 1:27999 <-> DISABLED <-> APP-DETECT Possible Dynamic Internet Technology Frontgate application PING (app-detect.rules) * 1:2800 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.rename_shadow_column_group buffer overflow attempt (server-oracle.rules) * 1:28000 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application executable download attempt (app-detect.rules) * 1:28001 <-> DISABLED <-> APP-DETECT Dynamic Internet Technology Freegate application zip download attempt (app-detect.rules) * 1:28002 <-> DISABLED <-> INDICATOR-SCAN UPnP WANPPPConnection (indicator-scan.rules) * 1:28003 <-> DISABLED <-> INDICATOR-SCAN UPnP WANIPConnection (indicator-scan.rules) * 1:28005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound command (malware-cnc.rules) * 1:28006 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kuluoz outbound download request (malware-other.rules) * 1:28007 <-> DISABLED <-> MALWARE-CNC BLYPT installer startupkey outbound traffic (malware-cnc.rules) * 1:28008 <-> DISABLED <-> MALWARE-CNC BLYPT installer reuse outbound traffic (malware-cnc.rules) * 1:28009 <-> DISABLED <-> MALWARE-CNC BLYPT installer configkey outbound traffic (malware-cnc.rules) * 1:2801 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.resume_master_activity buffer overflow attempt (server-oracle.rules) * 1:28010 <-> DISABLED <-> MALWARE-CNC BLYPT installer tserror outbound traffic (malware-cnc.rules) * 1:28011 <-> DISABLED <-> MALWARE-CNC BLYPT installer createproc outbound traffic (malware-cnc.rules) * 1:28012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:28015 <-> ENABLED <-> EXPLOIT-KIT g01pack exploit kit redirection attempt (exploit-kit.rules) * 1:28016 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28017 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28018 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28019 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:2802 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_rgt.check_ddl_text buffer overflow attempt (server-oracle.rules) * 1:28020 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28021 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - possible exploit kit indicator (exploit-kit.rules) * 1:28022 <-> ENABLED <-> EXPLOIT-KIT embedded iframe redirection - IFRAMEr injection tool (exploit-kit.rules) * 1:28023 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - document - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28024 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28025 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28026 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:28028 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28029 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Popads/Nuclear exploit kit jnlp request (exploit-kit.rules) * 1:2803 <-> DISABLED <-> SERVER-ORACLE dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt (server-oracle.rules) * 1:28033 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Urausy variant outbound connection (malware-cnc.rules) * 1:28038 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit successful redirection (exploit-kit.rules) * 1:28039 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .pw dns query (indicator-compromise.rules) * 1:2804 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.send_and_compare_old_values buffer overflow attempt (server-oracle.rules) * 1:28040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:28042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw variant outbound connection (malware-cnc.rules) * 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:28044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker variant connection (malware-cnc.rules) * 1:28045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBKrypt variant connection (malware-cnc.rules) * 1:28046 <-> DISABLED <-> OS-MOBILE Android fake iMessage app download (os-mobile.rules) * 1:28047 <-> DISABLED <-> SERVER-WEBAPP RaidSonic Multiple Products arbitrary command injection attempt (server-webapp.rules) * 1:28048 <-> DISABLED <-> SERVER-WEBAPP GLPI install.php arbitrary code injection attempt (server-webapp.rules) * 1:28049 <-> DISABLED <-> SERVER-WEBAPP GLPI install.php arbitrary code injection attempt (server-webapp.rules) * 1:2805 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.set_columns buffer overflow attempt (server-oracle.rules) * 1:28050 <-> DISABLED <-> SERVER-WEBAPP GLPI install.php arbitrary code injection attempt (server-webapp.rules) * 1:28051 <-> DISABLED <-> SERVER-WEBAPP GLPI install.php arbitrary code injection attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:28056 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:28057 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV APK file download attempt (os-mobile.rules) * 1:2806 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.set_local_flavor buffer overflow attempt (server-oracle.rules) * 1:28068 <-> DISABLED <-> APP-DETECT 360.cn Safeguard runtime outbound communication (app-detect.rules) * 1:28069 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360.cn (app-detect.rules) * 1:2807 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.specify_new_masters buffer overflow attempt (server-oracle.rules) * 1:28070 <-> DISABLED <-> APP-DETECT DNS request for potential malware SafeGuard to domain 360safe.com (app-detect.rules) * 1:28071 <-> DISABLED <-> APP-DETECT 360.cn SafeGuard local HTTP management console access attempt (app-detect.rules) * 1:28072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules) * 1:28073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Kimsuky variant file stealing (malware-cnc.rules) * 1:28074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ADKR connection (malware-cnc.rules) * 1:28075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.gzfw connection (malware-cnc.rules) * 1:28076 <-> DISABLED <-> SERVER-WEBAPP Drupal Core OpenID information disclosure attempt (server-webapp.rules) * 1:28079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar variant outbound connection (malware-cnc.rules) * 1:2808 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.suspend_master_activity buffer overflow attempt (server-oracle.rules) * 1:28080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar data theft (malware-cnc.rules) * 1:28081 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28082 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.Malapp APK file download attempt (os-mobile.rules) * 1:28083 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi cross site scripting attempt (server-webapp.rules) * 1:28084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant connection (malware-cnc.rules) * 1:28086 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28087 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.SmsSpy APK file download attempt (os-mobile.rules) * 1:28088 <-> DISABLED <-> POLICY-SOCIAL Pidgin MXIT emoticon integer overflow attempt (policy-social.rules) * 1:28089 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:2809 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.unregister_mview_repgroup buffer overflow attempt (server-oracle.rules) * 1:28090 <-> DISABLED <-> POLICY-SOCIAL multiple chat protocols link to local file attempt (policy-social.rules) * 1:28093 <-> DISABLED <-> SERVER-WEBAPP Western Digital Arkeia Appliance directory traversal attempt (server-webapp.rules) * 1:28094 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Liteol variant connection (malware-cnc.rules) * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules) * 1:28097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ohlat variant connection (malware-cnc.rules) * 1:28098 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28099 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:281 <-> DISABLED <-> SERVER-OTHER Ascend Route (server-other.rules) * 1:2810 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.unregister_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:28100 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt (server-other.rules) * 1:28101 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt (server-other.rules) * 1:28102 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt (server-other.rules) * 1:28103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Workspace file FontCount record memory corruption attempt (file-office.rules) * 1:28105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:28106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload information upload (malware-cnc.rules) * 1:28107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload download (malware-cnc.rules) * 1:28108 <-> ENABLED <-> EXPLOIT-KIT Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt (exploit-kit.rules) * 1:28109 <-> ENABLED <-> EXPLOIT-KIT Nuclear/Magnitude exploit kit Oracle Java exploit download attempt (exploit-kit.rules) * 1:2811 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.validate_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:28111 <-> ENABLED <-> EXPLOIT-KIT Nuclear/Magnitude exploit kit post Java compromise download attempt (exploit-kit.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:28113 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:28114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /default.htm GET Encrypted Payload (malware-cnc.rules) * 1:28115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /file.htm GET Encrypted Payload (malware-cnc.rules) * 1:28116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /home.htm GET Encrypted Payload (malware-cnc.rules) * 1:28117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /install.htm GET Encrypted Payload (malware-cnc.rules) * 1:28118 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /login.htm GET Encrypted Payload (malware-cnc.rules) * 1:28119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /search.htm GET Encrypted Payload (malware-cnc.rules) * 1:2812 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.validate_for_local_flavor buffer overflow attempt (server-oracle.rules) * 1:28120 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /start.htm GET Encrypted Payload (malware-cnc.rules) * 1:28121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /welcome.htm GET Encrypted Payload (malware-cnc.rules) * 1:28122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /index.htm GET Encrypted Payload (malware-cnc.rules) * 1:28123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /setup.htm GET Encrypted Payload (malware-cnc.rules) * 1:28124 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:28125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant connection (malware-cnc.rules) * 1:28126 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX clsid access (browser-plugins.rules) * 1:28127 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX function call access (browser-plugins.rules) * 1:28128 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:2813 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla.abort_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:28130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:28134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant connection (malware-cnc.rules) * 1:28135 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:28136 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:28138 <-> ENABLED <-> EXPLOIT-KIT DotkaChef/Rmayana exploit kit redirection attempt (exploit-kit.rules) * 1:28139 <-> DISABLED <-> SERVER-WEBAPP Python Pickle remote code execution attempt (server-webapp.rules) * 1:2814 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla.add_object_to_flavor buffer overflow attempt (server-oracle.rules) * 1:28140 <-> DISABLED <-> PUA-ADWARE Win.Adware.Schmidti outbound communication attempt (pua-adware.rules) * 1:28141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules) * 1:28143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules) * 1:28144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32.Wpbrutebot variant connection (malware-cnc.rules) * 1:28145 <-> DISABLED <-> SERVER-WEBAPP OpenEMR information disclosure attempt (server-webapp.rules) * 1:28146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Salgorea variant connection (malware-cnc.rules) * 1:28147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mevade variant outbound connection (malware-cnc.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules) * 1:2815 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla.begin_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (server-other.rules) * 1:28151 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer STextBlockPosition use after free attempt (browser-ie.rules) * 1:28153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - /html2/ (malware-cnc.rules) * 1:28154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.1 (malware-cnc.rules) * 1:28155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foreign variant outbound connection - MSIE 7.2 (malware-cnc.rules) * 1:28156 <-> DISABLED <-> PUA-ADWARE Linkury outbound time check (pua-adware.rules) * 1:28157 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java XML digital signature spoofing attempt (browser-plugins.rules) * 1:28158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLayoutBlock use after free attempt (browser-ie.rules) * 1:28159 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLayoutBlock use after free attempt (browser-ie.rules) * 1:2816 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla.drop_object_from_flavor buffer overflow attempt (server-oracle.rules) * 1:28160 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:28161 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28162 <-> DISABLED <-> FILE-OTHER Microsoft .NET XML digital signature denial of service attempt (file-other.rules) * 1:28163 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HtmlLayout SmartObject use after free attempt (browser-ie.rules) * 1:28164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV attempted file download (malware-cnc.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules) * 1:28166 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose variant connection (malware-cnc.rules) * 1:2817 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla_mas.add_column_group_to_flavor buffer overflow attempt (server-oracle.rules) * 1:2818 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla_mas.add_columns_to_flavor buffer overflow attempt (server-oracle.rules) * 1:2819 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla_mas.drop_column_group_from_flavor buffer overflow attempt (server-oracle.rules) * 1:28190 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules) * 1:28192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential Phishing URL (malware-cnc.rules) * 1:28194 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit landing page (exploit-kit.rules) * 1:28195 <-> ENABLED <-> EXPLOIT-KIT X2O exploit kit post java exploit download attempt (exploit-kit.rules) * 1:28196 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:28197 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:28198 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:28199 <-> ENABLED <-> EXPLOIT-KIT Bleeding Life exploit kit module call (exploit-kit.rules) * 1:2820 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla_mas.drop_columns_from_flavor buffer overflow attempt (server-oracle.rules) * 1:28201 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint XSS attempt (server-other.rules) * 1:28202 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28203 <-> ENABLED <-> FILE-OTHER ATMFD Adobe font driver reserved command denial of service attempt (file-other.rules) * 1:28204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object memory corruption attempt (browser-ie.rules) * 1:28205 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28206 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2003 macro byte opcode large data structure arbitrary code execution attempt (file-office.rules) * 1:28207 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:28208 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:28209 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:2821 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla_mas.obsolete_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:28210 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28211 <-> DISABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules) * 1:28212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bitsto variant connection (malware-cnc.rules) * 1:28213 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection received (exploit-kit.rules) * 1:28215 <-> DISABLED <-> SERVER-WEBAPP vBulletin upgrade.php exploit attempt (server-webapp.rules) * 1:28216 <-> DISABLED <-> MALWARE-CNC known malware FTP login (malware-cnc.rules) * 1:2822 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla_mas.publish_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:28227 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:28228 <-> DISABLED <-> SERVER-WEBAPP Microsoft Interactive Training buffer overflow attempt (server-webapp.rules) * 1:2823 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla_mas.purge_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:28230 <-> DISABLED <-> MALWARE-CNC Boot.Bootroot Variant data upload (malware-cnc.rules) * 1:28231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript call method type confusion attempt (browser-ie.rules) * 1:28232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript call method type confusion attempt (browser-ie.rules) * 1:28233 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit payload download attempt (exploit-kit.rules) * 1:28234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules) * 1:28236 <-> ENABLED <-> EXPLOIT-KIT Magnitude/Nuclear exploit kit landing page (exploit-kit.rules) * 1:28237 <-> DISABLED <-> EXPLOIT-KIT Magnitude/Nuclear exploit kit outbound pdf download attempt (exploit-kit.rules) * 1:28238 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kits malicious pdf download (exploit-kit.rules) * 1:28239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules) * 1:2824 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla.set_local_flavor buffer overflow attempt (server-oracle.rules) * 1:28240 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-100 User-Agent backdoor access attempt (server-webapp.rules) * 1:28242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KanKan variant connection (malware-cnc.rules) * 1:28244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Phrovon outbound connection (malware-cnc.rules) * 1:28245 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application outbound connection attempt (app-detect.rules) * 1:28246 <-> DISABLED <-> APP-DETECT Bizhi Sogou Wallpaper application download schema response (app-detect.rules) * 1:28247 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:2825 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla.validate_flavor_definition buffer overflow attempt (server-oracle.rules) * 1:28250 <-> DISABLED <-> MALWARE-CNC Security Cleaner Pro Install Confirmation (malware-cnc.rules) * 1:28251 <-> DISABLED <-> SERVER-WEBAPP Zabbix httpmon.php SQL injection attempt (server-webapp.rules) * 1:28252 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perl.Shellbot variant outbound connection (malware-cnc.rules) * 1:28255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:28256 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28257 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules) * 1:28258 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:28259 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:2826 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_fla.validate_for_local_flavor buffer overflow attempt (server-oracle.rules) * 1:28260 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules) * 1:28261 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28262 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28263 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:28264 <-> ENABLED <-> EXPLOIT-KIT Sweet Orange exploit kit java compromise successful (exploit-kit.rules) * 1:28265 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page attempt (exploit-kit.rules) * 1:28266 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:28267 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28268 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28269 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:2827 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.alter_master_repobject buffer overflow attempt (server-oracle.rules) * 1:28270 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28271 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules) * 1:28272 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules) * 1:28276 <-> DISABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28278 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:28279 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:2828 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.comment_on_repgroup buffer overflow attempt (server-oracle.rules) * 1:28280 <-> ENABLED <-> PUA-ADWARE Wajam outbound connection - post install (pua-adware.rules) * 1:28284 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .nl.ai dns query (indicator-compromise.rules) * 1:28285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hdog connectivity check-in version 2 (malware-cnc.rules) * 1:28286 <-> ENABLED <-> FILE-OTHER overly large XML file MSXML heap overflow attempt (file-other.rules) * 1:28287 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:28288 <-> ENABLED <-> SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt (server-webapp.rules) * 1:28289 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R root remote code execution attempt (server-webapp.rules) * 1:2829 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.comment_on_repobject buffer overflow attempt (server-oracle.rules) * 1:28290 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt (server-webapp.rules) * 1:28291 <-> DISABLED <-> EXPLOIT-KIT Blackholev2/Cool exploit kit exploit download attempt (exploit-kit.rules) * 1:28292 <-> DISABLED <-> PROTOCOL-ICMP IPv6 0xfacebabe ICMP ping attempt (protocol-icmp.rules) * 1:28299 <-> DISABLED <-> SERVER-WEBAPP WHMCS SQL injection attempt (server-webapp.rules) * 1:283 <-> DISABLED <-> BROWSER-OTHER Netscape 4.7 client overflow (browser-other.rules) * 1:2830 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.create_master_repgroup buffer overflow attempt (server-oracle.rules) * 1:28300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant connection (malware-cnc.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules) * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:28305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecifg variant outbound connection (malware-cnc.rules) * 1:28306 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:28307 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit landing page (exploit-kit.rules) * 1:28308 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Adobe Reader compromise (exploit-kit.rules) * 1:28309 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:2831 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.create_master_repobject buffer overflow attempt (server-oracle.rules) * 1:28310 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28311 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28312 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28313 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28314 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28315 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28316 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28317 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28318 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28319 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:2832 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.do_deferred_repcat_admin buffer overflow attempt (server-oracle.rules) * 1:28320 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28321 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28322 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28323 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules) * 1:28325 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28326 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zuza variant outbound connection (malware-cnc.rules) * 1:28328 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon variant outbound connection (malware-cnc.rules) * 1:2833 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.drop_master_repgroup buffer overflow attempt (server-oracle.rules) * 1:28331 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28332 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28333 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28334 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28335 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28336 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28337 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28338 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28339 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:2834 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.generate_replication_package buffer overflow attempt (server-oracle.rules) * 1:28340 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28341 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28342 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28343 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28344 <-> DISABLED <-> INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation (indicator-obfuscation.rules) * 1:28345 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - split - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28346 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28347 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - page redirecting to a SimpleTDS (malware-other.rules) * 1:28348 <-> DISABLED <-> MALWARE-OTHER SimpleTDS - request to go.php (malware-other.rules) * 1:28349 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:2835 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.purge_master_log buffer overflow attempt (server-oracle.rules) * 1:28350 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28351 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28352 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:28353 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:28354 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28355 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28356 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28357 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28358 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28359 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:2836 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.relocate_masterdef buffer overflow attempt (server-oracle.rules) * 1:28360 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules) * 1:28363 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:28364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:28365 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Stoberox outbound communication attempt (malware-other.rules) * 1:28366 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik variant outbound connection (malware-cnc.rules) * 1:28367 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28368 <-> ENABLED <-> FILE-IDENTIFY CIS file magic detected (file-identify.rules) * 1:28369 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:2837 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.rename_shadow_column_group buffer overflow attempt (server-oracle.rules) * 1:28370 <-> ENABLED <-> FILE-IDENTIFY CIS file attachment detected (file-identify.rules) * 1:28371 <-> ENABLED <-> PUA-ADWARE UpdateStar CIS file retrieval attempt (pua-adware.rules) * 1:28372 <-> ENABLED <-> PUA-ADWARE UpdateStar encapsulated installer outbound connection (pua-adware.rules) * 1:28373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mutopy variant outbound connection (malware-cnc.rules) * 1:28374 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28375 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28376 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:2838 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.resume_master_activity buffer overflow attempt (server-oracle.rules) * 1:28380 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28381 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Temvice outbound communication attempt (malware-other.rules) * 1:28382 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index file download request (file-identify.rules) * 1:28383 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28384 <-> ENABLED <-> FILE-IDENTIFY HTML Help Index download file attachment detected (file-identify.rules) * 1:28386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HTML Help security zone bypass attempt (os-windows.rules) * 1:28388 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28389 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:2839 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_mas.suspend_master_activity buffer overflow attempt (server-oracle.rules) * 1:28390 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28391 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:28392 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules) * 1:28394 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28395 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28396 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28397 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28398 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28399 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:2840 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.alter_snapshot_propagation buffer overflow attempt (server-oracle.rules) * 1:28401 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules) * 1:28402 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx APK file download attempt (os-mobile.rules) * 1:28403 <-> DISABLED <-> OS-MOBILE Android Andr.Trojan.MobileTx information disclosure attempt (os-mobile.rules) * 1:28405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28406 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:28407 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:28408 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules) * 1:28409 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker neoclassic skin arbitrary code execution attempt (server-webapp.rules) * 1:2841 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:28410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner variant outbound connection (malware-cnc.rules) * 1:28413 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded redirection attempt (exploit-kit.rules) * 1:28414 <-> ENABLED <-> EXPLOIT-KIT Nuclear/Magnitude exploit kit Oracle Java exploit download attempt (exploit-kit.rules) * 1:28415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:28416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker outbound connection (malware-cnc.rules) * 1:28417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Molgomsg variant outbound connection (malware-cnc.rules) * 1:28418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Dtcontx outbound connection (malware-cnc.rules) * 1:28419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesch variant outbound connection (malware-cnc.rules) * 1:2842 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.drop_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:28420 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - createElement - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28421 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - fromCharCode - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28422 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28423 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit single digit exe detection (exploit-kit.rules) * 1:28424 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (exploit-kit.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28426 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28427 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28428 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit landing page (exploit-kit.rules) * 1:28429 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit outbound jnlp download attempt (exploit-kit.rules) * 1:2843 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.drop_snapshot_repobject buffer overflow attempt (server-oracle.rules) * 1:28430 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit zip file download (exploit-kit.rules) * 1:28435 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules) * 1:28436 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules) * 1:28437 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:28438 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:28439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bspire variant connection (malware-cnc.rules) * 1:2844 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.refresh_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:28440 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:28441 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28442 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28443 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:28444 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CBgate variant outbound connection (malware-cnc.rules) * 1:28446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant SQL check-in (malware-cnc.rules) * 1:28447 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:28448 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS bimsDownload directory traversal attempt (server-webapp.rules) * 1:28449 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit outbound connection attempt (exploit-kit.rules) * 1:2845 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.register_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:28450 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retrieve attempt (exploit-kit.rules) * 1:28451 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28452 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28453 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28454 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:2846 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.repcat_import_check buffer overflow attempt (server-oracle.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28463 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AllAple Variant ICMP flood (malware-cnc.rules) * 1:28464 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28465 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28466 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28467 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28468 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28469 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:2847 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.unregister_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:28470 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28471 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28472 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28473 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28474 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit outbound plugin detection response - generic detection (exploit-kit.rules) * 1:28475 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit outbound request - generic detection (exploit-kit.rules) * 1:28476 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit outbound request by Java - generic detection (exploit-kit.rules) * 1:28477 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit outbound pdf request (exploit-kit.rules) * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules) * 1:2848 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_utl4.drop_master_repobject buffer overflow attempt (server-oracle.rules) * 1:28482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Terminator RAT variant outbound connection (malware-cnc.rules) * 1:28483 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Magitart outbound communication attempt (malware-other.rules) * 1:28484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delpbank variant outbound connection (malware-cnc.rules) * 1:28485 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Khalog variant outbound connection (malware-cnc.rules) * 1:28486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Codiltak variant outbound connection (malware-cnc.rules) * 1:28489 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:2849 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_utl.drop_an_object buffer overflow attempt (server-oracle.rules) * 1:28490 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object memory corruption attempt (browser-ie.rules) * 1:28491 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CEditAdorner use after free attempt (browser-ie.rules) * 1:28492 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer freed CTreePos object use-after-free attempt (browser-ie.rules) * 1:28493 <-> ENABLED <-> MALWARE-CNC DeputyDog diskless method outbound connection (malware-cnc.rules) * 1:28494 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand CTreePos memory corruption attempt (browser-ie.rules) * 1:28495 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand CTreePos memory corruption attempt (browser-ie.rules) * 1:28496 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer createRange user after free attempt (browser-ie.rules) * 1:28497 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:28498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:2850 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.create_mview_repobject buffer overflow attempt (server-oracle.rules) * 1:28500 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28501 <-> DISABLED <-> FILE-OTHER WordPerfect file magic with .doc extension (file-other.rules) * 1:28502 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28504 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer undo use after free attempt (browser-ie.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:28507 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28508 <-> ENABLED <-> FILE-IDENTIFY Microsoft Write file download file attachment detected (file-identify.rules) * 1:28509 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:2851 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.create_snapshot_repobject buffer overflow attempt (server-oracle.rules) * 1:28510 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28511 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28515 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28516 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28517 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:2852 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.generate_mview_support buffer overflow attempt (server-oracle.rules) * 1:28521 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer print preview information disclosure attempt (browser-ie.rules) * 1:28523 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer generic use after free attempt (browser-ie.rules) * 1:28524 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer generic use after free attempt (browser-ie.rules) * 1:28525 <-> DISABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28526 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:28529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules) * 1:2853 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.generate_replication_trigger buffer overflow attempt (server-oracle.rules) * 1:28530 <-> DISABLED <-> PUA-TOOLBARS Babylon toolbar outbound connection (pua-toolbars.rules) * 1:28531 <-> DISABLED <-> PUA-ADWARE FreePDS installer outbound connection (pua-adware.rules) * 1:28532 <-> DISABLED <-> MALWARE-TOOLS PyLoris http DoS tool (malware-tools.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox/Kuluoz variant connection (malware-cnc.rules) * 1:2854 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.generate_snapshot_support buffer overflow attempt (server-oracle.rules) * 1:28541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess Download Headers (malware-cnc.rules) * 1:28542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conficker variant outbound connection (malware-cnc.rules) * 1:28544 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record memory corruption attempt (file-office.rules) * 1:28547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.chfx variant outbound connection (malware-cnc.rules) * 1:28549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:2855 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.remove_master_databases buffer overflow attempt (server-oracle.rules) * 1:28550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules) * 1:28551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NXI ftp username connection (malware-cnc.rules) * 1:28552 <-> DISABLED <-> INDICATOR-SCAN inbound probing for IPTUX messenger port (indicator-scan.rules) * 1:28553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /main.htm GET Encrypted Payload (malware-cnc.rules) * 1:28554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection - /online.htm GET Encrypted Payload (malware-cnc.rules) * 1:28555 <-> DISABLED <-> MALWARE-OTHER SQL Slammer worm propagation attempt inbound (malware-other.rules) * 1:28556 <-> DISABLED <-> PROTOCOL-DNS DNS query amplification attempt (protocol-dns.rules) * 1:28557 <-> DISABLED <-> PROTOCOL-DNS Malformed DNS query with HTTP content (protocol-dns.rules) * 1:28558 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules) * 1:28559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Castov variant connection (malware-cnc.rules) * 1:2856 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.switch_mview_master buffer overflow attempt (server-oracle.rules) * 1:28560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx FTP keepalive outbound connection (malware-cnc.rules) * 1:28561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plugx outbound connection (malware-cnc.rules) * 1:28562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sidopa variant outbound connection (malware-cnc.rules) * 1:28563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pkdesco variant outbound connection (malware-cnc.rules) * 1:28565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sluegot variant connection (malware-cnc.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules) * 1:28568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:2857 <-> DISABLED <-> SERVER-ORACLE dbms_repcat.switch_snapshot_master buffer overflow attempt (server-oracle.rules) * 1:28570 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28571 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28572 <-> ENABLED <-> FILE-IDENTIFY FDF file attachment detected (file-identify.rules) * 1:28573 <-> ENABLED <-> FILE-IDENTIFY FDF file magic detected (file-identify.rules) * 1:28574 <-> ENABLED <-> FILE-IDENTIFY FDF file download request (file-identify.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28577 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28579 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:2858 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_delete_resolution buffer overflow attempt (server-oracle.rules) * 1:28580 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28581 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28582 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28583 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28584 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28585 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules) * 1:28586 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules) * 1:28587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28588 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GlyphOffset memory disclosure attempt (file-flash.rules) * 1:28589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:2859 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_priority_char buffer overflow attempt (server-oracle.rules) * 1:28590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF remote code execution attempt (file-pdf.rules) * 1:28593 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download (exploit-kit.rules) * 1:28594 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Microsoft Internet Explorer vulnerability request (exploit-kit.rules) * 1:28595 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Oracle Java jar file retrieval (exploit-kit.rules) * 1:28596 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit payload request (exploit-kit.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Lesirt variant outbound connection (malware-cnc.rules) * 1:286 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 BSD overflow (protocol-pop.rules) * 1:2860 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_priority_date buffer overflow attempt (server-oracle.rules) * 1:28600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28601 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28602 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28603 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader badly formatted type 0 font attempt (file-pdf.rules) * 1:28604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kasnam variant connection (malware-cnc.rules) * 1:28606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Surtr variant connection (malware-cnc.rules) * 1:28607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28608 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit Atomic exploit download - specific-structure (exploit-kit.rules) * 1:28609 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit obfuscated exploit payload download (exploit-kit.rules) * 1:2861 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_priority_nchar buffer overflow attempt (server-oracle.rules) * 1:28610 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit exploit payload retreive attempt (exploit-kit.rules) * 1:28611 <-> ENABLED <-> EXPLOIT-KIT Sakura exploit kit outbound connection attempt (exploit-kit.rules) * 1:28612 <-> DISABLED <-> EXPLOIT-KIT Multiple exploit kit Silverlight exploit download (exploit-kit.rules) * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules) * 1:28614 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:28615 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit exploit download attempt (exploit-kit.rules) * 1:28616 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download attempt (exploit-kit.rules) * 1:28617 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28618 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDSElementGetPageRangeList recursive call denial of service attempt (file-pdf.rules) * 1:28619 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:2862 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_priority_number buffer overflow attempt (server-oracle.rules) * 1:28620 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28621 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28623 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28624 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28625 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:28626 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:28627 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28628 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28629 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:2863 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_priority_nvarchar2 buffer overflow attempt (server-oracle.rules) * 1:28630 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:28631 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:28632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:28633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28634 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:28635 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28636 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 1:28637 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 1:28638 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28639 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:2864 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_priority_raw buffer overflow attempt (server-oracle.rules) * 1:28640 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules) * 1:28641 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules) * 1:28642 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28643 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28646 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28647 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28648 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28649 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:2865 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_priority_varchar2 buffer overflow attempt (server-oracle.rules) * 1:28650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28651 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28652 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28653 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28654 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28655 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28656 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28657 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28658 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules) * 1:28659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:2866 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_site_priority_site buffer overflow attempt (server-oracle.rules) * 1:28660 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:28661 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:28662 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:28663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:28664 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28665 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28666 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28667 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28668 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28669 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:2867 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_unique_resolution buffer overflow attempt (server-oracle.rules) * 1:28670 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28671 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28672 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28674 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28675 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28676 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28677 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28678 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28679 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:2868 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.add_update_resolution buffer overflow attempt (server-oracle.rules) * 1:28680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28686 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28687 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:2869 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_char buffer overflow attempt (server-oracle.rules) * 1:28690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28692 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28693 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28694 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28695 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28696 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28697 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28698 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28699 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:287 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 BSD overflow (protocol-pop.rules) * 1:2870 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_date buffer overflow attempt (server-oracle.rules) * 1:28700 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28701 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28702 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28705 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28706 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28707 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28708 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:2871 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_nchar buffer overflow attempt (server-oracle.rules) * 1:28710 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28711 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28712 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28713 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28714 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules) * 1:28717 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules) * 1:28718 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:2872 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_number buffer overflow attempt (server-oracle.rules) * 1:28720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:28723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:28724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:28725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28729 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:2873 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_nvarchar2 buffer overflow attempt (server-oracle.rules) * 1:28730 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28731 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28732 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28733 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28734 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28735 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28738 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28739 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:2874 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_raw buffer overflow attempt (server-oracle.rules) * 1:28740 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28741 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28742 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28743 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:28745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:28747 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28748 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28749 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:2875 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_priority buffer overflow attempt (server-oracle.rules) * 1:28750 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28751 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28752 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28753 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28754 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28755 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28756 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28757 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28758 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28759 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:2876 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_priority_varchar2 buffer overflow attempt (server-oracle.rules) * 1:28760 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28761 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28762 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28763 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28764 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28765 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28766 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28767 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28768 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28769 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:2877 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_site_priority_site buffer overflow attempt (server-oracle.rules) * 1:28770 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28771 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28772 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28773 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28774 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28775 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28776 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28777 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28778 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28779 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:2878 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.alter_site_priority buffer overflow attempt (server-oracle.rules) * 1:28780 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28781 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28782 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28783 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28784 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28785 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28786 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28787 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28788 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28789 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:2879 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.cancel_statistics buffer overflow attempt (server-oracle.rules) * 1:28790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28794 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:28795 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit payload download attempt (exploit-kit.rules) * 1:28796 <-> ENABLED <-> EXPLOIT-KIT iFRAMEr successful cnt.php redirection (exploit-kit.rules) * 1:28797 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit binkey xored binary download attempt (exploit-kit.rules) * 1:28798 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage (exploit-kit.rules) * 1:28799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mxtcycle variant outbound connection (malware-cnc.rules) * 1:288 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 Linux overflow (protocol-pop.rules) * 1:2880 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.comment_on_delete_resolution buffer overflow attempt (server-oracle.rules) * 1:28800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:28802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos outbound connection (malware-cnc.rules) * 1:28803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:28804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector outbound connection (malware-cnc.rules) * 1:28805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palevo outbound connection (malware-cnc.rules) * 1:28806 <-> DISABLED <-> INDICATOR-COMPROMISE potential malware download - single digit .exe file download (indicator-compromise.rules) * 1:28807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:28808 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Ptiger variant outbound connection (malware-cnc.rules) * 1:28809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules) * 1:2881 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.comment_on_priority_group buffer overflow attempt (server-oracle.rules) * 1:28810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection - MSIE7 No Referer No Cookie (malware-cnc.rules) * 1:28811 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28812 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ufraie variant outbound connection (malware-cnc.rules) * 1:28814 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28815 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi/Neverquest variant outbound connection (malware-cnc.rules) * 1:28816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Siluhdur variant outbound connection (malware-cnc.rules) * 1:28817 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:2882 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.comment_on_site_priority buffer overflow attempt (server-oracle.rules) * 1:28820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:28821 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28822 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28823 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28824 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28825 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28826 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:28827 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator XSS attempt (server-other.rules) * 1:2883 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.comment_on_unique_resolution buffer overflow attempt (server-oracle.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:2884 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.comment_on_update_resolution buffer overflow attempt (server-oracle.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28843 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28847 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28849 <-> DISABLED <-> SERVER-WEBAPP WordPress XMLRPC potential port-scan attempt (server-webapp.rules) * 1:2885 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.define_priority_group buffer overflow attempt (server-oracle.rules) * 1:28851 <-> ENABLED <-> SERVER-OTHER JBoss EJBInvokerServlet remote code execution attempt (server-other.rules) * 1:28852 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:28853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipverdle variant outbound connection (malware-cnc.rules) * 1:28854 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer beforeeditfocus use after free exploit attempt (browser-ie.rules) * 1:28855 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer beforeeditfocus use after free exploit attempt (browser-ie.rules) * 1:28856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yowdab variant connection (malware-cnc.rules) * 1:28857 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28858 <-> DISABLED <-> MALWARE-CNC Adwind UNRECOM connnection back to cnc server (malware-cnc.rules) * 1:28859 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules) * 1:2886 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.define_site_priority buffer overflow attempt (server-oracle.rules) * 1:28860 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules) * 1:28861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Roxfora variant outbound connection (malware-cnc.rules) * 1:28862 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:28863 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CViewportChangeInvalidation use after free attempt (browser-ie.rules) * 1:28864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tofsee variant outbound connection (malware-cnc.rules) * 1:28865 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table sub structure use after free attempt (browser-ie.rules) * 1:28866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table sub structure use after free attempt (browser-ie.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:2887 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_delete_resolution buffer overflow attempt (server-oracle.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:28874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:28875 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28876 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28877 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28878 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28879 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Tavdig variant outbound connection (malware-cnc.rules) * 1:2888 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_char buffer overflow attempt (server-oracle.rules) * 1:28880 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CElement Use After Free exploit attempt (browser-ie.rules) * 1:28881 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Dictionary Object use after free attempt (browser-ie.rules) * 1:28882 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Dictionary Object use after free attempt (browser-ie.rules) * 1:28883 <-> ENABLED <-> PUA-ADWARE Apponic CIS file retrieval attempt (pua-adware.rules) * 1:28884 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28885 <-> ENABLED <-> PUA-ADWARE Apponic encapsulated installer outbound connection (pua-adware.rules) * 1:28886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:28887 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:28888 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:28889 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:2889 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_date buffer overflow attempt (server-oracle.rules) * 1:28890 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:28893 <-> DISABLED <-> BROWSER-OTHER known revoked certificate for Tresor CA (browser-other.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:289 <-> DISABLED <-> PROTOCOL-POP EXPLOIT x86 SCO overflow (protocol-pop.rules) * 1:2890 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_nchar buffer overflow attempt (server-oracle.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28909 <-> DISABLED <-> SERVER-WEBAPP OTManager ADM_Pagina.php remote file include attempt (server-webapp.rules) * 1:2891 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_number buffer overflow attempt (server-oracle.rules) * 1:28910 <-> DISABLED <-> SERVER-WEBAPP mcRefer install.php arbitrary PHP code injection attempt (server-webapp.rules) * 1:28911 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit initial outbound request - generic detection (exploit-kit.rules) * 1:28912 <-> DISABLED <-> SERVER-WEBAPP Joomla simple RSS reader admin.rssreader.php remote file include attempt (server-webapp.rules) * 1:28913 <-> DISABLED <-> MALWARE-BACKDOOR Zollard variant outbound connection attempt (malware-backdoor.rules) * 1:28914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Anony variant connection (malware-cnc.rules) * 1:28915 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28916 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules) * 1:28918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:28919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant network connectivity check (malware-cnc.rules) * 1:2892 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_nvarchar2 buffer overflow attempt (server-oracle.rules) * 1:28920 <-> DISABLED <-> BROWSER-IE Microsoft Windows showHelp CHM malicious file execution attempt (browser-ie.rules) * 1:28921 <-> DISABLED <-> BROWSER-IE Microsoft Windows showHelp CHM malicious file execution attempt (browser-ie.rules) * 1:28922 <-> DISABLED <-> BROWSER-IE Microsoft Windows showHelp CHM malicious file execution attempt (browser-ie.rules) * 1:28923 <-> DISABLED <-> BROWSER-IE Microsoft Windows showHelp CHM malicious file execution attempt (browser-ie.rules) * 1:28924 <-> DISABLED <-> BROWSER-IE Microsoft Windows showHelp CHM malicious file execution attempt (browser-ie.rules) * 1:28925 <-> DISABLED <-> BROWSER-IE Microsoft Windows showHelp CHM malicious file execution attempt (browser-ie.rules) * 1:28926 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28929 <-> ENABLED <-> PUA-ADWARE Amonetize installer outbound connection attempt (pua-adware.rules) * 1:2893 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_raw buffer overflow attempt (server-oracle.rules) * 1:28930 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav variant outbound data connection (malware-cnc.rules) * 1:28931 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CHM file load attempt (browser-ie.rules) * 1:28932 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CHM file load attempt (browser-ie.rules) * 1:28934 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28935 <-> DISABLED <-> PUA-ADWARE InstallBrain software download attempt (pua-adware.rules) * 1:28936 <-> DISABLED <-> SERVER-WEBAPP Horde groupware webmail edition ingo filter cross-site request forgery attempt (server-webapp.rules) * 1:28937 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope issuesiebelcmd soap request code execution attempt (server-webapp.rules) * 1:2894 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_priority buffer overflow attempt (server-oracle.rules) * 1:28940 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix malicious download (malware-cnc.rules) * 1:28941 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in IFRAMEr Tool attack (indicator-obfuscation.rules) * 1:28942 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28943 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28944 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28945 <-> DISABLED <-> INDICATOR-COMPROMISE exe.exe download (indicator-compromise.rules) * 1:28946 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint server callback function cross-site scripting attempt (server-webapp.rules) * 1:28947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapaoux variant connection (malware-cnc.rules) * 1:28948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:28949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishlog variant outbound connection (malware-cnc.rules) * 1:2895 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_priority_varchar2 buffer overflow attempt (server-oracle.rules) * 1:28955 <-> DISABLED <-> SERVER-OTHER Squid HTTP Host header port parameter denial of service attempt (server-other.rules) * 1:28956 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks configuration management umaninv information disclosure attempt (server-webapp.rules) * 1:28957 <-> DISABLED <-> SERVER-WEBAPP RSS-aggregator display.php remote file include attempt (server-webapp.rules) * 1:28958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jussuc variant outbound connection (malware-cnc.rules) * 1:2896 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_site_priority_site buffer overflow attempt (server-oracle.rules) * 1:28960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules) * 1:28961 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28962 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28963 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit Flash Exploit landing page (exploit-kit.rules) * 1:28966 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound POST connection (exploit-kit.rules) * 1:28967 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound exploit retrieval connection (exploit-kit.rules) * 1:28968 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound flash exploit retrieval attempt (exploit-kit.rules) * 1:28969 <-> ENABLED <-> EXPLOIT-KIT HiMan exploit kit outbound payload retreival - specific string (exploit-kit.rules) * 1:2897 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_site_priority buffer overflow attempt (server-oracle.rules) * 1:28970 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiAnalyzer cross-site request forgery attempt. (server-webapp.rules) * 1:28971 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiAnalyzer cross-site request forgery attempt. (server-webapp.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules) * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules) * 1:28978 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:28979 <-> DISABLED <-> FILE-OTHER CHM LZX compression reset interval anti-virus evasion attempt (file-other.rules) * 1:2898 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_unique_resolution buffer overflow attempt (server-oracle.rules) * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules) * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules) * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules) * 1:28985 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules) * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules) * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules) * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules) * 1:28989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Egobot variant outbound connection (malware-cnc.rules) * 1:2899 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.drop_update_resolution buffer overflow attempt (server-oracle.rules) * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules) * 1:28991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot FTP data exfiltration (malware-cnc.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules) * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules) * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules) * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules) * 1:28997 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer print preview information disclosure attempt (browser-ie.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:290 <-> DISABLED <-> PROTOCOL-POP EXPLOIT qpopper overflow (protocol-pop.rules) * 1:2900 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.purge_statistics buffer overflow attempt (server-oracle.rules) * 1:29000 <-> DISABLED <-> SERVER-WEBAPP Cisco EPC3925 cross site request forgery attempt (server-webapp.rules) * 1:29001 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit landing page detection (exploit-kit.rules) * 1:29002 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit Silverlight plugin outbound connection attempt (exploit-kit.rules) * 1:29003 <-> ENABLED <-> EXPLOIT-KIT SPL2 exploit kit jar exploit download (exploit-kit.rules) * 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:29006 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29007 <-> ENABLED <-> FILE-IDENTIFY XWD image file attachment detected (file-identify.rules) * 1:29008 <-> ENABLED <-> FILE-IDENTIFY XWD image file download request (file-identify.rules) * 1:29009 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:2901 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_conf.register_statistics buffer overflow attempt (server-oracle.rules) * 1:29010 <-> DISABLED <-> FILE-OTHER GIMP XWD file heap buffer overflow attempt (file-other.rules) * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules) * 1:29012 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29013 <-> ENABLED <-> MALWARE-OTHER Possible Win.Trojan.Zbot variant outbound connection (malware-other.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules) * 1:29017 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29018 <-> DISABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt (server-webapp.rules) * 1:29019 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:2902 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.alter_snapshot_propagation buffer overflow attempt (server-oracle.rules) * 1:29023 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29024 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29025 <-> ENABLED <-> MALWARE-OTHER multi-hop iframe campaign client-side exploit attempt (malware-other.rules) * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules) * 1:29027 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:2903 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.create_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules) * 1:29032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MasterPagePackedText structure CharacterFormatArrayOuterHeaderSize buffer overflow (file-office.rules) * 1:29034 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:29035 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:29036 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CElement Use After Free exploit attempt (browser-ie.rules) * 1:29037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffectInplace1Input ActiveX function call access (browser-plugins.rules) * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules) * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules) * 1:2904 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.create_snapshot_repobject buffer overflow attempt (server-oracle.rules) * 1:29040 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29041 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29042 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules) * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules) * 1:29046 <-> DISABLED <-> SERVER-WEBAPP WhatsUp Gold ExportViewer.asp diretory traversal attempt (server-webapp.rules) * 1:29047 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:2905 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.create_snapshot_repschema buffer overflow attempt (server-oracle.rules) * 1:29050 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29051 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29054 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:29055 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Descrantol variant data exfiltration attempt (malware-backdoor.rules) * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules) * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules) * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules) * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules) * 1:2906 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.drop_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:29062 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules) * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules) * 1:2907 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.drop_snapshot_repobject buffer overflow attempt (server-oracle.rules) * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules) * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules) * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules) * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules) * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules) * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules) * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules) * 1:2908 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.drop_snapshot_repschema buffer overflow attempt (server-oracle.rules) * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules) * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules) * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules) * 1:2909 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.generate_snapshot_support buffer overflow attempt (server-oracle.rules) * 1:29090 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious test for public IP - iframe.ip138.com (indicator-compromise.rules) * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules) * 1:29092 <-> DISABLED <-> BROWSER-PLUGINS ABB Test Signal Viewer CWGraph3D ActiveX clsid access attempt (browser-plugins.rules) * 1:29094 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.Shatekrat variant initial outbound connection (malware-backdoor.rules) * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules) * 1:29096 <-> ENABLED <-> MALWARE-TOOLS Browser Password Decryptor - Password List sent via FTP (malware-tools.rules) * 1:29097 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:29098 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX access attempt (browser-plugins.rules) * 1:2910 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.refresh_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:29100 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:29102 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX access attempt (browser-plugins.rules) * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules) * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules) * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules) * 1:2911 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.refresh_snapshot_repschema buffer overflow attempt (server-oracle.rules) * 1:29110 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway save.do cross site request forgery attempt (server-webapp.rules) * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules) * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules) * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules) * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules) * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules) * 1:29118 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger Server process memory information disclosure attempt (server-webapp.rules) * 1:2912 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.register_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:29124 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.InstallMonster variant outbound connection (malware-other.rules) * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules) * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:29128 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit plugin detection page (exploit-kit.rules) * 1:29129 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit jar exploit download - specific structure (exploit-kit.rules) * 1:2913 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.repcat_import_check buffer overflow attempt (server-oracle.rules) * 1:29130 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit malicious payload download attempt (exploit-kit.rules) * 1:29131 <-> ENABLED <-> EXPLOIT-KIT Stamp exploit kit PDF exploit retrieval attempt (exploit-kit.rules) * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules) * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules) * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules) * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules) * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules) * 1:2914 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.set_local_flavor buffer overflow attempt (server-oracle.rules) * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules) * 1:29141 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29142 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules) * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules) * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules) * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules) * 1:2915 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.switch_snapshot_master buffer overflow attempt (server-oracle.rules) * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules) * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules) * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules) * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules) * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules) * 1:29157 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules) * 1:29158 <-> DISABLED <-> SERVER-WEBAPP NagiosQL hostdependencies.php cross site scripting attempt (server-webapp.rules) * 1:29159 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules) * 1:2916 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.unregister_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:29160 <-> DISABLED <-> SERVER-WEBAPP The Bug Genie openid_identifier cross site scripting attempt (server-webapp.rules) * 1:29162 <-> ENABLED <-> FILE-IDENTIFY CIS file download request (file-identify.rules) * 1:29163 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound exploit request (exploit-kit.rules) * 1:29164 <-> DISABLED <-> EXPLOIT-KIT CritX exploit kit outbound flash request (exploit-kit.rules) * 1:29165 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit outbound jar request (exploit-kit.rules) * 1:29166 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload download attempt (exploit-kit.rules) * 1:29167 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload download attempt (exploit-kit.rules) * 1:29168 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EUC-JP encoding cross site scripting attempt (browser-ie.rules) * 1:2917 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna_utl.switch_snapshot_master buffer overflow attempt (server-oracle.rules) * 1:29170 <-> DISABLED <-> SERVER-WEBAPP NetWeaver internet sales module directory traversal attempt (server-webapp.rules) * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules) * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules) * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules) * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules) * 1:2918 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_sna.validate_for_local_flavor buffer overflow attempt (server-oracle.rules) * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29186 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound connection (exploit-kit.rules) * 1:29187 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound pdf request (exploit-kit.rules) * 1:29188 <-> DISABLED <-> EXPLOIT-KIT Magnitude exploit kit embedded open type font file request (exploit-kit.rules) * 1:29189 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Microsoft Internet Explorer Payload request (exploit-kit.rules) * 1:2919 <-> DISABLED <-> SERVER-ORACLE sys.dbms_repcat_untrusted.register_snapshot_repgroup buffer overflow attempt (server-oracle.rules) * 1:29190 <-> ENABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation - seen in Nuclear exploit kit (indicator-obfuscation.rules) * 1:29192 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29193 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29194 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding registers - too many inputs (protocol-scada.rules) * 1:29195 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input register - too many inputs (protocol-scada.rules) * 1:29196 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input status - too many inputs (protocol-scada.rules) * 1:29197 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29198 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write multiple registers - too many writes (protocol-scada.rules) * 1:29199 <-> DISABLED <-> PROTOCOL-SCADA Modbus write multiple registers - too many registers (protocol-scada.rules) * 1:292 <-> DISABLED <-> OS-LINUX x86 Linux samba overflow (os-linux.rules) * 1:29200 <-> DISABLED <-> PROTOCOL-SCADA Modbus write single coil - invalid state (protocol-scada.rules) * 1:29201 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29202 <-> DISABLED <-> PROTOCOL-SCADA Modbus read coil status response - too many coils (protocol-scada.rules) * 1:29203 <-> DISABLED <-> PROTOCOL-SCADA Modbus read fifo response invalid byte count (protocol-scada.rules) * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules) * 1:29205 <-> DISABLED <-> PROTOCOL-SCADA Modbus read input registers response invalid byte count (protocol-scada.rules) * 1:29206 <-> DISABLED <-> PROTOCOL-SCADA Modbus read write register response - invalid byte count (protocol-scada.rules) * 1:29207 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29208 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29209 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:2921 <-> DISABLED <-> PROTOCOL-DNS UDP inverse query (protocol-dns.rules) * 1:29210 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29211 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29212 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29213 <-> ENABLED <-> INDICATOR-OBFUSCATION potential math library debugging (indicator-obfuscation.rules) * 1:29214 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:29215 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:29218 <-> DISABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:29219 <-> ENABLED <-> FILE-JAVA Oracle Java and JavaFX JPEGImageReader memory corruption attempt (file-java.rules) * 1:2922 <-> DISABLED <-> PROTOCOL-DNS TCP inverse query (protocol-dns.rules) * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules) * 1:29221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer blnmgr clsid access attempt (browser-ie.rules) * 1:29222 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer devenum clsid access attempt (browser-ie.rules) * 1:29223 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer msdds clsid access attempt (browser-ie.rules) * 1:29224 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Browser Architecture ActiveX clsid access (browser-plugins.rules) * 1:29225 <-> DISABLED <-> BROWSER-PLUGINS Microsoft HTML Window Security Proxy ActiveX clsid access (browser-plugins.rules) * 1:29226 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ACM Class Manager ActiveX clsid access (browser-plugins.rules) * 1:29227 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Address Bar ActiveX clsid access (browser-plugins.rules) * 1:29228 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_ApprenticeICW ActiveX clsid access (browser-plugins.rules) * 1:29229 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_CDIDeviceActionConfigPage ActiveX clsid access (browser-plugins.rules) * 1:2923 <-> DISABLED <-> NETBIOS SMB repeated logon failure (netbios.rules) * 1:29230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CommunicationManager ActiveX clsid access (browser-plugins.rules) * 1:29231 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Content.mbcontent.1 ActiveX clsid access (browser-plugins.rules) * 1:29232 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DiskManagement.Connection ActiveX clsid access (browser-plugins.rules) * 1:29233 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dutch_Dutch Stemmer ActiveX clsid access (browser-plugins.rules) * 1:29234 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer English_UK Stemmer ActiveX clsid access (browser-plugins.rules) * 1:29235 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer English_US Stemmer ActiveX clsid access (browser-plugins.rules) * 1:29236 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer French_French Stemmer ActiveX clsid access (browser-plugins.rules) * 1:29237 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer German_German Stemmer ActiveX clsid access (browser-plugins.rules) * 1:29238 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ICM Class Manager ActiveX clsid access (browser-plugins.rules) * 1:29239 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISSimpleCommandCreator.1 ActiveX clsid access (browser-plugins.rules) * 1:2924 <-> DISABLED <-> NETBIOS SMB-DS repeated logon failure (netbios.rules) * 1:29240 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Italian_Italian Stemmer ActiveX clsid access (browser-plugins.rules) * 1:29241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MidiOut Class Manager ActiveX clsid access (browser-plugins.rules) * 1:29242 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mslablti.MarshalableTI.1 ActiveX clsid access (browser-plugins.rules) * 1:29243 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PostBootReminder object ActiveX clsid access (browser-plugins.rules) * 1:29244 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer QC.MessageMover.1 ActiveX clsid access (browser-plugins.rules) * 1:29245 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShellFolder for CD Burning ActiveX clsid access (browser-plugins.rules) * 1:29246 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Spanish_Modern Stemmer ActiveX clsid access (browser-plugins.rules) * 1:29247 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Swedish_Default Stemmer ActiveX clsid access (browser-plugins.rules) * 1:29248 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VFW Capture Class Manager ActiveX clsid access (browser-plugins.rules) * 1:29249 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Effect Class Manager 1 Input ActiveX clsid access (browser-plugins.rules) * 1:29250 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Effect Class Manager 2 Input ActiveX clsid access (browser-plugins.rules) * 1:29251 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WDM Instance Provider ActiveX clsid access (browser-plugins.rules) * 1:29252 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WIA FileSystem USD ActiveX clsid access (browser-plugins.rules) * 1:29253 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WaveIn Class Manager ActiveX clsid access (browser-plugins.rules) * 1:29254 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WaveOut and DSound Class Manager ActiveX clsid access (browser-plugins.rules) * 1:29255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer clbcatex.dll ActiveX clsid access (browser-plugins.rules) * 1:29256 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer clbcatq.dll ActiveX clsid access (browser-plugins.rules) * 1:29257 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer syncui.dll ActiveX clsid access (browser-plugins.rules) * 1:29258 <-> DISABLED <-> BROWSER-PLUGINS Microsoft WBEM Event Subsystem ActiveX clsid access (browser-plugins.rules) * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:2926 <-> DISABLED <-> SERVER-WEBAPP PhpGedView PGV base directory manipulation (server-webapp.rules) * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:29264 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29265 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property use after free memory corruption attempt (browser-ie.rules) * 1:29266 <-> DISABLED <-> SERVER-OTHER Cisco Prime Data Center Network Manager arbitrary file read attempt (server-other.rules) * 1:29267 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules) * 1:29268 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:29269 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImageRepresentation.setPixels integer overflow attempt (file-java.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29270 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29271 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29272 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29273 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules) * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules) * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules) * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules) * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules) * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules) * 1:29296 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (server-webapp.rules) * 1:29297 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (server-webapp.rules) * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules) * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules) * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules) * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules) * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules) * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules) * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules) * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules) * 1:29314 <-> DISABLED <-> PROTOCOL-SCADA Modbus function scan (protocol-scada.rules) * 1:29315 <-> DISABLED <-> PROTOCOL-SCADA Modbus list scan (protocol-scada.rules) * 1:29316 <-> DISABLED <-> PROTOCOL-SCADA Modbus value scan (protocol-scada.rules) * 1:29317 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid exception message (protocol-scada.rules) * 1:29318 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface response (protocol-scada.rules) * 1:29319 <-> DISABLED <-> PROTOCOL-SCADA Modbus invalid encapsulated interface request (protocol-scada.rules) * 1:29320 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29321 <-> DISABLED <-> APP-DETECT Baidu IME download attempt (app-detect.rules) * 1:29322 <-> DISABLED <-> APP-DETECT Baidu IME runtime detection - remote sync (app-detect.rules) * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules) * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules) * 1:29326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:29327 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:29328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:29329 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtX memory corruption attempt (file-office.rules) * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules) * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules) * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules) * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules) * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules) * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules) * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules) * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules) * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules) * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules) * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules) * 1:29346 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter cross site scripting attempt (server-webapp.rules) * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules) * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules) * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules) * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules) * 1:29354 <-> DISABLED <-> APP-DETECT Foca file scanning attempt (app-detect.rules) * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules) * 1:29357 <-> DISABLED <-> PUA-P2P Vuze BitTorrent client outbound connection (pua-p2p.rules) * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules) * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules) * 1:2936 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP nddeapi NDdeSetTrustedShareW overflow attempt (os-windows.rules) * 1:29360 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit encrypted binary download (exploit-kit.rules) * 1:29361 <-> ENABLED <-> EXPLOIT-KIT Goon/Infinity exploit kit landing page (exploit-kit.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules) * 1:29364 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Esjey outbound communication attempt (malware-other.rules) * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules) * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules) * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules) * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules) * 1:29374 <-> DISABLED <-> SERVER-WEBAPP Nagios process_cgivars off-by-one memory access denial of service attempt (server-webapp.rules) * 1:29375 <-> DISABLED <-> SERVER-WEBAPP Nagios process_cgivars off-by-one memory access denial of service attempt (server-webapp.rules) * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules) * 1:29378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper inbound encrypted traffic (malware-cnc.rules) * 1:29379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound encrypted traffic - potential exfiltration (malware-cnc.rules) * 1:29380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound encrypted traffic (malware-cnc.rules) * 1:29381 <-> DISABLED <-> APP-DETECT VPN Over DNS outbound traffic attempt (app-detect.rules) * 1:29382 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29383 <-> DISABLED <-> APP-DETECT VPN Over DNS application download attempt (app-detect.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29387 <-> ENABLED <-> SERVER-WEBAPP Synology DiskStation Manager SLICEUPLOAD remote command execution attempt (server-webapp.rules) * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules) * 1:29390 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29391 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29392 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29393 <-> DISABLED <-> SERVER-OTHER ntp monlist denial of service attempt (server-other.rules) * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules) * 1:29395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:29396 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip receipt filename download with .exe name within .zip the same (policy-spam.rules) * 1:29397 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip shipping filename download with .exe name within .zip the same (policy-spam.rules) * 1:29398 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip voicemail filename download with .exe name within .zip the same (policy-spam.rules) * 1:29399 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - .zip statement filename download with .exe name within .zip the same (policy-spam.rules) * 1:29400 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM AddEmailAttachment directory traversal attempt (server-webapp.rules) * 1:29401 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules) * 1:29402 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi parameter code execution attempt (server-webapp.rules) * 1:29403 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000B setup.cgi cross site scripting attempt (server-webapp.rules) * 1:29404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules) * 1:29409 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:29410 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules) * 1:29412 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Java download attempt (exploit-kit.rules) * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules) * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:2942 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP winreg InitiateSystemShutdown attempt (netbios.rules) * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules) * 1:29421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules) * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules) * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules) * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules) * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules) * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules) * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules) * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules) * 1:29433 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:29434 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:29435 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29436 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:29437 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29438 <-> DISABLED <-> OS-MOBILE Android Goodix gt915 touchscreen driver improper bounds-check privileged access attempt (os-mobile.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules) * 1:29443 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit outbound connection attempt (exploit-kit.rules) * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules) * 1:29445 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit fonts download page (exploit-kit.rules) * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules) * 1:29447 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit payload download - scandsk.exe (exploit-kit.rules) * 1:29448 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:29449 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page (exploit-kit.rules) * 1:29450 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit outbound connection attempt (exploit-kit.rules) * 1:29452 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules) * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules) * 1:29454 <-> DISABLED <-> PROTOCOL-ICMP Unusual L3retriever Ping detected (protocol-icmp.rules) * 1:29455 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows Ping detected (protocol-icmp.rules) * 1:29456 <-> DISABLED <-> PROTOCOL-ICMP Unusual PING detected (protocol-icmp.rules) * 1:29457 <-> DISABLED <-> PROTOCOL-ICMP Unusual Microsoft Windows 7 Ping detected (protocol-icmp.rules) * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules) * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules) * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules) * 1:29462 <-> ENABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent The Mole (indicator-scan.rules) * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules) * 1:29465 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29466 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29467 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29468 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules) * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules) * 1:29485 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29486 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29487 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29488 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules) * 1:29490 <-> DISABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules) * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules) * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules) * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:29498 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt (server-webapp.rules) * 1:29499 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt (server-webapp.rules) * 1:29500 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader outbound connection attempt (pua-adware.rules) * 1:29501 <-> DISABLED <-> PUA-ADWARE 4Shared Downloader executable file download attempt (pua-adware.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29504 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:29506 <-> DISABLED <-> BROWSER-PLUGINS ABB Test Signal Viewer CWGraph3D ActiveX clsid access attempt (browser-plugins.rules) * 1:29507 <-> DISABLED <-> BROWSER-PLUGINS ABB Test Signal Viewer CWGraph3D ActiveX clsid access attempt (browser-plugins.rules) * 1:29508 <-> DISABLED <-> BROWSER-PLUGINS ABB Test Signal Viewer CWGraph3D ActiveX clsid access attempt (browser-plugins.rules) * 1:29509 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules) * 1:29510 <-> ENABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29519 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join (indicator-obfuscation.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules) * 1:29537 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29539 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29540 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29541 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29542 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29543 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29544 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29545 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29546 <-> DISABLED <-> FILE-MULTIMEDIA WAV processing buffer overflow attempt (file-multimedia.rules) * 1:29547 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:29548 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:29549 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure test_li_connection.php command injection (server-webapp.rules) * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules) * 1:29551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid instruction memory corruption attempt (file-flash.rules) * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules) * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules) * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules) * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules) * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules) * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules) * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules) * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules) * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules) * 1:29570 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29571 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29572 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29573 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29574 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29575 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29577 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29581 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:29582 <-> DISABLED <-> SERVER-OTHER Mediawiki DjVu and PDF handling code execution attempt (server-other.rules) * 1:29583 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center information disclosure attempt (server-webapp.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29593 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera CSRF attempt (server-webapp.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29595 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera directory traversal attempt (server-webapp.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29598 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap call apipreferenceimpl security bypass attempt (server-webapp.rules) * 1:29599 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap call apipreferenceimpl security bypass attempt (server-webapp.rules) * 1:29600 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap call apipreferenceimpl security bypass attempt (server-webapp.rules) * 1:29601 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap call apipreferenceimpl security bypass attempt (server-webapp.rules) * 1:29602 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML array with negative length memory corruption attempt (browser-ie.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29604 <-> DISABLED <-> OS-OTHER CoDeSys Gateway Server Denial of Service attempt detected (os-other.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29608 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO showRegisteredTypeDetails.do sql injection attempt (server-webapp.rules) * 1:29609 <-> DISABLED <-> SERVER-WEBAPP McAfee ePO DisplayMSAPropsDetail.do sql injection attempt (server-webapp.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound connection (malware-cnc.rules) * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound connection (malware-cnc.rules) * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:29618 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Client activex InvokeContact untrusted pointer dereference (server-webapp.rules) * 1:29619 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Client activex GenerateSummaryPage untrusted pointer dereference (server-webapp.rules) * 1:29620 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules) * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29631 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules) * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules) * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules) * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules) * 1:29639 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29640 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29641 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules) * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules) * 1:29646 <-> DISABLED <-> SERVER-WEBAPP SkyBlueCanvas CMS contact page command injection attempt (server-webapp.rules) * 1:29647 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29648 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29649 <-> DISABLED <-> SERVER-APACHE Apache Roller allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules) * 1:29655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 use after free attempt (browser-ie.rules) * 1:29660 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29661 <-> DISABLED <-> FILE-OTHER Norton Anti-Virus decompression bomb denial of service attempt (file-other.rules) * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules) * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules) * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules) * 1:29667 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos deleted object access attempt (browser-ie.rules) * 1:29668 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos deleted object access attempt (browser-ie.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules) * 1:29671 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:29672 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:29673 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:29674 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:29675 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion attempt (browser-ie.rules) * 1:29676 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CRootElement Object use after free attempt (browser-ie.rules) * 1:29677 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CRootElement Object use after free attempt (browser-ie.rules) * 1:29678 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swap node user after free (browser-ie.rules) * 1:29679 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swap node user after free (browser-ie.rules) * 1:29680 <-> DISABLED <-> BROWSER-PLUGINS Microsoft XML Core Services same origin policy bypass attempt (browser-plugins.rules) * 1:29681 <-> DISABLED <-> BROWSER-PLUGINS Microsoft XML Core Services same origin policy bypass attempt (browser-plugins.rules) * 1:29706 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access attempt detected (browser-ie.rules) * 1:29707 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access attempt detected (browser-ie.rules) * 1:29708 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS uninitialized object access attempt detected (browser-ie.rules) * 1:29709 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer fontFamily attribute deleted object access memory corruption attempt (browser-ie.rules) * 1:29710 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer fontFamily attribute deleted object access memory corruption attempt (browser-ie.rules) * 1:29711 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTree Node use after free attempt (browser-ie.rules) * 1:29712 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTree Node use after free attempt (browser-ie.rules) * 1:29713 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29714 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29715 <-> DISABLED <-> SERVER-IIS Microsoft Windows ASP .NET denial of service attempt (server-iis.rules) * 1:29716 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object memory corruption attempt (browser-ie.rules) * 1:29717 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer text node use after free attempt (browser-ie.rules) * 1:29718 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer text node use after free attempt (browser-ie.rules) * 1:29719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SLayoutRun use after free attempt (browser-ie.rules) * 1:29720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SLayoutRun use after free attempt (browser-ie.rules) * 1:29721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:29722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:29723 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29725 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29726 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmPNumRM record (file-office.rules) * 1:29727 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement event handler use after free attempt (browser-ie.rules) * 1:29728 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement event handler use after free attempt (browser-ie.rules) * 1:29729 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement event handler use after free attempt (browser-ie.rules) * 1:29730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement event handler use after free attempt (browser-ie.rules) * 1:29731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer list element use after free attempt (browser-ie.rules) * 1:29732 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer list element use after free attempt (browser-ie.rules) * 1:29733 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29734 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules) * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules) * 1:29737 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cmarkup methods use after free attempt (browser-ie.rules) * 1:29738 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cmarkup methods use after free attempt (browser-ie.rules) * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules) * 1:29741 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:29742 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:29743 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:29744 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:29745 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS variable (indicator-obfuscation.rules) * 1:29746 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway languagetest.php language parameter directory traversal attempt (server-webapp.rules) * 1:29747 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:29748 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:29749 <-> DISABLED <-> BROWSER-PLUGINS IBM SizerOne ActiveX clsid access attempt (browser-plugins.rules) * 1:29750 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29751 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29753 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules) * 1:29754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:29755 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:29756 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:29757 <-> DISABLED <-> SERVER-WEBAPP Datalife Engine preview.php Remote Code Execution attempt (server-webapp.rules) * 1:29758 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Javascript negative option index attack attempt (browser-ie.rules) * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules) * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules) * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules) * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules) * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules) * 1:29793 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras execution of commands from administration web interface (server-other.rules) * 1:29794 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access to the video stream via HTTP (server-other.rules) * 1:29795 <-> DISABLED <-> SERVER-OTHER D-Link IP Cameras access the ASCII video stream via image luminance (server-other.rules) * 1:29796 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:29798 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:29799 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:29800 <-> DISABLED <-> FILE-OTHER XML exponential entity expansion attack attempt (file-other.rules) * 1:29802 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:29803 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:29804 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29805 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29806 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:29807 <-> DISABLED <-> INDICATOR-OBFUSCATION Alternating character encodings - JS array (indicator-obfuscation.rules) * 1:29808 <-> DISABLED <-> SERVER-WEBAPP Nagios XI alert cloud cross site scripting attempt (server-webapp.rules) * 1:29809 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29810 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29811 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29812 <-> DISABLED <-> BROWSER-WEBKIT Google Chrome and Apple Safari CSS float use-after-free attempt (browser-webkit.rules) * 1:29813 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized HTML number encodings detected in clsid access attempt (indicator-obfuscation.rules) * 1:29814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:29815 <-> DISABLED <-> SERVER-WEBAPP Kloxo webcommand.php SQL injection attempt (server-webapp.rules) * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules) * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules) * 1:29819 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:29820 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:29821 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules) * 1:29822 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules) * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules) * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules) * 1:29829 <-> ENABLED <-> SERVER-WEBAPP HNAP remote code execution attempt (server-webapp.rules) * 1:29830 <-> DISABLED <-> SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (server-webapp.rules) * 1:29831 <-> ENABLED <-> SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (server-webapp.rules) * 1:29835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules) * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules) * 1:29863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:29864 <-> ENABLED <-> EXPLOIT-KIT Redkit exploit kit payload request (exploit-kit.rules) * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules) * 1:29866 <-> DISABLED <-> SERVER-IIS Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos attempt (server-iis.rules) * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules) * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules) * 1:29871 <-> DISABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules) * 1:29874 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Dremseko outbound username enumeration (malware-backdoor.rules) * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules) * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules) * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules) * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules) * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules) * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules) * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules) * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules) * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules) * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules) * 1:29888 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29889 <-> DISABLED <-> FILE-OTHER Clam Anti-Virus TNEF file handling denial of service attempt (file-other.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules) * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:29896 <-> DISABLED <-> SERVER-APACHE Apache Tomcat infinite loop denial of service attempt (server-apache.rules) * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules) * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules) * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules) * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules) * 1:29902 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29903 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29904 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29905 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid JPEG stream double free attempt (file-pdf.rules) * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules) * 1:29909 <-> ENABLED <-> SERVER-OTHER JBoss JMXInvokerServlet remote code execution attempt (server-other.rules) * 1:29911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nortusa variant outbound system information disclosure (malware-cnc.rules) * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules) * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules) * 1:29918 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Vacky system information disclosure (malware-other.rules) * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules) * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules) * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules) * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules) * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules) * 1:29926 <-> DISABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buffer overflow attempt (file-flash.rules) * 1:29928 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29929 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29934 <-> DISABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:29935 <-> DISABLED <-> PROTOCOL-DNS ISC libdns client NAPTR record regular expression handling denial of service attempt (protocol-dns.rules) * 1:29936 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:29937 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:29938 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio Remote Agent buffer overflow attempt (server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:29946 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29947 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29948 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29949 <-> DISABLED <-> SERVER-WEBAPP WebCalendar index.php form_single_user_login parameter command injection (server-webapp.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules) * 1:29951 <-> DISABLED <-> SERVER-OTHER HylaFAX plus LDAP authentication username buffer overflow attempt (server-other.rules) * 1:29952 <-> DISABLED <-> SERVER-OTHER HP LoadRunner XDR handling heap buffer overflow (server-other.rules) * 1:29953 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29954 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server heap buffer overflow attempt (protocol-scada.rules) * 1:29955 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting (server-webapp.rules) * 1:29956 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget POST request cross-site scripting (server-webapp.rules) * 1:29957 <-> DISABLED <-> SERVER-OTHER Kolibri HTTP Server uri buffer overflow attempt (server-other.rules) * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules) * 1:29959 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:29960 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29961 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29962 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29963 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime DoS attempt (protocol-scada.rules) * 1:29964 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime directory traversal attempt (protocol-scada.rules) * 1:29965 <-> DISABLED <-> PROTOCOL-SCADA Tri PLC Nano 10 PLC denial of service attempt (protocol-scada.rules) * 1:29966 <-> DISABLED <-> SERVER-OTHER Ubiquiti airCam RTSP service buffer overflow attempt (server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29969 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29970 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29971 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29972 <-> DISABLED <-> FILE-JAVA Oracle Java java.util.concurrent.ConcurrentHashMap memory corruption attempt (file-java.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules) * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules) * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules) * 1:29979 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager Unauthenticated XML External Entity Injection attempt (server-webapp.rules) * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules) * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules) * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules) * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules) * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules) * 1:29988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:29989 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules) * 1:29991 <-> DISABLED <-> PUA-ADWARE The Best All Codecs App runtime detection (pua-adware.rules) * 1:29992 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT120N tmUnblock.cgi TM_Block_URL parameter fprintf stack buffer overflow attempt (server-webapp.rules) * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules) * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules) * 1:300 <-> DISABLED <-> OS-SOLARIS Oracle Solaris npls x86 overflow (os-solaris.rules) * 1:3000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules) * 1:30000 <-> DISABLED <-> MALWARE-BACKDOOR FireCrotch exploit kit backdoor attempt (malware-backdoor.rules) * 1:30001 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit landing page detected (exploit-kit.rules) * 1:30002 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit Java download attempt (exploit-kit.rules) * 1:30003 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit payload download attempt (exploit-kit.rules) * 1:30004 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit - exploit targeting Java before v1.7.17 (exploit-kit.rules) * 1:30005 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit - exploit targeting Google Chrome with Java before v1.7.17 (exploit-kit.rules) * 1:30006 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 6 on Windows XP (exploit-kit.rules) * 1:30007 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 7 on Windows XP with Java before v1.7.17 (exploit-kit.rules) * 1:30008 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 8 on Windows XP (exploit-kit.rules) * 1:30009 <-> ENABLED <-> EXPLOIT-KIT Hello/LightsOut exploit kit - exploit targeting Java v1.6.32 and older (exploit-kit.rules) * 1:3001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules) * 1:30011 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CIMPLICITY CimWebServer remote code execution attempt (server-webapp.rules) * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:30014 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30019 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:3002 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules) * 1:30020 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30021 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30022 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30023 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30024 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30025 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30026 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30027 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30028 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30029 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:3003 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules) * 1:30030 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30031 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino stack buffer overflow attempt (server-webapp.rules) * 1:39112 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39113 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39114 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39115 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39128 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:39129 <-> DISABLED <-> EXPLOIT-KIT Nuclear gate redirect attempt (exploit-kit.rules) * 1:39130 <-> DISABLED <-> EXPLOIT-KIT Obfuscated exploit download attempt (exploit-kit.rules) * 1:39131 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules) * 1:39132 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Acroform engine memory corruption attempt (file-pdf.rules) * 1:39133 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules) * 1:39134 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi command injection attempt (server-webapp.rules) * 1:39135 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks XM Firmware scr.cgi directory traversal attempt (server-webapp.rules) * 1:39136 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39137 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39138 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39139 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39140 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39141 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39142 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39143 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif ModifyDate metadata memory corruption attempt (file-image.rules) * 1:39144 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39145 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39146 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39147 <-> DISABLED <-> FILE-IMAGE Adobe Pro DC Exif Software metadata memory corruption attempt (file-image.rules) * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules) * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules) * 1:39152 <-> DISABLED <-> SERVER-WEBAPP Huawei HG866 GPON root password change attempt (server-webapp.rules) * 1:39153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XObject image object use after free attempt (file-pdf.rules) * 1:39155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:39157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39158 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39161 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules) * 1:39162 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules) * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules) * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules) * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules) * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules) * 1:39189 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:39190 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:39191 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:39192 <-> ENABLED <-> SERVER-WEBAPP D-Link router unauthorised DNS change attempt (server-webapp.rules) * 1:39193 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (os-windows.rules) * 1:39194 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (os-windows.rules) * 1:39195 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (os-windows.rules) * 1:39196 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys MakeWindowForegroundWithState null pointer dereference attempt (os-windows.rules) * 1:39197 <-> DISABLED <-> SERVER-WEBAPP AirTies RT hardcoded credentials login attempt (server-webapp.rules) * 1:39198 <-> DISABLED <-> SERVER-WEBAPP D-Link authentication bypass attempt (server-webapp.rules) * 1:39199 <-> ENABLED <-> BROWSER-IE Microsoft Edge class object confusion attempt (browser-ie.rules) * 1:392 <-> DISABLED <-> PROTOCOL-ICMP Datagram Conversion Error (protocol-icmp.rules) * 1:39200 <-> ENABLED <-> BROWSER-IE Microsoft Edge class object confusion attempt (browser-ie.rules) * 1:39201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript csession close use after free attempt (browser-ie.rules) * 1:39202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript csession close use after free attempt (browser-ie.rules) * 1:39203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll out of bounds read attempt (file-office.rules) * 1:39204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll out of bounds read attempt (file-office.rules) * 1:39205 <-> ENABLED <-> BROWSER-IE Microsoft Edge PDF reader out of bounds memory access attempt (browser-ie.rules) * 1:39206 <-> ENABLED <-> BROWSER-IE Microsoft Edge PDF reader out of bounds memory access attempt (browser-ie.rules) * 1:39207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer drag and drop API remote code execution attempt (browser-ie.rules) * 1:39208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer drag and drop API remote code execution attempt (browser-ie.rules) * 1:39209 <-> ENABLED <-> OS-WINDOWS Microsoft Windows sandbox ProcessFontDisablePolicy check bypass attempt (os-windows.rules) * 1:39210 <-> ENABLED <-> OS-WINDOWS Microsoft Windows sandbox ProcessFontDisablePolicy check bypass attempt (os-windows.rules) * 1:39211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript out of bounds memory access remote code execution attempt (browser-ie.rules) * 1:39212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript out of bounds memory access remote code execution attempt (browser-ie.rules) * 1:39213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (os-windows.rules) * 1:39214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (os-windows.rules) * 1:39215 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (os-windows.rules) * 1:39216 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV NTLM reflection attack attempt (os-windows.rules) * 1:39217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys NtGdiExtFloodFill use after free attempt (os-windows.rules) * 1:39218 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys NtGdiExtFloodFill use after free attempt (os-windows.rules) * 1:39219 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:39220 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:39221 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word mso.dll subcomponent use after free attempt (file-office.rules) * 1:39222 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word mso.dll subcomponent use after free attempt (file-office.rules) * 1:39223 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XLS out of bounds memory read attempt (file-office.rules) * 1:39224 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XLS out of bounds memory read attempt (file-office.rules) * 1:39225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Diagnostics Hub directory traversal attempt (os-windows.rules) * 1:39226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Diagnostics Hub directory traversal attempt (os-windows.rules) * 1:39227 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WPAD spoofing attempt (os-windows.rules) * 1:39228 <-> DISABLED <-> BROWSER-IE Microsoft Edge PDF Color Space out-of-bounds memory access attempt (browser-ie.rules) * 1:39229 <-> DISABLED <-> BROWSER-IE Microsoft Edge PDF Color Space out-of-bounds memory access attempt (browser-ie.rules) * 1:39230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS link element use-after-free attempt (browser-ie.rules) * 1:39231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS link element use-after-free attempt (browser-ie.rules) * 1:39232 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 1:39233 <-> ENABLED <-> BROWSER-IE Microsoft Edge Content Security Policy bypass attempt (browser-ie.rules) * 1:39234 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer tagged integer type confusion attempt (browser-ie.rules) * 1:39235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer tagged integer type confusion attempt (browser-ie.rules) * 1:39236 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine buffer overflow attempt (browser-ie.rules) * 1:39237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine buffer overflow attempt (browser-ie.rules) * 1:39238 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed PDF JPEG2000 object out of bounds memory access attempt (browser-ie.rules) * 1:39239 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed PDF JPEG2000 object out of bounds memory access attempt (browser-ie.rules) * 1:39240 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules) * 1:39241 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules) * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39260 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player unhandled recursion limit out of bounds read attempt (file-flash.rules) * 1:39266 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GdiPlus malformed EMF file out of bounds read attempt (os-windows.rules) * 1:39267 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GdiPlus malformed EMF file out of bounds read attempt (os-windows.rules) * 1:39268 <-> DISABLED <-> SERVER-WEBAPP Joomla PayPlans Extension com_payplans group_id SQL injection attempt (server-webapp.rules) * 1:39269 <-> ENABLED <-> FILE-FLASH Adobe Flash TextFormat.setTabStops use-after-free attempt (file-flash.rules) * 1:39270 <-> ENABLED <-> FILE-FLASH Adobe Flash TextFormat.setTabStops use-after-free attempt (file-flash.rules) * 1:39271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39273 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39274 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39275 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39277 <-> ENABLED <-> FILE-OTHER Adobe Flash Player malformed JPEG XR heap overflow attempt (file-other.rules) * 1:39278 <-> ENABLED <-> FILE-OTHER Adobe Flash Player malformed JPEG XR heap overflow attempt (file-other.rules) * 1:39279 <-> ENABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG-XR out of bounds memory access attempt (file-flash.rules) * 1:39282 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG-XR out of bounds memory access attempt (file-flash.rules) * 1:39283 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39287 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39289 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39291 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection object type confusion overflow attempt (file-flash.rules) * 1:39292 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection object type confusion overflow attempt (file-flash.rules) * 1:39293 <-> DISABLED <-> FILE-FLASH Adobe Flash Player apphelp.dll dll-load exploit attempt (file-flash.rules) * 1:39294 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dbghelp.dll dll-load exploit attempt (file-flash.rules) * 1:39295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player request for apphelp.dll over SMB attempt (file-flash.rules) * 1:39296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player request for dbghelp.dll over SMB attempt (file-flash.rules) * 1:39297 <-> ENABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39299 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed regular expression use after free attempt (file-flash.rules) * 1:393 <-> DISABLED <-> PROTOCOL-ICMP Datagram Conversion Error undefined code (protocol-icmp.rules) * 1:39300 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed regular expression use after free attempt (file-flash.rules) * 1:39301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ExecPolicy invalid string table lookup attempt (file-flash.rules) * 1:39302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ExecPolicy invalid string table lookup attempt (file-flash.rules) * 1:39304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sound object use-after-free attempt (file-flash.rules) * 1:39307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sound object use-after-free attempt (file-flash.rules) * 1:39308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:39309 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:39310 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:39311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:39312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format image load memory corruption attempt (file-flash.rules) * 1:39313 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format image load memory corruption attempt (file-flash.rules) * 1:39314 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RegExp numbered backreference out of bounds read attempt (file-flash.rules) * 1:39315 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RegExp numbered backreference out of bounds read attempt (file-flash.rules) * 1:39316 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:39317 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:39318 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39320 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:39321 <-> DISABLED <-> INDICATOR-OBFUSCATION Gzip encoded with reserved bit set evasion attempt (indicator-obfuscation.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39323 <-> DISABLED <-> INDICATOR-OBFUSCATION Gzip encoded with invalid CRC16 evasion attempt (indicator-obfuscation.rules) * 1:39324 <-> DISABLED <-> SERVER-WEBAPP Bomgar Remote Support session_complete PHP object injection attempt (server-webapp.rules) * 1:39325 <-> DISABLED <-> SERVER-WEBAPP Bomgar Remote Support session_complete PHP object injection attempt (server-webapp.rules) * 1:39326 <-> DISABLED <-> SERVER-APACHE Apache Continuum saveInstallation.action arbitrary command execution attempt (server-apache.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:39328 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules) * 1:39329 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules) * 1:39330 <-> DISABLED <-> SERVER-WEBAPP TikiWiki tiki-calendar.php template command injection attempt (server-webapp.rules) * 1:39331 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules) * 1:39332 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupExceptionsServlet SQL injection attempt (server-webapp.rules) * 1:39333 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules) * 1:39334 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler DuplicateFilesServlet SQL injection attempt (server-webapp.rules) * 1:39335 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules) * 1:39336 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules) * 1:39337 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BexDriveUsageSummaryServlet SQL injection attempt (server-webapp.rules) * 1:39338 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ScriptServlet SQL injection attempt (server-webapp.rules) * 1:39339 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules) * 1:39340 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler WindowsEventLogsServlet SQL injection attempt (server-webapp.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:39346 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39347 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:39348 <-> DISABLED <-> SERVER-WEBAPP SAP servlet authentication bypass attempt (server-webapp.rules) * 1:39349 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules) * 1:39350 <-> ENABLED <-> SERVER-WEBAPP Wordpress Mobile Detector Plugin remote file upload attempt (server-webapp.rules) * 1:39351 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver CrashFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:39352 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver CrashFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:39353 <-> DISABLED <-> SERVER-WEBAPP WolfCMS file_manager arbitrary PHP file upload attempt (server-webapp.rules) * 1:39354 <-> DISABLED <-> FILE-JAVA Oracle Java RangeStatisticImpl sandbox breach attempt (file-java.rules) * 1:39355 <-> DISABLED <-> FILE-JAVA Oracle Java RangeStatisticImpl sandbox breach attempt (file-java.rules) * 1:39356 <-> ENABLED <-> MALWARE-OTHER Lamer outbound communication attempt (malware-other.rules) * 1:39357 <-> ENABLED <-> MALWARE-OTHER Flopex outbound communication attempt (malware-other.rules) * 1:39358 <-> DISABLED <-> SERVER-WEBAPP Cisco DPC2420 router configuration file access attempt (server-webapp.rules) * 1:39359 <-> DISABLED <-> SERVER-WEBAPP WordPress Ninja Forms nf_async_upload arbitrary PHP file upload attempt (server-webapp.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:39361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules) * 1:39362 <-> DISABLED <-> INDICATOR-COMPROMISE User-Agent blank user-agent string (indicator-compromise.rules) * 1:39363 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler index.php command injection attempt (server-webapp.rules) * 1:39364 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler index.php command injection attempt (server-webapp.rules) * 1:39365 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler popup.php command injection attempt (server-webapp.rules) * 1:39366 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler popup.php command injection attempt (server-webapp.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:39372 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVueXCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:39373 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVueXCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:39374 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVueXCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:39375 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVueXCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:39376 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:39377 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:39378 <-> DISABLED <-> PROTOCOL-FTP PUT overflow attempt (protocol-ftp.rules) * 1:39380 <-> DISABLED <-> SERVER-OTHER Symantec MIME parser updateheader heap buffer overflow attempt (server-other.rules) * 1:39381 <-> DISABLED <-> BROWSER-PLUGINS Oracle Hyperion Financial Management TList6 ActiveX clsid access attempt (browser-plugins.rules) * 1:39382 <-> DISABLED <-> BROWSER-PLUGINS Oracle Hyperion Financial Management TList6 ActiveX clsid access attempt (browser-plugins.rules) * 1:39383 <-> DISABLED <-> BROWSER-PLUGINS Oracle Hyperion Financial Management TList6 ActiveX clsid access attempt (browser-plugins.rules) * 1:39384 <-> DISABLED <-> BROWSER-PLUGINS Oracle Hyperion Financial Management TList6 ActiveX clsid access attempt (browser-plugins.rules) * 1:39385 <-> ENABLED <-> FILE-OTHER Symantec Norton Antivirus ccScanw.dll Unpack ShortLZ memory corruption attempt (file-other.rules) * 1:39386 <-> ENABLED <-> FILE-OTHER Symantec Norton Antivirus ccScanw.dll Unpack ShortLZ memory corruption attempt (file-other.rules) * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules) * 1:39388 <-> DISABLED <-> SERVER-WEBAPP ICSCADA SQL injection attempt (server-webapp.rules) * 1:39389 <-> DISABLED <-> SERVER-WEBAPP Wintr SQL injection attempt (server-webapp.rules) * 1:39390 <-> DISABLED <-> SERVER-WEBAPP IntegraXOR SQL injection attempt (server-webapp.rules) * 1:39391 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:39392 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 214 buffer overflow attempt (server-other.rules) * 1:39393 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 215 buffer overflow attempt (server-other.rules) * 1:39394 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 216 buffer overflow attempt (server-other.rules) * 1:39395 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 219 buffer overflow attempt (server-other.rules) * 1:39396 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 257 buffer overflow attempt (server-other.rules) * 1:39397 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 263 buffer overflow attempt (server-other.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39399 <-> DISABLED <-> SERVER-WEBAPP Symantec open redirect in external URL .php script attempt (server-webapp.rules) * 1:394 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Destination Host Unknown (protocol-icmp.rules) * 1:39400 <-> ENABLED <-> SERVER-WEBAPP Symantec Decomposer Engine Dec2LHA buffer overflow attempt (server-webapp.rules) * 1:39401 <-> ENABLED <-> SERVER-WEBAPP Symantec Decomposer Engine Dec2LHA buffer overflow attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39403 <-> ENABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39404 <-> ENABLED <-> SERVER-OTHER Symantec Endpoint Protection Manager cross site request forgery attempt (server-other.rules) * 1:39405 <-> ENABLED <-> SERVER-OTHER Symantec Endpoint Protection Manager cross site request forgery attempt (server-other.rules) * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:39412 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:39413 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:39414 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:39415 <-> DISABLED <-> SERVER-WEBAPP WANem WAN emulator command injection attempt (server-webapp.rules) * 1:39416 <-> DISABLED <-> PUA-OTHER RMS rmansys remote management tool cnc communication (pua-other.rules) * 1:39417 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39418 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39419 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39420 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39421 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39422 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39423 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39424 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39425 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39426 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39427 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39428 <-> ENABLED <-> FILE-OFFICE Symantec multiple product Dec2SS PowerPoint file buffer overflow attempt (file-office.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:39431 <-> ENABLED <-> FILE-OTHER Symantec TNEF decoder integer overflow attempt (file-other.rules) * 1:39432 <-> ENABLED <-> FILE-OTHER Symantec TNEF decoder integer overflow attempt (file-other.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39435 <-> DISABLED <-> SERVER-WEBAPP Advantech SQL injection attempt (server-webapp.rules) * 1:39436 <-> DISABLED <-> SERVER-WEBAPP Soitec Smart Energy SQL injection attempt (server-webapp.rules) * 1:39437 <-> DISABLED <-> SERVER-WEBAPP Advantech SQL injection attempt (server-webapp.rules) * 1:39438 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39439 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39440 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39442 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite Arbitrary Document Download attempt (server-webapp.rules) * 1:39443 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallFaster variant outbound connection attempt (pua-adware.rules) * 1:39444 <-> DISABLED <-> INDICATOR-COMPROMISE Netgear D6000 or D3600 password recovery page access attempt (indicator-compromise.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:39449 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server sp_addsrvrolemember privilege escalation attempt (server-mssql.rules) * 1:39450 <-> DISABLED <-> PROTOCOL-TFTP Firmware upgrade request (protocol-tftp.rules) * 1:39451 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx switch reboot request (protocol-tftp.rules) * 1:39452 <-> DISABLED <-> PROTOCOL-TFTP Comtrol RocketLinx factory reset request (protocol-tftp.rules) * 1:39454 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D e3_bone object out of bounds memory access attempt (file-pdf.rules) * 1:39455 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D e3_bone object out of bounds memory access attempt (file-pdf.rules) * 1:39456 <-> DISABLED <-> SERVER-WEBAPP NAS4Free txtPHPCommand remote code execution attempt (server-webapp.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39458 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:39460 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39461 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39462 <-> DISABLED <-> SERVER-WEBAPP Oracle E-Business Suite SQL injection attempt (server-webapp.rules) * 1:39463 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39464 <-> DISABLED <-> FILE-EXECUTABLE McAfee LiveSafe malformed executable denial of service attempt (file-executable.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39466 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules) * 1:39467 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules) * 1:39468 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39469 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39470 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39471 <-> DISABLED <-> SERVER-WEBAPP ACTi ASOC command injection attempt (server-webapp.rules) * 1:39472 <-> DISABLED <-> SERVER-OTHER Jenkins server auto-discovery attempt (server-other.rules) * 1:39473 <-> DISABLED <-> SERVER-WEBAPP Shopware getTemplateName directory traversal attempt (server-webapp.rules) * 1:39474 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler REST API login SQL injection attempt (server-webapp.rules) * 1:39475 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler algorithm_settings SQL injection attempt (server-webapp.rules) * 1:39476 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler export_report SQL injection attempt (server-webapp.rules) * 1:39477 <-> DISABLED <-> SERVER-WEBAPP Riverbed SteelCentral NetProfiler port_config SQL injection attempt (server-webapp.rules) * 1:39478 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtGdiSelectPen privilege escalation attempt (os-windows.rules) * 1:39479 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtGdiSelectPen privilege escalation attempt (os-windows.rules) * 1:39480 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k out of bound read attempt (os-windows.rules) * 1:39481 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k out of bound read attempt (os-windows.rules) * 1:39482 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtUserDraw privilege escalation attempt (os-windows.rules) * 1:39483 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtUserDraw privilege escalation attempt (os-windows.rules) * 1:39484 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:39485 <-> DISABLED <-> BROWSER-IE Microsoft Edge DWrite.dll out of bounds read attempt (browser-ie.rules) * 1:39486 <-> ENABLED <-> BROWSER-IE Microsoft Edge chakra.dll invalid pointer access attempt (browser-ie.rules) * 1:39487 <-> ENABLED <-> BROWSER-IE Microsoft Edge chakra.dll invalid pointer access attempt (browser-ie.rules) * 1:39488 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack (indicator-obfuscation.rules) * 1:39489 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript fromCharCode with mixed number bases - potential attack (indicator-obfuscation.rules) * 1:39490 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript fromCharCode with mixed number bases - potential attack (indicator-obfuscation.rules) * 1:39491 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Dxtrans table element use after free attempt (browser-ie.rules) * 1:39492 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Dxtrans table element use after free attempt (browser-ie.rules) * 1:39493 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml negative length out of bound memory copy attempt (browser-ie.rules) * 1:39494 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml negative length out of bound memory copy attempt (browser-ie.rules) * 1:39495 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys desktop switch use after free attempt (os-windows.rules) * 1:39496 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys desktop switch use after free attempt (os-windows.rules) * 1:39497 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:39498 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer header tag HTML injection remote code execution attempt (browser-ie.rules) * 1:39499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mshtml.dll invalid resize use after free attempt (browser-ie.rules) * 1:395 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Destination Network Unknown (protocol-icmp.rules) * 1:39500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mshtml.dll invalid resize use after free attempt (browser-ie.rules) * 1:39501 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39502 <-> DISABLED <-> POLICY-OTHER Google Chromium ClusterFuzz fuzzer generated code detected (policy-other.rules) * 1:39503 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out-of-bounds memory access attempt (file-office.rules) * 1:39504 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out-of-bounds memory access attempt (file-office.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39506 <-> ENABLED <-> BROWSER-IE Microsoft Edge ArrayBuffer.transfer information disclosure attempt (browser-ie.rules) * 1:39507 <-> ENABLED <-> BROWSER-IE Microsoft Edge ArrayBuffer.transfer information disclosure attempt (browser-ie.rules) * 1:39508 <-> ENABLED <-> OS-WINDOWS Microsoft Windows EndDeferWindowPos null page dereference attempt (os-windows.rules) * 1:39509 <-> ENABLED <-> OS-WINDOWS Microsoft Windows EndDeferWindowPos null page dereference attempt (os-windows.rules) * 1:39510 <-> DISABLED <-> BROWSER-IE Microsoft Edge bypassing window.opener protection attempt (browser-ie.rules) * 1:39511 <-> DISABLED <-> BROWSER-IE Microsoft Edge bypassing window.opener protection attempt (browser-ie.rules) * 1:39512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE7 compatibility mode attempt (browser-ie.rules) * 1:39513 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE7 compatibility mode attempt (browser-ie.rules) * 1:39514 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textTransform out-of-bounds memory access attempt (browser-ie.rules) * 1:39515 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textTransform out-of-bounds memory access attempt (browser-ie.rules) * 1:39516 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys out of bounds read attempt (os-windows.rules) * 1:39517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys out of bounds read attempt (os-windows.rules) * 1:39518 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out of bounds memory access attempt (file-office.rules) * 1:39519 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out of bounds memory access attempt (file-office.rules) * 1:39520 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word unsupported XML schema out of bounds read attempt (file-office.rules) * 1:39521 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unsupported XML schema out of bounds read attempt (file-office.rules) * 1:39522 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word unsupported XML schema out of bounds read attempt (file-office.rules) * 1:39523 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word unsupported XML schema out of bounds read attempt (file-office.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39526 <-> ENABLED <-> FILE-OFFICE RTF document incorrect file magic attempt (file-office.rules) * 1:39527 <-> ENABLED <-> FILE-OFFICE RTF document incorrect file magic attempt (file-office.rules) * 1:39528 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules) * 1:39529 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules) * 1:39530 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules) * 1:39531 <-> ENABLED <-> BROWSER-IE Microsoft Edge clientInformation.geolocation.getCurrentPosition use-after-free attempt (browser-ie.rules) * 1:39532 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules) * 1:39533 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSL multi-dimensional array memory corruption attempt (file-pdf.rules) * 1:39534 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules) * 1:39535 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF name record out of bounds read attempt (file-pdf.rules) * 1:39536 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules) * 1:39537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG handling memory corruption attempt (file-pdf.rules) * 1:39538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules) * 1:39539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag out of bounds read attempt (file-flash.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39546 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules) * 1:39547 <-> ENABLED <-> FILE-PDF Adobe Reader embedded TTF heap overflow attempt (file-pdf.rules) * 1:39548 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules) * 1:39549 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdTimelineItem object memory corruption attempt (file-flash.rules) * 1:39550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method loop use-after-free attempt (file-flash.rules) * 1:39552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules) * 1:39553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray type confusion memory corruption attempt (file-flash.rules) * 1:39554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules) * 1:39555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdBreakPlacement object memory corruption attempt (file-flash.rules) * 1:39556 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules) * 1:39557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript font parsing memory corruption attempt (file-pdf.rules) * 1:39558 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free attempt (file-flash.rules) * 1:39559 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Stage align use aftre free attempt (file-flash.rules) * 1:39560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:39561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:39562 <-> DISABLED <-> SERVER-WEBAPP Invision Power Board index.php content_class PHP code injection attempt (server-webapp.rules) * 1:39563 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39565 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules) * 1:39566 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed tag parsing memory corruption attempt (file-flash.rules) * 1:39567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:39568 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:39569 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules) * 1:39570 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG parsing out of bounds read attempt (file-pdf.rules) * 1:39571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules) * 1:39572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform object use after free attempt (file-flash.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39575 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:39585 <-> DISABLED <-> SERVER-WEBAPP Google Chromecast factory reset attempt (server-webapp.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules) * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules) * 1:39590 <-> DISABLED <-> SERVER-WEBAPP TikiWiki elFinder component arbitrary PHP file upload attempt (server-webapp.rules) * 1:39591 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules) * 1:39592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules) * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules) * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules) * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:396 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set (protocol-icmp.rules) * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules) * 1:39601 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39602 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39603 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39604 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39605 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39606 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39608 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39609 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39610 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39611 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39612 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39613 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39614 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39616 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39617 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39618 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39619 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39620 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39621 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39622 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39623 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39624 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39625 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39626 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39627 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39628 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39629 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39630 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39631 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39632 <-> DISABLED <-> FILE-IMAGE Multiple products TIFF tile size buffer overflow attempt (file-image.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:39634 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules) * 1:39635 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:39637 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ranscam initial download attempt (malware-other.rules) * 1:39638 <-> DISABLED <-> MALWARE-TOOLS Win.Packer.ConfuserEx packed .NET executable attempt (malware-tools.rules) * 1:39639 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules) * 1:39640 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules) * 1:39641 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework directory traversal attempt (server-webapp.rules) * 1:39642 <-> DISABLED <-> SERVER-WEBAPP WebNMS framework server credential disclosure attempt (server-webapp.rules) * 1:39643 <-> ENABLED <-> FILE-PDF Adobe Reader malformed CID identity-H font file out of bounds read attempt (file-pdf.rules) * 1:39644 <-> ENABLED <-> FILE-PDF Adobe Reader malformed CID identity-H font file out of bounds read attempt (file-pdf.rules) * 1:39645 <-> ENABLED <-> SERVER-WEBAPP Drupal Coder Module insecure remote file deserialization attempt (server-webapp.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:39651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:39652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:39654 <-> ENABLED <-> SERVER-MAIL IBM Lotus Domino Server nrouter.exe malformed GIF parsing remote exploit attempt (server-mail.rules) * 1:39655 <-> ENABLED <-> SERVER-MAIL IBM Lotus Domino Server nrouter.exe malformed GIF parsing remote exploit attempt (server-mail.rules) * 1:39656 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JPEG handling memory corruption attempt (file-flash.rules) * 1:39657 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JPEG handling memory corruption attempt (file-flash.rules) * 1:39658 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform getter use after free attempt (file-flash.rules) * 1:39659 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform getter use after free attempt (file-flash.rules) * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules) * 1:39662 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules) * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules) * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39669 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules) * 1:39670 <-> DISABLED <-> FILE-PDF Adobe Reader submitForm SOP bypass attempt (file-pdf.rules) * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules) * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules) * 1:39677 <-> DISABLED <-> EXPLOIT-KIT Pseudo-Darkleech gate redirect attempt (exploit-kit.rules) * 1:39680 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:39681 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:39682 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound ad download attempt (pua-adware.rules) * 1:39683 <-> ENABLED <-> FILE-IMAGE Apple Core Graphics BMP img_decode_read memory corruption attempt (file-image.rules) * 1:39684 <-> ENABLED <-> FILE-IMAGE Apple Core Graphics BMP img_decode_read memory corruption attempt (file-image.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39688 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39697 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39698 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39699 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:397 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Precedence Violation (protocol-icmp.rules) * 1:39700 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39701 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39703 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:39704 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39706 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39707 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39708 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39709 <-> DISABLED <-> BROWSER-OTHER Novell Messenger Client folder name buffer overflow attempt (browser-other.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39711 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJobOptions use-after-free attempt (file-flash.rules) * 1:39712 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJobOptions use-after-free attempt (file-flash.rules) * 1:39713 <-> ENABLED <-> MALWARE-OTHER MKVIS outbound communication attempt (malware-other.rules) * 1:39714 <-> DISABLED <-> SERVER-WEBAPP phpFileManager command injection attempt (server-webapp.rules) * 1:39715 <-> DISABLED <-> SERVER-WEBAPP phpFileManager command injection attempt (server-webapp.rules) * 1:39716 <-> DISABLED <-> SERVER-WEBAPP phpFileManager command injection attempt (server-webapp.rules) * 1:39717 <-> DISABLED <-> SERVER-WEBAPP phpFileManager command injection attempt (server-webapp.rules) * 1:39725 <-> ENABLED <-> SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection attempt (server-webapp.rules) * 1:39726 <-> ENABLED <-> SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection attempt (server-webapp.rules) * 1:39727 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:39728 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:39729 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type image containing Portable Executable data (indicator-compromise.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:39731 <-> ENABLED <-> FILE-PDF Adobe Reader malformed CID identity-H font file out of bounds read attempt (file-pdf.rules) * 1:39732 <-> ENABLED <-> FILE-PDF Adobe Reader malformed CID identity-H font file out of bounds read attempt (file-pdf.rules) * 1:39733 <-> DISABLED <-> SERVER-WEBAPP InBoundio Marketing for Wordpress plugin PHP file upload attempt (server-webapp.rules) * 1:39734 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Xtrat outbound connection detected (malware-other.rules) * 1:39735 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules) * 1:39736 <-> DISABLED <-> FILE-OTHER Multiple Products XML buffer overflow attempt (file-other.rules) * 1:39737 <-> DISABLED <-> SERVER-WEBAPP HttpOxy CGI application vulnerability potential man-in-the-middle attempt (server-webapp.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:39741 <-> DISABLED <-> PUA-ADWARE Win.Adware.StartPage variant outbound connection (pua-adware.rules) * 1:39742 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_dns XMLRPC method command injection attempt (server-webapp.rules) * 1:39743 <-> ENABLED <-> SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt (server-webapp.rules) * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules) * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules) * 1:39748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39749 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39750 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:39752 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules) * 1:39753 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules) * 1:39754 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror exploit kit landing page detected (exploit-kit.rules) * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules) * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules) * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules) * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:39765 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails ActionPack inline content rendering code injection attempt (server-webapp.rules) * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules) * 1:39770 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server directory traversal attempt (server-webapp.rules) * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39776 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39777 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file attachment detected (file-identify.rules) * 1:39778 <-> ENABLED <-> FILE-IDENTIFY Heroes of Might and Magic III map file download request (file-identify.rules) * 1:39779 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39780 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39781 <-> DISABLED <-> FILE-OTHER Ubisoft Heroes of Might and Magic III .h3m map file buffer overflow attempt (file-other.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:39786 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:39787 <-> DISABLED <-> PUA-ADWARE Win.Dowadmin.Adware outbound connection detected (pua-adware.rules) * 1:39788 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:39789 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:39798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:398 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Unreachable for Type of Service (protocol-icmp.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39802 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit Flash exploit download attempt (exploit-kit.rules) * 1:39803 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules) * 1:39807 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Lethic outbound connection detected (malware-other.rules) * 1:39808 <-> ENABLED <-> OS-WINDOWS Microsoft Windows graphics subcomponent local privilege escalation attempt (os-windows.rules) * 1:39809 <-> ENABLED <-> OS-WINDOWS Microsoft Windows graphics subcomponent local privilege escalation attempt (os-windows.rules) * 1:39810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iertutil.dll long UNC redirect out of bounds read attempt (browser-ie.rules) * 1:39811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iertutil.dll long UNC redirect out of bounds read attempt (browser-ie.rules) * 1:39812 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:39813 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:39814 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull FloodFillWindow privilege escalation attempt (os-windows.rules) * 1:39815 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull FloodFillWindow privilege escalation attempt (os-windows.rules) * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:39818 <-> ENABLED <-> OS-WINDOWS Microsoft Windows operating system win32kfull heap corruption attempt (os-windows.rules) * 1:39819 <-> ENABLED <-> OS-WINDOWS Microsoft Windows operating system win32kfull heap corruption attempt (os-windows.rules) * 1:39820 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe sandbox file name information disclosure attempt (browser-ie.rules) * 1:39821 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe sandbox file name information disclosure attempt (browser-ie.rules) * 1:39822 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll invalid history state use after free attempt (browser-ie.rules) * 1:39823 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll invalid history state use after free attempt (browser-ie.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39826 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStr internal string use-after-free attempt (browser-ie.rules) * 1:39827 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStr internal string use-after-free attempt (browser-ie.rules) * 1:39828 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mshtml.dll cached object use after free attempt (browser-ie.rules) * 1:39829 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mshtml.dll cached object use after free attempt (browser-ie.rules) * 1:39830 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrypMIC outbound connection detected (malware-other.rules) * 1:39831 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out of bounds read attempt (file-office.rules) * 1:39832 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out of bounds read attempt (file-office.rules) * 1:39833 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer InsertSelectDropdown use after free attempt (browser-ie.rules) * 1:39834 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer InsertSelectDropdown use after free attempt (browser-ie.rules) * 1:39835 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed jpeg memory corruption attempt (file-office.rules) * 1:39836 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed jpeg memory corruption attempt (file-office.rules) * 1:39837 <-> ENABLED <-> FILE-OFFICE Microsoft Office mso.dll out of bounds memory access attempt (file-office.rules) * 1:39838 <-> ENABLED <-> FILE-OFFICE Microsoft Office mso.dll out of bounds memory access attempt (file-office.rules) * 1:39839 <-> ENABLED <-> BROWSER-IE Microsoft Windows Internet Explorer MSHTML.dll type confusion attempt (browser-ie.rules) * 1:39840 <-> ENABLED <-> BROWSER-IE Microsoft Windows Internet Explorer MSHTML.dll type confusion attempt (browser-ie.rules) * 1:39841 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kbase bOutline out of bounds read attempt (os-windows.rules) * 1:39842 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kbase bOutline out of bounds read attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39844 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39845 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance debugging_center_utils command injection attempt (server-webapp.rules) * 1:39846 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance debugging_center_utils command injection attempt (server-webapp.rules) * 1:39847 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance handle_daylightsaving command injection attempt (server-webapp.rules) * 1:39848 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance handle_daylightsaving command injection attempt (server-webapp.rules) * 1:39849 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server ccca_ajaxhandler.php command injection attempt (server-webapp.rules) * 1:39850 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server ccca_ajaxhandler.php command injection attempt (server-webapp.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:39863 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules) * 1:39864 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules) * 1:39865 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules) * 1:39866 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .ml dns query (indicator-compromise.rules) * 1:39867 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .tk dns query (indicator-compromise.rules) * 1:39868 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules) * 1:39869 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters msofbtCLSID stack buffer overflow attempt (file-office.rules) * 1:39870 <-> DISABLED <-> INDICATOR-COMPROMISE Oracle E-Business Suite arbitrary node deletion (indicator-compromise.rules) * 1:39871 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules) * 1:39872 <-> DISABLED <-> FILE-OFFICE LexMark Perceptive Document Filters wSectorShift heap buffer overflow attempt (file-office.rules) * 1:39873 <-> DISABLED <-> FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (file-other.rules) * 1:39874 <-> DISABLED <-> FILE-OTHER Microsoft Windows PDF parsing invalid JPEG2000 SIZ marker attempt (file-other.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:39876 <-> ENABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC SNMP request via undocumented community string attempt (protocol-snmp.rules) * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules) * 1:39879 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MC-WorkX ActiveX clsid access attempt (browser-plugins.rules) * 1:39880 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MC-WorkX ActiveX clsid access attempt (browser-plugins.rules) * 1:39881 <-> DISABLED <-> INDICATOR-COMPROMISE Meteocontrol WEBlog config containing passwords download attempt (indicator-compromise.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:39883 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules) * 1:39884 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:39888 <-> DISABLED <-> PUA-ADWARE Dorv Adware variant outbound connection (pua-adware.rules) * 1:39889 <-> DISABLED <-> FILE-PDF Adobe Acrobat invalid embedded font memory corruption attempt (file-pdf.rules) * 1:39890 <-> DISABLED <-> FILE-PDF Adobe Acrobat invalid embedded font memory corruption attempt (file-pdf.rules) * 1:39891 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric SCADA Expert ClearSCADA ActiveX clsid access attempt (browser-plugins.rules) * 1:39892 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric SCADA Expert ClearSCADA ActiveX clsid access attempt (browser-plugins.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39895 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules) * 1:39896 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX function call access (browser-plugins.rules) * 1:39899 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:399 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Host Unreachable (protocol-icmp.rules) * 1:39900 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39901 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39902 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab outbound connection detected (pua-adware.rules) * 1:39903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package SMTP upload attempt (file-office.rules) * 1:39904 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:39905 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39906 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 download attempt (malware-other.rules) * 1:39907 <-> DISABLED <-> MALWARE-OTHER Rtf.Dropper.Agent-1404614 SMTP upload attempt (malware-other.rules) * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:39912 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server admin_notification.php command injection attempt (server-webapp.rules) * 1:39913 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server admin_notification.php command injection attempt (server-webapp.rules) * 1:39914 <-> DISABLED <-> BROWSER-PLUGINS KingView clsid access attempt (browser-plugins.rules) * 1:39915 <-> DISABLED <-> BROWSER-PLUGINS KingView clsid access attempt (browser-plugins.rules) * 1:39916 <-> DISABLED <-> BROWSER-PLUGINS KingView clsid access attempt (browser-plugins.rules) * 1:39917 <-> DISABLED <-> BROWSER-PLUGINS KingView clsid access attempt (browser-plugins.rules) * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39924 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 1:39925 <-> ENABLED <-> SERVER-WEBAPP WordPress pingback gethostbyname heap buffer overflow attempt (server-webapp.rules) * 1:39926 <-> ENABLED <-> MALWARE-OTHER pisloader DNS drive command response attempt (malware-other.rules) * 1:39927 <-> ENABLED <-> MALWARE-OTHER pisloader DNS list command response attempt (malware-other.rules) * 1:39928 <-> ENABLED <-> MALWARE-OTHER pisloader DNS open command response attempt (malware-other.rules) * 1:39929 <-> ENABLED <-> MALWARE-OTHER pisloader DNS sinfo command response attempt (malware-other.rules) * 1:39930 <-> ENABLED <-> SERVER-WEBAPP Siemens IP-Camera credential disclosure attempt (server-webapp.rules) * 1:39931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules) * 1:39932 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules) * 1:39933 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules) * 1:39934 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules) * 1:39935 <-> DISABLED <-> BROWSER-PLUGINS Iocomp Software ActiveX clsid access attempt (browser-plugins.rules) * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:39941 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech http request overflow attempt (server-webapp.rules) * 1:39942 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules) * 1:39943 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules) * 1:39944 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules) * 1:39945 <-> DISABLED <-> SERVER-WEBAPP FreePBX Recordings Module ajax.php command injection attempt (server-webapp.rules) * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules) * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules) * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules) * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules) * 1:39954 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:39955 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39957 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules) * 1:39963 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39964 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39965 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39966 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules) * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules) * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules) * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules) * 1:39978 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39979 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39980 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules) * 1:39981 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules) * 1:39982 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules) * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules) * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules) * 1:39988 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39989 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39990 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39991 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39992 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules) * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules) * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules) * 1:400 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Network Unreachable for Type of Service (protocol-icmp.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:40008 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:40009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:40010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DetoxCrypto2 (malware-cnc.rules) * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules) * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules) * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules) * 1:40022 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:40023 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules) * 1:40030 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules) * 1:40031 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules) * 1:40032 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules) * 1:40033 <-> DISABLED <-> SERVER-WEBAPP FreePBX Module Administration config.php remotemod command injection attempt (server-webapp.rules) * 1:40034 <-> DISABLED <-> EXPLOIT-KIT Exploit kit embedded iframe redirection attempt (exploit-kit.rules) * 1:40035 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40036 <-> ENABLED <-> FILE-IDENTIFY XLSB file magic detected (file-identify.rules) * 1:40037 <-> DISABLED <-> PUA-ADWARE Google Chrome Google Contacts extension adware (pua-adware.rules) * 1:40038 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize var_hash use-after-free attempt (server-webapp.rules) * 1:40039 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php unauthenticated SQL injection attempt (server-webapp.rules) * 1:40040 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php unauthenticated SQL injection attempt (server-webapp.rules) * 1:40041 <-> DISABLED <-> SERVER-WEBAPP Meinberg LANTIME NTP appliance stack buffer overflow attempt (server-webapp.rules) * 1:40042 <-> DISABLED <-> SERVER-WEBAPP Meinberg LANTIME NTP appliance stack buffer overflow attempt (server-webapp.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40046 <-> DISABLED <-> SERVER-OTHER PHP locale_accept_from_http out of bounds read attempt (server-other.rules) * 1:40047 <-> ENABLED <-> SERVER-WEBAPP Belkin F9K1122 webpage buffer overflow attempt (server-webapp.rules) * 1:40050 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40051 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40052 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40053 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40054 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40055 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40056 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40057 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40058 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting (server-webapp.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40061 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Morel variant outbound connection (malware-cnc.rules) * 1:40062 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Morel variant inbound connection (malware-cnc.rules) * 1:40063 <-> DISABLED <-> OS-LINUX Linux Kernel Challenge ACK provocation attempt (os-linux.rules) * 1:40064 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40065 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt (os-windows.rules) * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.LokiBot (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40068 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules) * 1:40069 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System jsrpc.php SQL injection attempt (server-webapp.rules) * 1:40070 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules) * 1:40071 <-> DISABLED <-> SERVER-WEBAPP Zabbix Network Monitoring System latest.php SQL injection attempt (server-webapp.rules) * 1:40073 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules) * 1:40074 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40077 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode sandbox escape attempt (browser-ie.rules) * 1:40078 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode sandbox escape attempt (browser-ie.rules) * 1:40079 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio visdlgu.dll dll-load exploit attempt (file-office.rules) * 1:40080 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio request for visdlgu.dll over SMB attempt (file-office.rules) * 1:40081 <-> ENABLED <-> PUA-OTHER User-Agent known PUA user-agent string - TopTools100 (pua-other.rules) * 1:40082 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Ordinal43 out of bounds read attempt (file-office.rules) * 1:40083 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Ordinal43 out of bounds read attempt (file-office.rules) * 1:40084 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40085 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40086 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:40087 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:40088 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:40089 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationBlink property use (indicator-compromise.rules) * 1:40090 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineNone property use (indicator-compromise.rules) * 1:40091 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineOverline property use (indicator-compromise.rules) * 1:40092 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineThrough property use (indicator-compromise.rules) * 1:40093 <-> DISABLED <-> INDICATOR-COMPROMISE TextDecorationLineUnderline property use (indicator-compromise.rules) * 1:40094 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40095 <-> DISABLED <-> INDICATOR-SCAN Microsoft Internet Explorer AnchorElement information disclosure attempt (indicator-scan.rules) * 1:40096 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 7 Win32k ValidateZorder privilege escalation attempt (os-windows.rules) * 1:40097 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 7 Win32k ValidateZorder privilege escalation attempt (os-windows.rules) * 1:40098 <-> ENABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:40099 <-> ENABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:401 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Network Unreachable (protocol-icmp.rules) * 1:40100 <-> DISABLED <-> BROWSER-IE Microsoft Edge PDF PostScript calculator out of bounds read attempt (browser-ie.rules) * 1:40101 <-> DISABLED <-> BROWSER-IE Microsoft Edge PDF PostScript calculator out of bounds read attempt (browser-ie.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40108 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer font element out of bounds read attempt (browser-ie.rules) * 1:40109 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer font element out of bounds read attempt (browser-ie.rules) * 1:40110 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Server Ntoskrnl concurrent login attempt (os-windows.rules) * 1:40111 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Server Ntoskrnl concurrent login attempt (os-windows.rules) * 1:40112 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 GDI privilege escalation attempt (os-windows.rules) * 1:40113 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 GDI privilege escalation attempt (os-windows.rules) * 1:40114 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 privilege escalation attempt (os-windows.rules) * 1:40115 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 privilege escalation attempt (os-windows.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40118 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file download request (file-identify.rules) * 1:40119 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40120 <-> ENABLED <-> FILE-IDENTIFY Microsoft Excel XLSB file attachment detected (file-identify.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40123 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules) * 1:40124 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules) * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules) * 1:40127 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 and 8.1 registry key privilege escalation attempt (os-windows.rules) * 1:40128 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 and 8.1 registry key privilege escalation attempt (os-windows.rules) * 1:40129 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Server lsass.exe memory corruption attempt (os-windows.rules) * 1:40132 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40133 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40134 <-> DISABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40135 <-> DISABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40136 <-> DISABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40137 <-> DISABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40138 <-> DISABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40139 <-> DISABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40140 <-> DISABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40141 <-> DISABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40142 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint bogus JPEG marker length heap buffer overflow (file-office.rules) * 1:40143 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint bogus JPEG marker length heap buffer overflow (file-office.rules) * 1:40144 <-> DISABLED <-> BROWSER-IE Microsoft Edge PDF out-of-bounds Crypt Filter length attempt (browser-ie.rules) * 1:40145 <-> DISABLED <-> BROWSER-IE Microsoft Edge PDF out-of-bounds Crypt Filter length attempt (browser-ie.rules) * 1:40146 <-> DISABLED <-> BROWSER-IE Microsoft Edge malformed response information disclosure attempt (browser-ie.rules) * 1:40147 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint ppcore invalid pointer reference attempt (file-office.rules) * 1:40148 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint ppcore invalid pointer reference attempt (file-office.rules) * 1:40149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules) * 1:40150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML IDispatch use after free attempt (browser-ie.rules) * 1:40151 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40153 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed VideoFrame memory corruption attempt (file-flash.rules) * 1:40154 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed VideoFrame memory corruption attempt (file-flash.rules) * 1:40155 <-> DISABLED <-> FILE-FLASH Adobe Flash AVC Decoder Memory Corruption attempt (file-flash.rules) * 1:40156 <-> DISABLED <-> FILE-FLASH Adobe Flash AVC Decoder Memory Corruption attempt (file-flash.rules) * 1:40157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules) * 1:40158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules) * 1:40159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream type confusion attempt (file-flash.rules) * 1:40160 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream type confusion attempt (file-flash.rules) * 1:40161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigatetoURL sandbox escape attempt (file-flash.rules) * 1:40166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplacementMapFilter use-after-free attempt (file-flash.rules) * 1:40169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplacementMapFilter use-after-free attempt (file-flash.rules) * 1:40170 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:40171 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player use after free attempt (file-flash.rules) * 1:40172 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40173 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:40176 <-> DISABLED <-> FILE-FLASH Adobe Flash ContextMenu Clone memory corruption vulnerability attempt (file-flash.rules) * 1:40177 <-> DISABLED <-> FILE-FLASH Adobe Flash ContextMenu Clone memory corruption vulnerability attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40179 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40182 <-> DISABLED <-> SERVER-WEBAPP AirOS authentication bypass attempt (server-webapp.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40184 <-> DISABLED <-> EXPLOIT-KIT Phoenix Exploit Kit inbound geoip.php bdr exploit attempt (exploit-kit.rules) * 1:40185 <-> DISABLED <-> SERVER-WEBAPP WebNMS framework server .jsp file retrieval attempt (server-webapp.rules) * 1:40186 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40187 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40188 <-> DISABLED <-> POLICY-OTHER SSL weak 3DES cipher suite use attempt (policy-other.rules) * 1:40189 <-> DISABLED <-> POLICY-OTHER SSH weak 3DES cipher suite use attempt (policy-other.rules) * 1:40190 <-> DISABLED <-> POLICY-OTHER SSH weak blowfish cipher suite use attempt (policy-other.rules) * 1:40191 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40192 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40193 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40194 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40195 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40196 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40197 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40198 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40199 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:402 <-> DISABLED <-> PROTOCOL-ICMP destination unreachable port unreachable packet detected (protocol-icmp.rules) * 1:40200 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40201 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40202 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Swabfex download attempt (malware-other.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40211 <-> DISABLED <-> PUA-ADWARE Win.Adware.EoRezo outbound connection (pua-adware.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 custom getter addProperty use after free attempt (file-flash.rules) * 1:40219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 custom getter addProperty use after free attempt (file-flash.rules) * 1:40220 <-> ENABLED <-> SERVER-OTHER Cisco IOS Group-Prime memory disclosure exfiltration attempt (server-other.rules) * 1:40221 <-> ENABLED <-> SERVER-OTHER Cisco IOS Group-Prime MD5 memory disclosure attempt (server-other.rules) * 1:40222 <-> ENABLED <-> SERVER-OTHER Cisco IOS Group-Prime SHA memory disclosure attempt (server-other.rules) * 1:40223 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector external connection attempt (malware-cnc.rules) * 1:40224 <-> DISABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 1:40225 <-> DISABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 1:40226 <-> DISABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 1:40227 <-> DISABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 1:40228 <-> DISABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 1:40229 <-> DISABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 1:40230 <-> DISABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 1:40231 <-> DISABLED <-> SERVER-WEBAPP Cisco ASA WebVPN auth_handle cross site scripting attempt (server-webapp.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:40233 <-> ENABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40241 <-> DISABLED <-> SERVER-OTHER Fortigate Firewall HTTP cookie buffer overflow (server-other.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40243 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40244 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40245 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40246 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40247 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40248 <-> DISABLED <-> FILE-IMAGE PHP exif_process_user_comment null pointer dereference attempt (file-image.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40250 <-> DISABLED <-> INDICATOR-OBFUSCATION Chunked encoding used without HTTP 1.1 evasion attempt. (indicator-obfuscation.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40253 <-> DISABLED <-> SERVER-MYSQL Multiple SQL products privilege escalation attempt (server-mysql.rules) * 1:40254 <-> DISABLED <-> SERVER-MYSQL Multiple SQL products privilege escalation attempt (server-mysql.rules) * 1:40255 <-> DISABLED <-> SERVER-WEBAPP FreePBX Music Module ajax.php command injection attempt (server-webapp.rules) * 1:40256 <-> DISABLED <-> SERVER-WEBAPP Idera Up.Time Monitoring Station post2file.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40276 <-> DISABLED <-> SERVER-WEBAPP SugarCRM SugarRestSerialize.php PHP object injection attempt (server-webapp.rules) * 1:40277 <-> DISABLED <-> SERVER-WEBAPP SugarCRM SugarRestSerialize.php PHP object injection attempt (server-webapp.rules) * 1:40278 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules) * 1:40279 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules) * 1:40280 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40283 <-> DISABLED <-> SERVER-WEBAPP Kaltura redirectWidgetCmd PHP object injection attempt (server-webapp.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40291 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess openWidget directory traversal attempt (server-webapp.rules) * 1:40292 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess openWidget directory traversal attempt (server-webapp.rules) * 1:40293 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess openWidget directory traversal attempt (server-webapp.rules) * 1:40294 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40295 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40296 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:40297 <-> DISABLED <-> FILE-IMAGE PHP exif_process_IFD_in_MAKERNOTE out of bounds read attempt (file-image.rules) * 1:403 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Precedence Cutoff in effect (protocol-icmp.rules) * 1:40301 <-> DISABLED <-> SERVER-OTHER Redis CONFIG SET array index out of bounds attempt (server-other.rules) * 1:40302 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed Portal cross-site scripting attempt (server-apache.rules) * 1:40305 <-> DISABLED <-> PUA-ADWARE Win.Adware.SupTab external connection attempt (pua-adware.rules) * 1:40306 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document containing VBA project entry detected (file-office.rules) * 1:40307 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document containing VBA project entry detected (file-office.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40313 <-> DISABLED <-> SQL PostgreSQL potential remote code execution attempt (sql.rules) * 1:40314 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules) * 1:40315 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules) * 1:40316 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40317 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40318 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40319 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40320 <-> DISABLED <-> SERVER-APACHE Apache Tomcat default credential login attempt (server-apache.rules) * 1:40321 <-> DISABLED <-> SERVER-APACHE Apache Tomcat credential disclosure attempt (server-apache.rules) * 1:40322 <-> DISABLED <-> SERVER-OTHER CA weblogic default credential login attempt (server-other.rules) * 1:40323 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion RDS admin bypass attempt (server-other.rules) * 1:40324 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:40325 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion default credential login attempt (server-other.rules) * 1:40326 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:40327 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion fckeditor arbitrary file upload (server-other.rules) * 1:40328 <-> DISABLED <-> SERVER-OTHER Railo directory traversal attempt (server-other.rules) * 1:40329 <-> DISABLED <-> SERVER-OTHER Axis2 directory traversal attempt (server-other.rules) * 1:40330 <-> DISABLED <-> SERVER-OTHER JBoss directory traversal attempt (server-other.rules) * 1:40331 <-> DISABLED <-> SERVER-WEBAPP JBoss default credential login attempt (server-webapp.rules) * 1:40332 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails Web Console remote code execution attempt (server-webapp.rules) * 1:40333 <-> DISABLED <-> PROTOCOL-SCADA Rockwell firmware upload attempt (protocol-scada.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules) * 1:40336 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules) * 1:40337 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40341 <-> DISABLED <-> SERVER-WEBAPP FreePBX Hotelwakeup Module ajax.php PHP code injection attempt (server-webapp.rules) * 1:40342 <-> DISABLED <-> SERVER-WEBAPP FreePBX Hotelwakeup Module ajax.php directory traversal attempt (server-webapp.rules) * 1:40344 <-> ENABLED <-> PROTOCOL-DNS ISC BIND isc__buffer_add assertion failure denial of service attempt (protocol-dns.rules) * 1:40345 <-> DISABLED <-> BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (browser-plugins.rules) * 1:40346 <-> DISABLED <-> BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (browser-plugins.rules) * 1:40347 <-> DISABLED <-> BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (browser-plugins.rules) * 1:40348 <-> DISABLED <-> BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (browser-plugins.rules) * 1:40349 <-> DISABLED <-> SERVER-WEBAPP IPFire proxy.cgi command injection attempt (server-webapp.rules) * 1:40350 <-> DISABLED <-> SERVER-WEBAPP IPFire proxy.cgi command injection attempt (server-webapp.rules) * 1:40351 <-> DISABLED <-> SERVER-WEBAPP IPFire proxy.cgi command injection attempt (server-webapp.rules) * 1:40352 <-> DISABLED <-> SERVER-WEBAPP IPFire proxy.cgi command injection attempt (server-webapp.rules) * 1:40353 <-> DISABLED <-> SERVER-OTHER Linknat Vos Manager potential directory traversal attempt (server-other.rules) * 1:40354 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Runtime malformed ASF codec memory corruption attempt (os-windows.rules) * 1:40355 <-> DISABLED <-> PROTOCOL-FTP z/OS FTP Job Entry Subsystem JCL execution attempt (protocol-ftp.rules) * 1:40356 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:40357 <-> DISABLED <-> PUA-ADWARE Win.Trojan.InstantAccess variant outbound connection (pua-adware.rules) * 1:40358 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack opcode 1301 remote code execution attempt (server-other.rules) * 1:40359 <-> ENABLED <-> SERVER-APACHE Apache Struts xslt.location local file inclusion attempt (server-apache.rules) * 1:40360 <-> ENABLED <-> SERVER-OTHER OpenSSL OCSP Status Request Extension denial of service attempt (server-other.rules) * 1:40361 <-> DISABLED <-> BROWSER-OTHER Android Browser potential denial of service attempt (browser-other.rules) * 1:40362 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNS duplicate cookie denial of service attempt (protocol-dns.rules) * 1:40363 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox CSP report-uri arbitrary file write attempt (browser-firefox.rules) * 1:40364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40365 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40368 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF file parsing buffer overflow attempt (file-office.rules) * 1:40369 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF file parsing buffer overflow attempt (file-office.rules) * 1:40370 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40371 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40372 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge emodel use after free attempt (browser-ie.rules) * 1:40373 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge emodel use after free attempt (browser-ie.rules) * 1:40374 <-> ENABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40376 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40377 <-> DISABLED <-> OS-WINDOWS Microsoft GDI local privilege escalation attempt (os-windows.rules) * 1:40378 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe type confusion attempt (browser-ie.rules) * 1:40379 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe type confusion attempt (browser-ie.rules) * 1:40380 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys FBitsTouch use after free attempt (os-windows.rules) * 1:40381 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys FBitsTouch use after free attempt (os-windows.rules) * 1:40382 <-> DISABLED <-> SERVER-OTHER Easy File Sharing Server remote code execution attempt (server-other.rules) * 1:40383 <-> ENABLED <-> BROWSER-IE Microsoft Edge array.join information disclosure attempt (browser-ie.rules) * 1:40384 <-> ENABLED <-> BROWSER-IE Microsoft Edge array.join information disclosure attempt (browser-ie.rules) * 1:40385 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules) * 1:40386 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules) * 1:40387 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40388 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40389 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file attachment detected (file-identify.rules) * 1:40390 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file magic detected (file-identify.rules) * 1:40391 <-> ENABLED <-> FILE-IDENTIFY Windows registry hive file download request (file-identify.rules) * 1:40392 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl privilege escalation attempt (os-windows.rules) * 1:40393 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl privilege escalation attempt (os-windows.rules) * 1:40394 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40396 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Edge DACL privilege escalation attempt (os-windows.rules) * 1:40397 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Edge DACL privilege escalation attempt (os-windows.rules) * 1:40398 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Diagnostics Hub dll load from stream attempt (os-windows.rules) * 1:40399 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Diagnostics Hub dll load from stream attempt (os-windows.rules) * 1:404 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Protocol Unreachable (protocol-icmp.rules) * 1:40400 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 arbitrary registry key access privelege escalation attempt (os-windows.rules) * 1:40401 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 arbitrary registry key access privelege escalation attempt (os-windows.rules) * 1:40402 <-> ENABLED <-> OS-WINDOWS Microsoft Windows user hive impersonation privelege escalation attempt (os-windows.rules) * 1:40403 <-> ENABLED <-> OS-WINDOWS Microsoft Windows user hive impersonation privelege escalation attempt (os-windows.rules) * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:40408 <-> ENABLED <-> FILE-OTHER Microsoft Windows malformed TrueType file RCVT out of bounds read attempt (file-other.rules) * 1:40409 <-> ENABLED <-> FILE-OTHER Microsoft Windows malformed TrueType file RCVT out of bounds read attempt (file-other.rules) * 1:40410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys ExtTextOut memory corruption attempt (os-windows.rules) * 1:40411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys ExtTextOut memory corruption attempt (os-windows.rules) * 1:40412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows registry hive privilege escalation attempt (os-windows.rules) * 1:40413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows registry hive privilege escalation attempt (os-windows.rules) * 1:40418 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DFS client driver privilege escalation attempt (os-windows.rules) * 1:40419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DFS client driver privilege escalation attempt (os-windows.rules) * 1:40420 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer readyState property information disclosure attempt (browser-ie.rules) * 1:40421 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer readyState property information disclosure attempt (browser-ie.rules) * 1:40422 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack opcode 4115 remote code execution attempt (server-other.rules) * 1:40423 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge function.apply use afterfree attempt (browser-ie.rules) * 1:40424 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge function.apply use afterfree attempt (browser-ie.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40426 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40427 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys sbit_Embolden use after free attempt (os-windows.rules) * 1:40428 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys sbit_Embolden use after free attempt (os-windows.rules) * 1:40429 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules) * 1:40430 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules) * 1:40431 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40434 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionConstantPool memory corruption attempt (file-flash.rules) * 1:40435 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionConstantPool memory corruption attempt (file-flash.rules) * 1:40436 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSLT substring memory corruption attempt (file-pdf.rules) * 1:40437 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XSLT substring memory corruption attempt (file-pdf.rules) * 1:40438 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player AS3 NetStream object use after free attempt (file-flash.rules) * 1:40439 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player AS3 NetStream object use after free attempt (file-flash.rules) * 1:40440 <-> ENABLED <-> FILE-PDF Adobe Reader TrueType font file numberofmetrics out of bounds read attempt (file-pdf.rules) * 1:40441 <-> ENABLED <-> FILE-PDF Adobe Reader TrueType font file numberofmetrics out of bounds read attempt (file-pdf.rules) * 1:40442 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FrameLabel memory corruption attempt (file-flash.rules) * 1:40443 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FrameLabel memory corruption attempt (file-flash.rules) * 1:40444 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:40445 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Agent variant outbound connection (malware-cnc.rules) * 1:40446 <-> ENABLED <-> SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt (server-webapp.rules) * 1:40447 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules) * 1:40448 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera search.cgi command injection attempt (server-webapp.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40451 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (server-webapp.rules) * 1:40452 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player AS3 Primetime timeline ShimContentResolver out of bounds read attempt (file-flash.rules) * 1:40453 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player AS3 Primetime timeline ShimContentResolver out of bounds read attempt (file-flash.rules) * 1:40454 <-> DISABLED <-> SERVER-WEBAPP Nibbleblog remote code execution attempt (server-webapp.rules) * 1:40455 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG engine spurious object reference use after free attempt (file-pdf.rules) * 1:40456 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG engine spurious object reference use after free attempt (file-pdf.rules) * 1:40457 <-> DISABLED <-> PUA-ADWARE Win.Downloader.OpenCandy variant outbound connection (pua-adware.rules) * 1:40458 <-> DISABLED <-> BROWSER-OTHER Android browser file exfiltration attempt (browser-other.rules) * 1:40459 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:40460 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40462 <-> DISABLED <-> SERVER-WEBAPP Magento Cms_Wysiwyg SQL injection attempt (server-webapp.rules) * 1:40463 <-> DISABLED <-> SERVER-WEBAPP Magento Cms_Wysiwyg SQL injection attempt (server-webapp.rules) * 1:40464 <-> DISABLED <-> SERVER-WEBAPP Magento Cms_Wysiwyg SQL injection attempt (server-webapp.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules) * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules) * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules) * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules) * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules) * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules) * 1:40488 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules) * 1:40489 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules) * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40492 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadManager outbound connection (pua-adware.rules) * 1:40493 <-> DISABLED <-> SERVER-WEBAPP Ektron ServerControlWS.asmx XSL transform code injection attempt (server-webapp.rules) * 1:40494 <-> ENABLED <-> SERVER-WEBAPP Wordpress Symposium arbitrary PHP file upload attempt (server-webapp.rules) * 1:40495 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player PSDK FlashRuntime mediaplayer pause attempt (file-flash.rules) * 1:40496 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player PSDK FlashRuntime mediaplayer pause attempt (file-flash.rules) * 1:40497 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin RevSlider file upload attempt (server-webapp.rules) * 1:405 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Source Host Isolated (protocol-icmp.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40505 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40506 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40507 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40508 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40509 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40510 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40511 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40512 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40513 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40514 <-> ENABLED <-> FILE-PDF Adobe Reader XSLT Transform use after free attempt (file-pdf.rules) * 1:40515 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed unicode font name code execution attempt (file-pdf.rules) * 1:40516 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed unicode font name code execution attempt (file-pdf.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:40519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40521 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40524 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync JSON API ad_sync_now command injection attempt (server-webapp.rules) * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40529 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40530 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40531 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40532 <-> DISABLED <-> PUA-ADWARE Win.Downloader.Instally variant outbound connection attempt (pua-adware.rules) * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40542 <-> ENABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40543 <-> ENABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40544 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player IExternalizable deserialization use after free attempt (file-flash.rules) * 1:40545 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player IExternalizable deserialization use after free attempt (file-flash.rules) * 1:40546 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript API privileged function bypass attempt (file-pdf.rules) * 1:40547 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript API privileged function bypass attempt (file-pdf.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40555 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AHCACHE.SYS remote denial of service attempt (os-windows.rules) * 1:40556 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AHCACHE.SYS remote denial of service attempt (os-windows.rules) * 1:40557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed object stream memory corruption attempt (file-pdf.rules) * 1:40558 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed object stream memory corruption attempt (file-pdf.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40560 <-> ENABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40561 <-> ENABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40562 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40563 <-> ENABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40564 <-> DISABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40565 <-> ENABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40566 <-> ENABLED <-> OS-LINUX Linux kernel madvise race condition attempt (os-linux.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40568 <-> DISABLED <-> INDICATOR-COMPROMISE wsf inside zip potential malicious file download attempt (indicator-compromise.rules) * 1:40569 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA relayoutPageArea memory corruption attempt (file-pdf.rules) * 1:40570 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA relayoutPageArea memory corruption attempt (file-pdf.rules) * 1:40571 <-> ENABLED <-> FILE-PDF Adobe Reader corrupt bookmark use after free attempt (file-pdf.rules) * 1:40572 <-> ENABLED <-> FILE-PDF Adobe Reader corrupt bookmark use after free attempt (file-pdf.rules) * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40575 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA excelGroup memory corruption attempt (file-pdf.rules) * 1:40576 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA excelGroup memory corruption attempt (file-pdf.rules) * 1:40577 <-> ENABLED <-> FILE-PDF Adobe Reader XFA remerge JavaScript use after free attempt (file-pdf.rules) * 1:40578 <-> ENABLED <-> FILE-PDF Adobe Reader XFA remerge JavaScript use after free attempt (file-pdf.rules) * 1:40579 <-> ENABLED <-> SERVER-OTHER ISC BIND 9 DNS query overly long name denial of service attempt (server-other.rules) * 1:40581 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sentEvent use after free attempt (file-flash.rules) * 1:40582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sentEvent use after free attempt (file-flash.rules) * 1:40583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player event handler out of bounds memory access attempt (file-flash.rules) * 1:40584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player event handler out of bounds memory access attempt (file-flash.rules) * 1:40585 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader SaveAs use-after-free attempt (file-pdf.rules) * 1:40586 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader SaveAs use-after-free attempt (file-pdf.rules) * 1:40587 <-> ENABLED <-> FILE-PDF Adobe Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:40588 <-> ENABLED <-> FILE-PDF Adobe Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:40589 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules) * 1:40590 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules) * 1:40591 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS config-maint-disconnect-user.php command injection attempt (server-webapp.rules) * 1:40592 <-> DISABLED <-> SERVER-WEBAPP DaloRADIUS notificationsBatchDetails.php SQL injection attempt (server-webapp.rules) * 1:40593 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40594 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40595 <-> DISABLED <-> PUA-ADWARE Win.Adware.CoolMirage outbound ad download attempt (pua-adware.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40597 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with wget from external source (indicator-compromise.rules) * 1:40598 <-> DISABLED <-> INDICATOR-COMPROMISE shell script download with curl from external source (indicator-compromise.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:406 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Source Route Failed (protocol-icmp.rules) * 1:4060 <-> DISABLED <-> APP-DETECT remote desktop protocol attempted administrator connection request (app-detect.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:40602 <-> ENABLED <-> FILE-PDF Adobe Reader XFA exclGroup JavaScript out of bounds memory access attempt (file-pdf.rules) * 1:40603 <-> ENABLED <-> FILE-PDF Adobe Reader XFA exclGroup JavaScript out of bounds memory access attempt (file-pdf.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40608 <-> ENABLED <-> SERVER-WEBAPP Joomla UsersController non-standard insecure account registration method access attempt (server-webapp.rules) * 1:40609 <-> ENABLED <-> SERVER-WEBAPP Joomla UsersController non-standard insecure account registration method access attempt (server-webapp.rules) * 1:40610 <-> DISABLED <-> INDICATOR-COMPROMISE DNS response points to sinkholed domain (indicator-compromise.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:40613 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite authentication bypass attempt (server-webapp.rules) * 1:40614 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite authentication bypass attempt (server-webapp.rules) * 1:40615 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite authentication bypass attempt (server-webapp.rules) * 1:40616 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite authentication bypass attempt (server-webapp.rules) * 1:40617 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite authentication bypass attempt (server-webapp.rules) * 1:40618 <-> ENABLED <-> FILE-PDF Adobe Reader XML Metadata memory corruption attempt (file-pdf.rules) * 1:40619 <-> ENABLED <-> FILE-PDF Adobe Reader XML Metadata memory corruption attempt (file-pdf.rules) * 1:40620 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly CLSID ASLR bypass download attempt (file-office.rules) * 1:40621 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF WRLoader ASLR bypass download attempt (file-office.rules) * 1:40622 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF WRLoader CLSID ASLR bypass download attempt (file-office.rules) * 1:40623 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRLoader ASLR bypass download attempt (file-office.rules) * 1:40624 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded wrLoader ASLR bypass download attempt (file-office.rules) * 1:40625 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly CLSID ASLR bypass download attempt (file-office.rules) * 1:40626 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF WRLoader ASLR bypass download attempt (file-office.rules) * 1:40627 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF WRLoader CLSID ASLR bypass download attempt (file-office.rules) * 1:40628 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt (file-office.rules) * 1:40629 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt (file-office.rules) * 1:40630 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRLoader ASLR bypass download attempt (file-office.rules) * 1:40631 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded wrLoader ASLR bypass download attempt (file-office.rules) * 1:40632 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly CLSID ASLR bypass download attempt (file-office.rules) * 1:40633 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRLoader CLSID ASLR bypass download attempt (file-office.rules) * 1:40634 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly CLSID ASLR bypass download attempt (file-office.rules) * 1:40635 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRLoader CLSID ASLR bypass download attempt (file-office.rules) * 1:40639 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA addInstance use after free attempt (file-pdf.rules) * 1:40640 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA addInstance use after free attempt (file-pdf.rules) * 1:40641 <-> DISABLED <-> FILE-PDF Adobe Reader XFA relayoutPageArea JavaScript out of bounds memory access attempt (file-pdf.rules) * 1:40642 <-> DISABLED <-> FILE-PDF Adobe Reader XFA relayoutPageArea JavaScript out of bounds memory access attempt (file-pdf.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40645 <-> ENABLED <-> FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt (file-image.rules) * 1:40646 <-> ENABLED <-> FILE-IMAGE Microsoft Windows asycfilt.dll malformed jpeg buffer overread attempt (file-image.rules) * 1:40647 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:40648 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:40649 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt (browser-ie.rules) * 1:40650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt (browser-ie.rules) * 1:40651 <-> DISABLED <-> BROWSER-IE Microsoft Edge webkit directory file disclosure attempt (browser-ie.rules) * 1:40652 <-> DISABLED <-> BROWSER-IE Microsoft Edge webkit directory file disclosure attempt (browser-ie.rules) * 1:40653 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer msSaveBlob use after free attempt (browser-ie.rules) * 1:40654 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer msSaveBlob use after free attempt (browser-ie.rules) * 1:40655 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:40656 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt (browser-ie.rules) * 1:40657 <-> ENABLED <-> OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (os-windows.rules) * 1:40658 <-> ENABLED <-> OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (os-windows.rules) * 1:40659 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra.dll Array.splice heap overflow attempt (browser-ie.rules) * 1:40660 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra.dll Array.splice heap overflow attempt (browser-ie.rules) * 1:40661 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:40662 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:40663 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtGdiSetBitmapAttributes privilege escalation attempt (os-windows.rules) * 1:40664 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtGdiSetBitmapAttributes privilege escalation attempt (os-windows.rules) * 1:40665 <-> ENABLED <-> OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (os-windows.rules) * 1:40666 <-> ENABLED <-> OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (os-windows.rules) * 1:40667 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word PrcData out of bounds read attempt (file-office.rules) * 1:40668 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word PrcData out of bounds read attempt (file-office.rules) * 1:40669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:40670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:40671 <-> DISABLED <-> OS-WINDOWS Microsoft windows InProcServer32 privilege escalation attempt (os-windows.rules) * 1:40672 <-> DISABLED <-> OS-WINDOWS Microsoft windows InProcServer32 privilege escalation attempt (os-windows.rules) * 1:40673 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out of bounds read attempt (file-office.rules) * 1:40674 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out of bounds read attempt (file-office.rules) * 1:40675 <-> ENABLED <-> BROWSER-IE Microsoft Edge video html tag buffer overflow attempt (browser-ie.rules) * 1:40676 <-> ENABLED <-> BROWSER-IE Microsoft Edge video html tag buffer overflow attempt (browser-ie.rules) * 1:40677 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler SystemLocal NTLM remote path authentication challenge attempt (os-windows.rules) * 1:40678 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler SystemLocal NTLM remote path authentication challenge attempt (os-windows.rules) * 1:40679 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out of bounds read attempt (file-office.rules) * 1:40680 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib out of bounds read attempt (file-office.rules) * 1:40681 <-> ENABLED <-> FILE-OFFICE Microsoft PowerPoint ntdll out of bounds read attempt (file-office.rules) * 1:40682 <-> ENABLED <-> FILE-OFFICE Microsoft PowerPoint ntdll out of bounds read attempt (file-office.rules) * 1:40683 <-> ENABLED <-> BROWSER-IE Microsoft Edge stack variable memory access attempt (browser-ie.rules) * 1:40684 <-> ENABLED <-> BROWSER-IE Microsoft Edge stack variable memory access attempt (browser-ie.rules) * 1:40685 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys MegSetLensContextInformation use after free attempt (os-windows.rules) * 1:40686 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys MegSetLensContextInformation use after free attempt (os-windows.rules) * 1:40687 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys GetDIBits out of bounds read attempt (os-windows.rules) * 1:40688 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys GetDIBits out of bounds read attempt (os-windows.rules) * 1:40689 <-> ENABLED <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (file-other.rules) * 1:40690 <-> ENABLED <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (file-other.rules) * 1:40691 <-> ENABLED <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (file-other.rules) * 1:40692 <-> ENABLED <-> FILE-OTHER Microsoft Windows BLF file local privilege escalation attempt (file-other.rules) * 1:40693 <-> ENABLED <-> OS-WINDOWS Microsoft Windows VHDMP generic privilege escalation attempt (os-windows.rules) * 1:40694 <-> ENABLED <-> OS-WINDOWS Microsoft Windows VHDMP generic privilege escalation attempt (os-windows.rules) * 1:40695 <-> ENABLED <-> FILE-PDF Adobe Reader parser object use-after-free attempt (file-pdf.rules) * 1:40696 <-> ENABLED <-> FILE-PDF Adobe Reader parser object use-after-free attempt (file-pdf.rules) * 1:40697 <-> DISABLED <-> FILE-PDF Adobe Reader MakeAccessible plugin heap overflow attempt (file-pdf.rules) * 1:40698 <-> DISABLED <-> FILE-PDF Adobe Reader MakeAccessible plugin heap overflow attempt (file-pdf.rules) * 1:40699 <-> DISABLED <-> FILE-PDF Adobe Reader MakeAccessible plugin heap overflow attempt (file-pdf.rules) * 1:407 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable cndefined code (protocol-icmp.rules) * 1:40700 <-> DISABLED <-> FILE-PDF Adobe Reader MakeAccessible plugin heap overflow attempt (file-pdf.rules) * 1:40701 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word out of bounds memory read attempt (file-office.rules) * 1:40702 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word out of bounds memory read attempt (file-office.rules) * 1:40703 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt (browser-ie.rules) * 1:40704 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt (browser-ie.rules) * 1:40705 <-> ENABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40707 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript use after free attempt (file-pdf.rules) * 1:40708 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript use after free attempt (file-pdf.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40711 <-> ENABLED <-> FILE-OFFICE Microsoft Office 2016 arbitrary pointer dereference vulnerability attempt (file-office.rules) * 1:40712 <-> ENABLED <-> FILE-OFFICE Microsoft Office 2016 arbitrary pointer dereference vulnerability attempt (file-office.rules) * 1:40713 <-> DISABLED <-> BROWSER-IE Microsoft Edge JSON.parse information disclosure attempt (browser-ie.rules) * 1:40714 <-> DISABLED <-> BROWSER-IE Microsoft Edge JSON.parse information disclosure attempt (browser-ie.rules) * 1:40715 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:40716 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SST record use after free attempt (file-office.rules) * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules) * 1:40720 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SST record use after free attempt (file-office.rules) * 1:40721 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer print preview information disclosure attempt (browser-ie.rules) * 1:40722 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer print preview information disclosure attempt (browser-ie.rules) * 1:40723 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Viewer remote code execution attempt (file-office.rules) * 1:40724 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Viewer remote code execution attempt (file-office.rules) * 1:40725 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid signed integer attempt (file-office.rules) * 1:40726 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid signed integer attempt (file-office.rules) * 1:40727 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:40728 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:40729 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:40730 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:40731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDeskBand use-after-free attempt (browser-ie.rules) * 1:40732 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDeskBand use-after-free attempt (browser-ie.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40734 <-> ENABLED <-> FILE-FLASH Adobe Flash MovieClip proto chain manipulation targeting constructor use after free attempt (file-flash.rules) * 1:40735 <-> ENABLED <-> FILE-FLASH Adobe Flash MovieClip proto chain manipulation targeting constructor use after free attempt (file-flash.rules) * 1:40736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40738 <-> ENABLED <-> FILE-FLASH Adobe Adobe Flash Player ActionExtends use after free attempt (file-flash.rules) * 1:40739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionExtends use after free attempt (file-flash.rules) * 1:40740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player addCallback use after free attempt (file-flash.rules) * 1:40741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player addCallback use after free attempt (file-flash.rules) * 1:40742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40744 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK setObject type confusion attempt (file-flash.rules) * 1:40745 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK setObject type confusion attempt (file-flash.rules) * 1:40746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:40747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:40748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative setFocus use after free attempt (file-flash.rules) * 1:40749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative setFocus use after free attempt (file-flash.rules) * 1:40750 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR Series Routers HNAP stack buffer overflow attempt (server-webapp.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40754 <-> DISABLED <-> SERVER-WEBAPP Alienvault OSSIM gauge.php value SQL injection attempt (server-webapp.rules) * 1:40755 <-> DISABLED <-> FILE-FLASH Adobe Flash EnableDebugger2 obfuscation attempt (file-flash.rules) * 1:40756 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules) * 1:40757 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules) * 1:40758 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A backdoor root account access attempt (server-other.rules) * 1:40759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt (os-windows.rules) * 1:40760 <-> DISABLED <-> SERVER-OTHER OpenLDAP deref control denial of service attempt (server-other.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40766 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack directory traversal attempt (server-other.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40772 <-> DISABLED <-> PUA-ADWARE Win.Trojan.Miuref variant outbound connection (pua-adware.rules) * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:40776 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules) * 1:40777 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules) * 1:40778 <-> ENABLED <-> FILE-PDF Acrobat Reader Open Cascade Library memory corruption attempt (file-pdf.rules) * 1:40779 <-> ENABLED <-> FILE-PDF Acrobat Reader Open Cascade Library memory corruption attempt (file-pdf.rules) * 1:40780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:40781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40783 <-> DISABLED <-> SERVER-WEBAPP ZyXEL TR-064 GetSecurityKeys information disclosure attempt (server-webapp.rules) * 1:40784 <-> ENABLED <-> SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (server-webapp.rules) * 1:40785 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules) * 1:40786 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules) * 1:40787 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iertutil.dll long UNC redirect out of bounds read attempt (browser-ie.rules) * 1:40788 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iertutil.dll long UNC redirect out of bounds read attempt (browser-ie.rules) * 1:40791 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40792 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40793 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40794 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40798 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player IExternalizable deserialization use after free attempt (file-flash.rules) * 1:40799 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player IExternalizable deserialization use after free attempt (file-flash.rules) * 1:408 <-> DISABLED <-> PROTOCOL-ICMP Echo Reply (protocol-icmp.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40801 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules) * 1:40802 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules) * 1:40803 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules) * 1:40804 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules) * 1:40805 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules) * 1:40806 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules) * 1:40807 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules) * 1:40808 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules) * 1:40809 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules) * 1:40810 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules) * 1:40811 <-> DISABLED <-> SERVER-OTHER NTP origin timestamp denial of service attempt (server-other.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40815 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_system administrator password reset attempt (server-webapp.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40817 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway new_whitelist.php command injection attempt (server-webapp.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:40820 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A systemlog.log information disclosure attempt (server-webapp.rules) * 1:40821 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A makeonekey.gz information disclosure attempt (server-webapp.rules) * 1:40822 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A getonekey.gz information disclosure attempt (server-webapp.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40825 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript recursive calls memory corruption attempt (file-pdf.rules) * 1:40826 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript recursive calls memory corruption attempt (file-pdf.rules) * 1:40827 <-> DISABLED <-> PUA-ADWARE MindSpark framework installer attempt (pua-adware.rules) * 1:40828 <-> DISABLED <-> INDICATOR-COMPROMISE Malicious script redirect attempt (indicator-compromise.rules) * 1:40829 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules) * 1:40830 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:40837 <-> DISABLED <-> SERVER-WEBAPP Veritas NetBackup Appliance getLicense command injection attempt (server-webapp.rules) * 1:40838 <-> DISABLED <-> SERVER-WEBAPP Veritas NetBackup Appliance getLicense command injection attempt (server-webapp.rules) * 1:40839 <-> DISABLED <-> PUA-ADWARE Sokuxuan outbound connection attempt (pua-adware.rules) * 1:40840 <-> DISABLED <-> PUA-OTHER Bitcoin Mining subscribe Stratum protocol client request attempt (pua-other.rules) * 1:40841 <-> DISABLED <-> PUA-OTHER Bitcoin Mining authorize Stratum protocol client request attempt (pua-other.rules) * 1:40842 <-> DISABLED <-> PUA-OTHER Bitcoin Mining extranonce Stratum protocol subscribe client request attempt (pua-other.rules) * 1:40843 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 warning denial of service attempt (server-other.rules) * 1:40844 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:40845 <-> DISABLED <-> SERVER-OTHER OpenSSL Invalid CMS structure null pointer dereference attempt (server-other.rules) * 1:40846 <-> DISABLED <-> SERVER-APACHE Apache Subversion svnserve integer overflow attempt (server-apache.rules) * 1:40847 <-> DISABLED <-> SERVER-APACHE Apache Subversion svnserve integer overflow attempt (server-apache.rules) * 1:40848 <-> DISABLED <-> SERVER-APACHE Apache Subversion svnserve integer overflow attempt (server-apache.rules) * 1:40849 <-> DISABLED <-> SERVER-APACHE Apache Subversion svnserve integer overflow attempt (server-apache.rules) * 1:40850 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40851 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40852 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40853 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40854 <-> DISABLED <-> SERVER-WEBAPP VTSCADA WAP information disclosure attempt (server-webapp.rules) * 1:40855 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40856 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40857 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40858 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40859 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40860 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40861 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40862 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40863 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40864 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40865 <-> ENABLED <-> SERVER-WEBAPP Bassmaster Batch remote code execution attempt (server-webapp.rules) * 1:40866 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP SET_CONFIG type buffer overflow attempt (protocol-other.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40871 <-> DISABLED <-> MALWARE-OTHER Virut CnC command reply (malware-other.rules) * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules) * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules) * 1:40876 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT file transfer length memory disclosure attempt (server-other.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:40881 <-> DISABLED <-> SERVER-WEBAPP Wordpress Symposium get_album_item.php SQL injection attempt (server-webapp.rules) * 1:40882 <-> DISABLED <-> SERVER-WEBAPP Wordpress Symposium get_album_item.php SQL injection attempt (server-webapp.rules) * 1:40883 <-> ENABLED <-> SERVER-WEBAPP WordPress XMLRPC pingback ddos attempt (server-webapp.rules) * 1:40884 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:40885 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:40886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (os-windows.rules) * 1:40887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows keybd_event type confusion code execution attempt (os-windows.rules) * 1:40888 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox ESR NotifyTimeChange use after free attempt (browser-firefox.rules) * 1:40889 <-> DISABLED <-> SERVER-WEBAPP Barracuda WAF UPDATE_scan_information_in_use command injection attempt (server-webapp.rules) * 1:40890 <-> DISABLED <-> SERVER-WEBAPP Flexense DiskPulse Disk Change Monitor login buffer overflow attempt (server-webapp.rules) * 1:40891 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file download request (file-identify.rules) * 1:40892 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40893 <-> ENABLED <-> FILE-IDENTIFY R Programming Language source file file attachment detected (file-identify.rules) * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules) * 1:40896 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox ESR NotifyTimeChange use after free attempt (browser-firefox.rules) * 1:40897 <-> DISABLED <-> SERVER-OTHER ntpd mrulist control message command null pointer dereference attempt (server-other.rules) * 1:40898 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules) * 1:40899 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules) * 1:409 <-> DISABLED <-> PROTOCOL-ICMP Echo Reply undefined code (protocol-icmp.rules) * 1:40900 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules) * 1:40901 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules) * 1:40902 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules) * 1:40903 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules) * 1:40904 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules) * 1:40905 <-> ENABLED <-> SERVER-WEBAPP Oracle Weblogic default credentials login attempt (server-webapp.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:40907 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP Get_config configuration leak attempt (protocol-other.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40909 <-> DISABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:40912 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:40913 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Flokibot variant download attempt (malware-other.rules) * 1:40914 <-> ENABLED <-> FILE-IMAGE ImageMagick LibTIFF invalid SamplesPerPixel buffer overflow attempt (file-image.rules) * 1:40915 <-> ENABLED <-> FILE-IMAGE ImageMagick LibTIFF invalid SamplesPerPixel buffer overflow attempt (file-image.rules) * 1:40916 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A asqc.asp information disclosure attempt (server-webapp.rules) * 1:40917 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules) * 1:40918 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules) * 1:40919 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules) * 1:40920 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules) * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules) * 1:40923 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules) * 1:40924 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules) * 1:40925 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules) * 1:40926 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules) * 1:40927 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules) * 1:40928 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules) * 1:40929 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules) * 1:40930 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules) * 1:40931 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules) * 1:40932 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules) * 1:40933 <-> DISABLED <-> SERVER-WEBAPP Reference Design Kit ajax_network_diagnostic_tools.php command injection attempt (server-webapp.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40935 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40936 <-> ENABLED <-> FILE-EXECUTABLE Microsoft CLFS.sys information leak attempt (file-executable.rules) * 1:40937 <-> ENABLED <-> FILE-EXECUTABLE Microsoft CLFS.sys information leak attempt (file-executable.rules) * 1:40938 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint OpenType font overly large instructionLength out of bounds read attempt (file-office.rules) * 1:40939 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint OpenType font overly large instructionLength out of bounds read attempt (file-office.rules) * 1:40940 <-> DISABLED <-> FILE-OFFICE Microsoft Office hyperlink object out of bounds read attempt (file-office.rules) * 1:40941 <-> DISABLED <-> FILE-OFFICE Microsoft Office hyperlink object out of bounds read attempt (file-office.rules) * 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40944 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel CrtMlFrt record out of bounds read attempt (file-office.rules) * 1:40945 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel CrtMlFrt record out of bounds read attempt (file-office.rules) * 1:40946 <-> DISABLED <-> BROWSER-IE Microsoft Edge CSS browser history disclosure attempt (browser-ie.rules) * 1:40947 <-> ENABLED <-> OS-WINDOWS Microsoft Windows StripSolidHorizontal out of bounds memory access attempt (os-windows.rules) * 1:40948 <-> ENABLED <-> OS-WINDOWS Microsoft Windows StripSolidHorizontal out of bounds memory access attempt (os-windows.rules) * 1:40949 <-> DISABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules) * 1:40950 <-> DISABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules) * 1:40951 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XST structure out of bounds read attempt (file-office.rules) * 1:40952 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word XST structure out of bounds read attempt (file-office.rules) * 1:40953 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (os-windows.rules) * 1:40954 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (os-windows.rules) * 1:40955 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (os-windows.rules) * 1:40956 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ksecdd.sys kernel information disclosure attempt (os-windows.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40961 <-> DISABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (file-other.rules) * 1:40962 <-> ENABLED <-> FILE-OTHER Microsoft Office OLE DLL side load attempt (file-other.rules) * 1:40963 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel type confusion attempt (file-office.rules) * 1:40964 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel type confusion attempt (file-office.rules) * 1:40965 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:40966 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher out of bounds read attempt (file-office.rules) * 1:40967 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint WMF conversion information disclosure attempt (file-office.rules) * 1:40968 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint WMF conversion information disclosure attempt (file-office.rules) * 1:40969 <-> DISABLED <-> BROWSER-IE Microsoft Edge Object.defineProperty type confusion attempt (browser-ie.rules) * 1:40970 <-> DISABLED <-> BROWSER-IE Microsoft Edge Object.defineProperty type confusion attempt (browser-ie.rules) * 1:40971 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40972 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40973 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40974 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40975 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe information disclosure attempt (browser-ie.rules) * 1:40976 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe information disclosure attempt (browser-ie.rules) * 1:40977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel insecure workbook load via reference to named share attempt (file-office.rules) * 1:40978 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel insecure workbook load via reference to named share attempt (file-office.rules) * 1:40979 <-> ENABLED <-> FILE-IDENTIFY ico file download request (file-identify.rules) * 1:40980 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40981 <-> ENABLED <-> FILE-IDENTIFY ico file attachment detected (file-identify.rules) * 1:40982 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:40984 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MSIEXEC privilege escalation attempt (os-windows.rules) * 1:40985 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MSIEXEC privilege escalation attempt (os-windows.rules) * 1:40986 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer title integer overflow attempt (browser-ie.rules) * 1:40987 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer title integer overflow attempt (browser-ie.rules) * 1:40988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:40989 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:40990 <-> DISABLED <-> OS-WINDOWS empty PostScript Type 1 font pfb file null dereference attempt (os-windows.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:40992 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer information disclosure attempt (browser-ie.rules) * 1:40993 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer information disclosure attempt (browser-ie.rules) * 1:40994 <-> DISABLED <-> SERVER-WEBAPP Sony IPELA IP Cameras prima-factory.cgi telnet backdoor access attempt (server-webapp.rules) * 1:40995 <-> ENABLED <-> SERVER-OTHER Alcatel Lucent OmniVista arbitrary command execution attempt (server-other.rules) * 1:40996 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash Player ActionScript vulnerable RegExp verb usage detected (indicator-compromise.rules) * 1:40997 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash Player ActionScript vulnerable RegExp verb usage detected (indicator-compromise.rules) * 1:40998 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection proxyType invalid value out of bounds read attempt (file-flash.rules) * 1:40999 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection proxyType invalid value out of bounds read attempt (file-flash.rules) * 1:410 <-> DISABLED <-> PROTOCOL-ICMP Fragment Reassembly Time Exceeded (protocol-icmp.rules) * 1:41000 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash Player ActionScript vulnerable RegExp verb usage detected (indicator-compromise.rules) * 1:41001 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash Player ActionScript vulnerable RegExp verb usage detected (indicator-compromise.rules) * 1:41002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41004 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules) * 1:41005 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader QOSProvider object use after free attempt (file-flash.rules) * 1:41006 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash Player ActionScript vulnerable RegExp verb usage detected (indicator-compromise.rules) * 1:41007 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash Player ActionScript vulnerable RegExp verb usage detected (indicator-compromise.rules) * 1:41008 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash Player ActionScript vulnerable RegExp verb usage detected (indicator-compromise.rules) * 1:41009 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash Player ActionScript vulnerable RegExp verb usage detected (indicator-compromise.rules) * 1:41010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter integer overflow attempt (file-flash.rules) * 1:41011 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter integer overflow attempt (file-flash.rules) * 1:41012 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use after free attempt (file-flash.rules) * 1:41013 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use after free attempt (file-flash.rules) * 1:41014 <-> ENABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeDynamicProperties use-after-free attempt (file-flash.rules) * 1:41017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeDynamicProperties use-after-free attempt (file-flash.rules) * 1:41020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movie clip use after free attempt (file-flash.rules) * 1:41021 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movie clip use after free attempt (file-flash.rules) * 1:41022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:41023 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:41024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:41025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:31957 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules) * 1:3196 <-> DISABLED <-> OS-WINDOWS name query overflow attempt UDP (os-windows.rules) * 1:31964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31965 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit landing page (exploit-kit.rules) * 1:31966 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31967 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31970 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit redirection attempt (exploit-kit.rules) * 1:31971 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit multiple exploit download request (exploit-kit.rules) * 1:31972 <-> DISABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules) * 1:31974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules) * 1:31975 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules) * 1:31976 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules) * 1:31977 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules) * 1:31978 <-> ENABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules) * 1:31985 <-> ENABLED <-> OS-OTHER Malicious DHCP server bash environment variable injection attempt (os-other.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:3199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS name query overflow attempt TCP (os-windows.rules) * 1:31990 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31991 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules) * 1:31992 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31993 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31994 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31995 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31996 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31997 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31998 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:31999 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:320 <-> DISABLED <-> PROTOCOL-FINGER cmd_rootsh backdoor attempt (protocol-finger.rules) * 1:3200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS name query overflow attempt UDP (os-windows.rules) * 1:32000 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32001 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Upatre SSL Cert inbound (malware-cnc.rules) * 1:32002 <-> DISABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules) * 1:32003 <-> DISABLED <-> SERVER-WEBAPP Drupal xmlrp internal entity expansion denial of service attempt (server-webapp.rules) * 1:32004 <-> DISABLED <-> SERVER-WEBAPP Drupal xmlrp internal entity expansion denial of service attempt (server-webapp.rules) * 1:32005 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32006 <-> ENABLED <-> MALWARE-BACKDOOR AlienSpy RAT outbound connection (malware-backdoor.rules) * 1:32007 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope UploadFilesHandler unauthorized file upload attempt (server-webapp.rules) * 1:32008 <-> ENABLED <-> MALWARE-OTHER Fake Delta Ticket HTTP Response phishing attack (malware-other.rules) * 1:32009 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder inbound connection attempt - command (malware-cnc.rules) * 1:3201 <-> DISABLED <-> SERVER-IIS httpodbc.dll access - nimda (server-iis.rules) * 1:32010 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound telnet connection attempt (malware-cnc.rules) * 1:32011 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules) * 1:32012 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules) * 1:32013 <-> DISABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules) * 1:32014 <-> DISABLED <-> SERVER-WEBAPP GetSimpleCMS arbitrary PHP code execution attempt (server-webapp.rules) * 1:32015 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules) * 1:32016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Menteni variant outbound connection (malware-cnc.rules) * 1:32017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Memlog SMB file transfer (malware-cnc.rules) * 1:32018 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules) * 1:32020 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules) * 1:32021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:32023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules) * 1:32024 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32025 <-> ENABLED <-> FILE-FLASH Adobe Flash Player unsupported bitmapFormat value memory disclosure attempt (file-flash.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32028 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules) * 1:32029 <-> DISABLED <-> BROWSER-OTHER Android WebView same origin policy bypass attempt (browser-other.rules) * 1:32030 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules) * 1:32031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Decibal variant outbound connection (malware-cnc.rules) * 1:32033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larosden variant outbound connection (malware-cnc.rules) * 1:32034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules) * 1:32035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules) * 1:32036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules) * 1:32037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules) * 1:32038 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules) * 1:32039 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules) * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules) * 1:32041 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules) * 1:32042 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules) * 1:32043 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules) * 1:32044 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules) * 1:32045 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32046 <-> ENABLED <-> OS-OTHER Bash redir_stack here document handling denial of service attempt (os-other.rules) * 1:32047 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules) * 1:32049 <-> ENABLED <-> OS-OTHER Bash CGI nested loops word_lineno denial of service attempt (os-other.rules) * 1:32050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules) * 1:32052 <-> DISABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules) * 1:32053 <-> DISABLED <-> MALWARE-CNC Xsser mRAT GPS data upload (malware-cnc.rules) * 1:32054 <-> DISABLED <-> MALWARE-CNC Xsser mRAT file upload (malware-cnc.rules) * 1:32055 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Blohi variant outbound connection (malware-backdoor.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32057 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:32058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:32060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules) * 1:32061 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules) * 1:32062 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32063 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32064 <-> DISABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:32065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules) * 1:32066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32069 <-> ENABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules) * 1:32070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalgan variant outbound connection (malware-cnc.rules) * 1:32071 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules) * 1:32072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot configuration download attempt (malware-cnc.rules) * 1:32073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules) * 1:32074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zemot payload download attempt (malware-cnc.rules) * 1:32075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RTMP ping abort message double free attempt (file-flash.rules) * 1:32080 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32081 <-> ENABLED <-> MALWARE-BACKDOOR Linux.Backdoor.Starysu variant inbound connection (malware-backdoor.rules) * 1:32082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:32083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32086 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules) * 1:32087 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32088 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32089 <-> DISABLED <-> FILE-OTHER GNU tar PAX extended headers handling overflow attempt (file-other.rules) * 1:32090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules) * 1:32091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:32094 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:32095 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalette Record Memory Corruption attempt (file-office.rules) * 1:32096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules) * 1:32097 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32098 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32099 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:321 <-> DISABLED <-> PROTOCOL-FINGER account enumeration attempt (protocol-finger.rules) * 1:32100 <-> DISABLED <-> FILE-OTHER Adobe Flash Player integer overflow out-of-bounds read attempt (file-other.rules) * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32109 <-> DISABLED <-> SERVER-WEBAPP Easy File Management stack buffer overflow attempt (server-webapp.rules) * 1:32117 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising browser hijacker (pua-adware.rules) * 1:32118 <-> DISABLED <-> PUA-ADWARE MplayerX malvertising connectivity check (pua-adware.rules) * 1:32119 <-> DISABLED <-> PUA-ADWARE Vsearch installer User-Agent (pua-adware.rules) * 1:32120 <-> DISABLED <-> PUA-ADWARE Vsearch installer request (pua-adware.rules) * 1:32121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:32122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:32123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:32125 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules) * 1:32127 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure livelog.htmlcommand injection attempt (server-webapp.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:32129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:32130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:32131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:32133 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32136 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:32137 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element attribute use after free attempt (browser-ie.rules) * 1:32138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element attribute use after free attempt (browser-ie.rules) * 1:32139 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOM sandbox escape attempt (browser-ie.rules) * 1:32140 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOM sandbox escape attempt (browser-ie.rules) * 1:32141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 7 TrackPopupMenu code execution attempt (os-windows.rules) * 1:32147 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32148 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32153 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML use after free attempt (browser-ie.rules) * 1:32154 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML use after free attempt (browser-ie.rules) * 1:32155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer FormatContext Use after free attempt (browser-ie.rules) * 1:32156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer FormatContext Use after free attempt (browser-ie.rules) * 1:32157 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:32158 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:32159 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup Object use after free attempt (browser-ie.rules) * 1:32160 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup Object use after free attempt (browser-ie.rules) * 1:32161 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript invalid parameter denial of service attempt (browser-ie.rules) * 1:32162 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript invalid parameter denial of service attempt (browser-ie.rules) * 1:32163 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules) * 1:32164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32166 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32167 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer SVG heap corruption attempt (file-other.rules) * 1:32168 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTransientLookaside object use after free attempt (browser-ie.rules) * 1:32169 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTransientLookaside object use after free attempt (browser-ie.rules) * 1:32170 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32171 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader string replacement heap overflow attempt (file-pdf.rules) * 1:32172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackPOS stolen data transfer to internal staging area (malware-cnc.rules) * 1:32175 <-> DISABLED <-> MALWARE-CNC Osx.Backdoor.iWorm variant outbound connection (malware-cnc.rules) * 1:32179 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Plugx variant outbound connection (malware-cnc.rules) * 1:3218 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP winreg OpenKey overflow attempt (os-windows.rules) * 1:32180 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection incoming attempt (malware-cnc.rules) * 1:32181 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.ZxShell connection outgoing attempt (malware-cnc.rules) * 1:32182 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout AddRow out of bounds array access heap corruption attempt (browser-ie.rules) * 1:32183 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout AddRow out of bounds array access heap corruption attempt (browser-ie.rules) * 1:32184 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFunctionPointer use after free exploit attempt (browser-ie.rules) * 1:32185 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFunctionPointer use after free exploit attempt (browser-ie.rules) * 1:32186 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32187 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32188 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy3 outbound connection (malware-cnc.rules) * 1:32189 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy2 outbound connection (malware-cnc.rules) * 1:32190 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32191 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font parsing remote code execution attempt (os-windows.rules) * 1:32192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zxshell variant outbound connection (malware-cnc.rules) * 1:32193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dubrute variant outbound connection (malware-cnc.rules) * 1:32195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules) * 1:32196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules) * 1:32197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zerolocker variant outbound connection (malware-cnc.rules) * 1:32198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:322 <-> DISABLED <-> PROTOCOL-FINGER search query (protocol-finger.rules) * 1:32202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soaphrish variant outbound connection (malware-cnc.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:32204 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32205 <-> DISABLED <-> SERVER-OTHER SSLv3 POODLE CBC padding brute force attempt (server-other.rules) * 1:32206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:32220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy download detected (malware-cnc.rules) * 1:32222 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules) * 1:32223 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32224 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:32225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules) * 1:32226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:32227 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:32228 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:32229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:32230 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing without scripting (browser-ie.rules) * 1:32231 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing without scripting (browser-ie.rules) * 1:32232 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32234 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32236 <-> DISABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation memory corruption attempt (file-flash.rules) * 1:32240 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:32243 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clemint variant outbound connection (malware-cnc.rules) * 1:32244 <-> DISABLED <-> BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt (browser-firefox.rules) * 1:32245 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:32246 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:32247 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot command execution attempt (malware-backdoor.rules) * 1:32248 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot file edit attempt (malware-backdoor.rules) * 1:32249 <-> ENABLED <-> MALWARE-BACKDOOR PHP IRCBot port bind attempt (malware-backdoor.rules) * 1:32250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq.variant outbound detected (malware-cnc.rules) * 1:32251 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32252 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file attachment detected (file-identify.rules) * 1:32253 <-> ENABLED <-> FILE-IDENTIFY Basic Control Engine file download request (file-identify.rules) * 1:32254 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules) * 1:32255 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules) * 1:32256 <-> ENABLED <-> FILE-OTHER GE Cimplicity bcl file loading external file attempt (file-other.rules) * 1:32257 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules) * 1:32258 <-> ENABLED <-> FILE-OTHER GE Cimplicity CimView load remote file attempt (file-other.rules) * 1:32259 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy INF file download attempt (malware-cnc.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules) * 1:32261 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure conflivelog.pl install license command injection attempt (server-webapp.rules) * 1:32262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules) * 1:32263 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Active X installer broker privilege elevation attempt (browser-ie.rules) * 1:32264 <-> DISABLED <-> BROWSER-IE ActiveX installer broker object sandbox escape attempt (browser-ie.rules) * 1:32265 <-> DISABLED <-> BROWSER-IE ActiveX installer broker object sandbox escape attempt (browser-ie.rules) * 1:32266 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 out of bounds array access attempt (browser-ie.rules) * 1:32267 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 out of bounds array access attempt (browser-ie.rules) * 1:32268 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32272 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spamnost variant outbound connection (malware-cnc.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32276 <-> DISABLED <-> SERVER-WEBAPP WordPress Infusionsoft Gravity Forms Plugin arbitrary code execution attempt (server-webapp.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules) * 1:32294 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules) * 1:32295 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules) * 1:32296 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules) * 1:323 <-> DISABLED <-> PROTOCOL-FINGER root query (protocol-finger.rules) * 1:32301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:32311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32313 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32314 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32315 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32316 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32317 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:32318 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:32319 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32320 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink locationAttributeSetter use after free attempt (browser-chrome.rules) * 1:32321 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32322 <-> DISABLED <-> SERVER-OTHER Generic JPEG stored cross site scripting attempt (server-other.rules) * 1:32323 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin SQL export attempt (server-webapp.rules) * 1:32324 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin arbitrary SQL execution attempt (server-webapp.rules) * 1:32328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant download request (malware-cnc.rules) * 1:32329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maener variant outbound connection (malware-cnc.rules) * 1:32332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:32333 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules) * 1:32334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules) * 1:32335 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules) * 1:32336 <-> DISABLED <-> OS-OTHER Bash CGI environment variable injection attempt (os-other.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:32338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules) * 1:32339 <-> DISABLED <-> PUA-ADWARE Nosibay Bubble Dock freeware auto update outbound connection (pua-adware.rules) * 1:3234 <-> DISABLED <-> OS-WINDOWS Messenger message little endian overflow attempt (os-windows.rules) * 1:32341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cakwerd variant outbound connection (malware-cnc.rules) * 1:32342 <-> ENABLED <-> SERVER-OTHER AlienVault OSSIM framework backup_restore action command injection attempt (server-other.rules) * 1:32343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound spam attempt (malware-cnc.rules) * 1:32344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound spam attempt (malware-cnc.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:3235 <-> DISABLED <-> OS-WINDOWS Messenger message overflow attempt (os-windows.rules) * 1:32350 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:32351 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:32352 <-> ENABLED <-> SERVER-WEBAPP Centreon displayServiceStatus.php command injection attempt (server-webapp.rules) * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules) * 1:32354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsune variant outbound connection (malware-cnc.rules) * 1:32355 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript variable obfuscation (indicator-obfuscation.rules) * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules) * 1:32357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules) * 1:32358 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:32359 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:32360 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:32361 <-> DISABLED <-> FILE-OTHER Microsoft Windows Briefcase integer overflow (file-other.rules) * 1:32362 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:32363 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:32364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32365 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32366 <-> DISABLED <-> OS-OTHER Bash environment variable injection attempt (os-other.rules) * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules) * 1:32368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules) * 1:32373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules) * 1:32374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules) * 1:32376 <-> DISABLED <-> SERVER-OTHER Citrix NetScaler stack buffer overflow attempt (server-other.rules) * 1:32377 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules) * 1:3238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP irot IrotIsRunning/Revoke overflow attempt (os-windows.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32384 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:32386 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound structure (exploit-kit.rules) * 1:32387 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit jar file download (exploit-kit.rules) * 1:32388 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:32389 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Oracle Java request (exploit-kit.rules) * 1:3239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP irot IrotIsRunning/Revoke overflow attempt (os-windows.rules) * 1:32390 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:32394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules) * 1:32399 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit outbound Oracle Java request (exploit-kit.rules) * 1:324 <-> DISABLED <-> PROTOCOL-FINGER null request (protocol-finger.rules) * 1:32400 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Parama attempted outbound connection (malware-cnc.rules) * 1:32401 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules) * 1:32402 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32404 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32406 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32408 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ECDSA certificate validation bypass attempt (os-windows.rules) * 1:32414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32415 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32417 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32419 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32420 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32421 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel ECDH key exchange heap overflow attempt (os-windows.rules) * 1:32422 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt (os-windows.rules) * 1:32423 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt (os-windows.rules) * 1:32424 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules) * 1:32425 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules) * 1:32426 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contentEditable use after free attempt (browser-ie.rules) * 1:32427 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contentEditable use after free attempt (browser-ie.rules) * 1:32428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document malicious lcbSttbfBkmkArto value attempt (file-office.rules) * 1:32430 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHeaderElement object use-after-free remote code execution attempt (browser-ie.rules) * 1:32431 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHeaderElement object use-after-free remote code execution attempt (browser-ie.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32436 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer document.URL override information disclosure attempt (browser-ie.rules) * 1:32437 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer document.URL override information disclosure attempt (browser-ie.rules) * 1:32438 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CHTMLEditorProxy use after free attempt (browser-ie.rules) * 1:32439 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CHTMLEditorProxy use after free attempt (browser-ie.rules) * 1:32440 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:32441 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:32442 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElementIDContextList use after free attempt (browser-ie.rules) * 1:32443 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElementIDContextList use after free attempt (browser-ie.rules) * 1:32451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules) * 1:32455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules) * 1:32456 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant outbound connection (malware-cnc.rules) * 1:32457 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Effseart variant inbound connection (malware-cnc.rules) * 1:32458 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clipboardData unauthorized JavaScript read and write attempt (browser-ie.rules) * 1:32459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clipboardData unauthorized JavaScript read and write attempt (browser-ie.rules) * 1:32460 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPtsTextParaclient out of bounds error remote code execution attempt (browser-ie.rules) * 1:32461 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPtsTextParaclient out of bounds error remote code execution attempt (browser-ie.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:32464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker variant outbound connection (malware-cnc.rules) * 1:32465 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32466 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32467 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32468 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS large number of session tickets sent - possible dos attempt (server-other.rules) * 1:32469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules) * 1:32470 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32471 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32472 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32473 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32474 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32475 <-> ENABLED <-> OS-WINDOWS .NET Framework BinaryServerFormatterSink-ProcessMessage IMessage corruption attempt (os-windows.rules) * 1:32476 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32477 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bOffset value overflow attempt (file-office.rules) * 1:32478 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSecurityContext use after free attempt (browser-ie.rules) * 1:32479 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSecurityContext use after free attempt (browser-ie.rules) * 1:32481 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:32482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer pasteHTML use after free attempt (browser-ie.rules) * 1:32483 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer pasteHTML use after free attempt (browser-ie.rules) * 1:32484 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer immutable application settings sandbox escape attempt (browser-ie.rules) * 1:32485 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer immutable application settings sandbox escape attempt (browser-ie.rules) * 1:32486 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules) * 1:32487 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules) * 1:32488 <-> DISABLED <-> INDICATOR-COMPROMISE .com- potentially malicious hostname (indicator-compromise.rules) * 1:32489 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows tcpip.sys null pointer dereference attempt (os-windows.rules) * 1:32491 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer information disclosure attempt (browser-ie.rules) * 1:32492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer information disclosure attempt (browser-ie.rules) * 1:32493 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32494 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA variant outbound connection (malware-cnc.rules) * 1:32495 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CStyleSheet object use after free attempt (browser-ie.rules) * 1:32496 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CStyleSheet object use after free attempt (browser-ie.rules) * 1:32497 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:32498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:32499 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32500 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer EPM sandbox escape attempt (file-other.rules) * 1:32501 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32502 <-> ENABLED <-> FILE-OTHER Microsoft XML invalid priority in xsl template (file-other.rules) * 1:32504 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32505 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Kiler attempted outbound connection (malware-cnc.rules) * 1:32506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules) * 1:32508 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules) * 1:32509 <-> ENABLED <-> FILE-OTHER Oracle Java SE GSUB FeatureCount Buffer Overflow attempt (file-other.rules) * 1:32510 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules) * 1:32511 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32512 <-> DISABLED <-> MALWARE-CNC PCRat variant outbound connection (malware-cnc.rules) * 1:32513 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules) * 1:32514 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32516 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:32518 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32519 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer registry symbolic link attack attempt (file-other.rules) * 1:32521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 2.0 possible TOR client retrieval attempt (malware-cnc.rules) * 1:32523 <-> DISABLED <-> BROWSER-OTHER FreeBSD tnftp fetch_url client side command injection attempt (browser-other.rules) * 1:32524 <-> DISABLED <-> BROWSER-OTHER FreeBSD tnftp fetch_url client side command injection attempt (browser-other.rules) * 1:32525 <-> ENABLED <-> BROWSER-OTHER FreeBSD tnftp client detected (browser-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32527 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (server-webapp.rules) * 1:32528 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (server-webapp.rules) * 1:32529 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Vkont variant outbound connection (malware-cnc.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32532 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:32533 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL Server XPath memory Corruption attempt (server-mysql.rules) * 1:32534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player decompressed microphone object codec denial of service attempt (file-flash.rules) * 1:32542 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed microphone object codec denial of service attempt (file-flash.rules) * 1:32544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32546 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP Enterprise Manager XML entity injection attempt (server-webapp.rules) * 1:32547 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP Enterprise Manager XML entity injection attempt (server-webapp.rules) * 1:32548 <-> DISABLED <-> MALWARE-CNC Mac.Backdoor.iWorm attempted outbound connection (malware-cnc.rules) * 1:32550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Extant variant outbound connection (malware-cnc.rules) * 1:32551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:32552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect codec denial of service attempt (file-flash.rules) * 1:32554 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit landing page detected (exploit-kit.rules) * 1:32555 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit outbound Oracle Java jar request (exploit-kit.rules) * 1:32556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules) * 1:32558 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32559 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32560 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setglobalslot malformed bytecode remote code execution attempt (file-flash.rules) * 1:32562 <-> ENABLED <-> FILE-OTHER Oracle Java awt_setPixels out-of-bounds read attempt (file-other.rules) * 1:32563 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts arbitrary file upload attempt (server-webapp.rules) * 1:32564 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32565 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32566 <-> DISABLED <-> POLICY-OTHER SSLv3 CBC client connection attempt (policy-other.rules) * 1:32567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32568 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32570 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF header integer overflow attempt (file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32572 <-> DISABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32578 <-> ENABLED <-> PUA-OTHER Request for known malware domain pierrejb.agora.eu.org (pua-other.rules) * 1:32579 <-> DISABLED <-> SERVER-WEBAPP Reflected file download attempt (server-webapp.rules) * 1:32580 <-> DISABLED <-> SERVER-WEBAPP Reflected file download attempt (server-webapp.rules) * 1:32581 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32582 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:32585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:32587 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Series record exploit attempt (file-office.rules) * 1:32588 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32589 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Selection exploit attempt (file-office.rules) * 1:32592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed JPEG information leak attempt (file-flash.rules) * 1:32598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules) * 1:326 <-> DISABLED <-> PROTOCOL-FINGER remote command execution attempt (protocol-finger.rules) * 1:32600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Mysayad file wipe attempt (malware-cnc.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules) * 1:32605 <-> DISABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules) * 1:32606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules) * 1:32607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt (malware-cnc.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:32611 <-> DISABLED <-> SERVER-WEBAPP phpMemcachedAdmin path traversal attempt (server-webapp.rules) * 1:32613 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32614 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jadowndec attempted outbound connection (malware-cnc.rules) * 1:32615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:32616 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32617 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file attachment detected (file-identify.rules) * 1:32618 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Registry file download request (file-identify.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32625 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DV record buffer overflow attempt (file-office.rules) * 1:32626 <-> DISABLED <-> BROWSER-PLUGINS Adobe Flash broker privilege escalation file creation attempt (browser-plugins.rules) * 1:32627 <-> DISABLED <-> BROWSER-PLUGINS Adobe Flash broker privilege escalation file creation attempt (browser-plugins.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32629 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32631 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:32632 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality ActiveX clsid access (browser-plugins.rules) * 1:32633 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality ActiveX function call access (browser-plugins.rules) * 1:32634 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality ActiveX clsid access (browser-plugins.rules) * 1:32635 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality ActiveX function call access (browser-plugins.rules) * 1:32636 <-> DISABLED <-> FILE-OTHER fCreateShellLink function use - potential attack (file-other.rules) * 1:32637 <-> DISABLED <-> PROTOCOL-TFTP UDP large packet use after free attempt (protocol-tftp.rules) * 1:32638 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Adobe Flash exploit on defined port (exploit-kit.rules) * 1:32639 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jar file requested on defined port (exploit-kit.rules) * 1:32640 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit outbound payload detection (exploit-kit.rules) * 1:32641 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit Oracle Java jnlp file requested on defined port (exploit-kit.rules) * 1:32642 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:32643 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:32644 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:32645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules) * 1:32646 <-> DISABLED <-> INDICATOR-COMPROMISE Potential malware download - _pdf.exe within .zip file (indicator-compromise.rules) * 1:32647 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32648 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32649 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32650 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32651 <-> DISABLED <-> SERVER-MYSQL Oracle MySQL Server InnoDB Memcached plugin resource exhaustion attempt (server-mysql.rules) * 1:32665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32667 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chopstick variant outbound request (malware-cnc.rules) * 1:32668 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32669 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray.uncompress use after free attempt (file-flash.rules) * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules) * 1:32671 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:32672 <-> DISABLED <-> SERVER-OTHER Cisco ios ftp proxy overflow attempt (server-other.rules) * 1:32673 <-> DISABLED <-> SERVER-OTHER Web Service on Devices API WSDAPI URL processing buffer corruption attempt (server-other.rules) * 1:32674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wiper variant outbound connection (malware-cnc.rules) * 1:32677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:32679 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer lineboxbuilder out of bound array access attempt (browser-ie.rules) * 1:32680 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer lineboxbuilder out of bound array access attempt (browser-ie.rules) * 1:32681 <-> DISABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access parameter cross site scripting attempt (server-webapp.rules) * 1:32682 <-> DISABLED <-> SERVER-WEBAPP Microsoft Outlook Web Access parameter cross site scripting attempt (server-webapp.rules) * 1:32683 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32684 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel blip image use after free attempt (file-office.rules) * 1:32685 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setTimeout use after free attempt (browser-ie.rules) * 1:32686 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer setTimeout use after free attempt (browser-ie.rules) * 1:32687 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32688 <-> DISABLED <-> FILE-OFFICE Microsoft Office use after free (file-office.rules) * 1:32689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style object type confusion attempt (browser-ie.rules) * 1:32690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style object type confusion attempt (browser-ie.rules) * 1:32691 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer NodeFilter use after free attempt (browser-ie.rules) * 1:32692 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer NodeFilter use after free attempt (browser-ie.rules) * 1:32693 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS out-of-bounds buffer access attempt (browser-ie.rules) * 1:32694 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS out-of-bounds buffer access attempt (browser-ie.rules) * 1:32695 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32696 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32697 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32698 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32699 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:327 <-> DISABLED <-> PROTOCOL-FINGER remote command pipe execution attempt (protocol-finger.rules) * 1:32700 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32701 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32702 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32703 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use of rtf file in clipboard attempt (browser-ie.rules) * 1:32704 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use of rtf file in clipboard attempt (browser-ie.rules) * 1:32705 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA meeting invite XSS attempt (server-mail.rules) * 1:32706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules) * 1:32707 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32708 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object use after free attempt (file-office.rules) * 1:32709 <-> ENABLED <-> BROWSER-IE VBScript RegEx use-after-free attempt (browser-ie.rules) * 1:32710 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSS filter bypass attempt (browser-ie.rules) * 1:32711 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32712 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word array index out-of-bounds attempt (file-office.rules) * 1:32713 <-> DISABLED <-> BROWSER-OTHER Microsoft Internet Explorer cross site scripting filter bypass attempt (browser-other.rules) * 1:32714 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTableSection remote code execution attempt (browser-ie.rules) * 1:32715 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 CTableSection remote code execution attempt (browser-ie.rules) * 1:32716 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:32717 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:32718 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32719 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:32720 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules) * 1:32721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules) * 1:32722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CButton object use after free attempt (browser-ie.rules) * 1:32723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CButton object use after free attempt (browser-ie.rules) * 1:32724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos insertAdjacentText use after free attempt (browser-ie.rules) * 1:32725 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos insertAdjacentText use after free attempt (browser-ie.rules) * 1:32727 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Uclinu variant outbound connection (malware-cnc.rules) * 1:32728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olegb variant outbound connection (malware-cnc.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:3273 <-> DISABLED <-> SQL sa brute force failed login unicode attempt (sql.rules) * 1:32730 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules) * 1:32731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:32734 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Typideg variant outbound connection (malware-cnc.rules) * 1:32735 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32736 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoPHP variant outbound connection (malware-cnc.rules) * 1:32737 <-> DISABLED <-> SERVER-OTHER Lianja SQL Server db_netserver Buffer Overflow attempt (server-other.rules) * 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:3274 <-> ENABLED <-> PROTOCOL-TELNET login buffer non-evasive overflow attempt (protocol-telnet.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32742 <-> ENABLED <-> SERVER-WEBAPP Arris VAP2500 tools_command.php command execution attempt (server-webapp.rules) * 1:32743 <-> DISABLED <-> MALWARE-CNC VGABot IRC communication attempt (malware-cnc.rules) * 1:32744 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer DisplayChartPDF directory traversal attempt (server-webapp.rules) * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (server-webapp.rules) * 1:32746 <-> DISABLED <-> SERVER-WEBAPP Wordpress OptimizePress plugin theme upload attempt (server-webapp.rules) * 1:32747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragebot variant outbound connection (malware-cnc.rules) * 1:32748 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor HMI /res buffer overflow attempt (server-other.rules) * 1:32749 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32753 <-> DISABLED <-> SERVER-WEBAPP FreePBX Framework Asterisk recording interface PHP unserialize code execution attempt (server-webapp.rules) * 1:32754 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:32755 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32756 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32757 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32758 <-> DISABLED <-> SERVER-OTHER TLSv1.0 POODLE CBC padding brute force attempt (server-other.rules) * 1:32759 <-> DISABLED <-> SERVER-OTHER TLSv1.1 POODLE CBC padding brute force attempt (server-other.rules) * 1:32760 <-> DISABLED <-> SERVER-OTHER TLSv1.2 POODLE CBC padding brute force attempt (server-other.rules) * 1:32761 <-> DISABLED <-> SERVER-WEBAPP dBlog CMS m parameter SQL injection attempt (server-webapp.rules) * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules) * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules) * 1:32764 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32765 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32766 <-> DISABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32767 <-> ENABLED <-> FILE-FLASH Adobe ActionScript malformed pushwith opcode attempt (file-flash.rules) * 1:32768 <-> DISABLED <-> SQL PK-CMS SQL injection attempt (sql.rules) * 1:32769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WOWCheckC Attempted CNC (malware-cnc.rules) * 1:32770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:32771 <-> DISABLED <-> MALWARE-OTHER Adobe Invoice email scam phishing attempt (malware-other.rules) * 1:32772 <-> DISABLED <-> MALWARE-OTHER Adobe License Key email scam phishing attempt (malware-other.rules) * 1:32773 <-> DISABLED <-> SERVER-WEBAPP Symantec messaging gateway management console cross-site scripting attempt (server-webapp.rules) * 1:32774 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC backdoor login attempt (server-other.rules) * 1:32775 <-> DISABLED <-> SERVER-OTHER Siemens Simatic S7-300 PLC remote memory dump (server-other.rules) * 1:32776 <-> DISABLED <-> MALWARE-CNC FIN4 VBA Macro credentials upload attempt (malware-cnc.rules) * 1:32777 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CheaderElement use after free attempt (browser-ie.rules) * 1:32778 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CheaderElement use after free attempt (browser-ie.rules) * 1:32780 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32791 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules) * 1:32792 <-> DISABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32798 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:328 <-> DISABLED <-> PROTOCOL-FINGER bomb attempt (protocol-finger.rules) * 1:32800 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32803 <-> ENABLED <-> EXPLOIT-KIT CK exploit kit landing page (exploit-kit.rules) * 1:32804 <-> ENABLED <-> EXPLOIT-KIT known malicious javascript packer detected (exploit-kit.rules) * 1:32805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32806 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32813 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32821 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32822 <-> DISABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32824 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel variant outbound connection (malware-cnc.rules) * 1:32825 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules) * 1:32826 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32841 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX clsid access (browser-plugins.rules) * 1:32842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:32844 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:32845 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - 209.53.113.223 (app-detect.rules) * 1:32846 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - absolute.com (app-detect.rules) * 1:32847 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - bh.namequery.com (app-detect.rules) * 1:32848 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - namequery.nettrace.co.za (app-detect.rules) * 1:32849 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search.us.namequery.com (app-detect.rules) * 1:32850 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search2.namequery.com (app-detect.rules) * 1:32851 <-> DISABLED <-> APP-DETECT Absolute Software Computrace outbound connection - search64.namequery.com (app-detect.rules) * 1:32852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules) * 1:32854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loodir outbound connection (malware-cnc.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:32857 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32858 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32859 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32860 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32861 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32862 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32864 <-> DISABLED <-> APP-DETECT I2P NetBIOS name resolution request attempt (app-detect.rules) * 1:32865 <-> DISABLED <-> APP-DETECT I2P DNS request attempt (app-detect.rules) * 1:32866 <-> DISABLED <-> APP-DETECT I2P UPNP query attempt (app-detect.rules) * 1:32867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader resampling invalid graphic matrix value attempt (file-pdf.rules) * 1:32869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:32870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt (os-windows.rules) * 1:32871 <-> DISABLED <-> OS-WINDOWS Multiple product mailto uri handling code execution attempt (os-windows.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:32873 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray crash attempt (file-flash.rules) * 1:32875 <-> DISABLED <-> MALWARE-TOOLS BlackSpider Tool ali.txt file upload attempt (malware-tools.rules) * 1:32876 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Microsoft Silverlight exploit request (exploit-kit.rules) * 1:32877 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32878 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound Adobe Flash exploit request (exploit-kit.rules) * 1:32879 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit payload delivery (exploit-kit.rules) * 1:32880 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:32882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ksypypro outbound connection (malware-cnc.rules) * 1:32883 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32884 <-> DISABLED <-> FILE-OTHER Adobe Reader MoveFileEx arbitrary file write attempt (file-other.rules) * 1:32885 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (server-webapp.rules) * 1:32886 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (server-webapp.rules) * 1:32887 <-> DISABLED <-> SERVER-WEBAPP ActualScripts ActualAnalyzer aa.php command injection attempt (server-webapp.rules) * 1:32888 <-> ENABLED <-> INDICATOR-COMPROMISE Potential Redirect from Compromised WordPress site to Fedex - Spammed Malware Download attempt (indicator-compromise.rules) * 1:32889 <-> DISABLED <-> FILE-IMAGE Microsoft and libpng multiple products PNG large image width overflow attempt (file-image.rules) * 1:32890 <-> DISABLED <-> SERVER-OTHER ntpd multiple vector buffer overflow attempt (server-other.rules) * 1:32891 <-> DISABLED <-> MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials (malware-cnc.rules) * 1:32892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules) * 1:32893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules) * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32896 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32897 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32898 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32899 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:32900 <-> DISABLED <-> FILE-FLASH Adobe Flash pepper player 307 redirect custom header cross domain policy evasion attempt (file-flash.rules) * 1:32901 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules) * 1:32902 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules) * 1:32903 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32904 <-> DISABLED <-> FILE-OTHER Oracle Database Server XML stack buffer overflow attempt (file-other.rules) * 1:32907 <-> DISABLED <-> POLICY-OTHER PirateBrowser User-Agent detected (policy-other.rules) * 1:32908 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules) * 1:32911 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32912 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32913 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32914 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32915 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32916 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper outbound communication attempt (malware-backdoor.rules) * 1:32917 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper inbound communication attempt (malware-backdoor.rules) * 1:32918 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Wiper download attempt (malware-backdoor.rules) * 1:32919 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32920 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32921 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32925 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32926 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32927 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32929 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper listener download attempt (malware-other.rules) * 1:32934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Wiper download attempt (malware-other.rules) * 1:32936 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tools download attempt (malware-tools.rules) * 1:32937 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy communication attempt (malware-tools.rules) * 1:32938 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Wiper proxy tool download attempt (malware-tools.rules) * 1:32939 <-> DISABLED <-> SERVER-WEBAPP Wordpress XSS Clean and Simple Contact Form plugin cross-site scripting attempt (server-webapp.rules) * 1:32940 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:32941 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32942 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SLK file excessive Picture records exploit attempt (file-office.rules) * 1:32943 <-> DISABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:32945 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32946 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file attachment detected (file-identify.rules) * 1:32947 <-> ENABLED <-> FILE-IDENTIFY .scr executable screensaver file download request (file-identify.rules) * 1:32948 <-> DISABLED <-> INDICATOR-COMPROMISE Download of executable screensaver file (indicator-compromise.rules) * 1:32949 <-> DISABLED <-> MALWARE-OTHER Download of executable screensaver file (malware-other.rules) * 1:32950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bladabindi variant outbound connection (malware-cnc.rules) * 1:32951 <-> DISABLED <-> POLICY-OTHER base64 encoded executable file download (policy-other.rules) * 1:32952 <-> DISABLED <-> SERVER-WEBAPP iCloud Apple ID brute-force login attempt (server-webapp.rules) * 1:32953 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32954 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32955 <-> DISABLED <-> SERVER-OTHER XCat Blind XPath Injection attempt (server-other.rules) * 1:32956 <-> DISABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules) * 1:32957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound SOAP connection attempt (malware-cnc.rules) * 1:32958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TinyZBot response connection attempt (malware-cnc.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:32960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32962 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32963 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32964 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows identity token authorization bypass attempt (os-windows.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32968 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:32969 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:32970 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:32973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Twerket variant outbound connection (malware-cnc.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules) * 1:32978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32979 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules) * 1:32980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules) * 1:32986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu dll embedded in png download attempt (malware-cnc.rules) * 1:32987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:32990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules) * 1:32991 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32992 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32993 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules) * 1:32994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules) * 1:32995 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit Adobe Flash download (exploit-kit.rules) * 1:32997 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules) * 1:32998 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules) * 1:32999 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:330 <-> DISABLED <-> PROTOCOL-FINGER redirection attempt (protocol-finger.rules) * 1:33000 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33001 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33002 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33015 <-> DISABLED <-> PROTOCOL-SCADA ABB MicroSCADA wserver.exe EXECUTE remote code execution attempt (protocol-scada.rules) * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules) * 1:33018 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX clsid access attempt (browser-ie.rules) * 1:33019 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX clsid access attempt (browser-ie.rules) * 1:33020 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX clsid access attempt (browser-ie.rules) * 1:33021 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX clsid access attempt (browser-ie.rules) * 1:33022 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid rdrf atom length buffer overflow attempt (file-other.rules) * 1:33023 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid rdrf atom length buffer overflow attempt (file-other.rules) * 1:33024 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules) * 1:33025 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:33043 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:33044 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33045 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX function call access attempt (browser-plugins.rules) * 1:33047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33049 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebdavRedirector privilege escalation attempt (os-windows.rules) * 1:33050 <-> DISABLED <-> PROTOCOL-TELNET Microsoft Telnet Server buffer overflow attempt (protocol-telnet.rules) * 1:33051 <-> DISABLED <-> BROWSER-PLUGINS CTSWebProxy ActiveX privilege escalation attempt (browser-plugins.rules) * 1:33052 <-> DISABLED <-> BROWSER-PLUGINS CTSWebProxy ActiveX privilege escalation attempt (browser-plugins.rules) * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules) * 1:33058 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant inbound connection (malware-cnc.rules) * 1:33059 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33060 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Medusa variant outbound connection (malware-cnc.rules) * 1:33061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lagulon.A outbound connection (malware-cnc.rules) * 1:33062 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33063 <-> DISABLED <-> FILE-OTHER BulletProof FTP Client BPS file buffer overflow attempt (file-other.rules) * 1:33070 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client ActiveX clsid access attempt (browser-plugins.rules) * 1:33071 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client ActiveX clsid access attempt (browser-plugins.rules) * 1:33072 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client ActiveX clsid access attempt (browser-plugins.rules) * 1:33073 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client ActiveX clsid access attempt (browser-plugins.rules) * 1:33074 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:33075 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:33076 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:33077 <-> ENABLED <-> FILE-FLASH Adobe Flash Player pre-compile regex length denial of service attempt (file-flash.rules) * 1:33078 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pre-compile regex length denial of service attempt (file-flash.rules) * 1:33079 <-> ENABLED <-> FILE-FLASH Adobe Flash Player pre-compile regex length denial of service attempt (file-flash.rules) * 1:33080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player pre-compile regex length denial of service attempt (file-flash.rules) * 1:33081 <-> DISABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules) * 1:33082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos initial outbound connection (malware-cnc.rules) * 1:33083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nocpos information disclosure attempt (malware-cnc.rules) * 1:33084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules) * 1:33085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:33086 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:33088 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33089 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33090 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33091 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FlashUtil memory corruption attempt (file-flash.rules) * 1:33092 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FlashUtil memory corruption attempt (file-flash.rules) * 1:33093 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:33094 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:33095 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33096 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33099 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:331 <-> DISABLED <-> PROTOCOL-FINGER cybercop query (protocol-finger.rules) * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:33105 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33106 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33107 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33108 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33109 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33110 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33111 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33112 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules) * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33149 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules) * 1:33153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:33155 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33156 <-> DISABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33157 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CClipStack array index exploitation attempt (browser-ie.rules) * 1:33158 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CClipStack array index exploitation attempt (browser-ie.rules) * 1:33159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM2 opcode type confusion denial of service attempt (file-flash.rules) * 1:33161 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Rombertik outbound connection (malware-cnc.rules) * 1:33162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33164 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RTMP out-of-bounds read attempt (file-flash.rules) * 1:33165 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules) * 1:33166 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails arbitrary Ruby object deserialization attempt (server-webapp.rules) * 1:33167 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails arbitrary Ruby object deserialization attempt (server-webapp.rules) * 1:33168 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails arbitrary Ruby object deserialization attempt (server-webapp.rules) * 1:33169 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails arbitrary Ruby object deserialization attempt (server-webapp.rules) * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33216 <-> DISABLED <-> INDICATOR-COMPROMISE DNS request for known malware domain tor2web.org (indicator-compromise.rules) * 1:33217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuovoscor variant outbound connection (malware-cnc.rules) * 1:33218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cendode system information disclosure attempt (malware-cnc.rules) * 1:33219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules) * 1:33220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:33221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye Keylogger exfiltration attempt - clipboard and screenshot (malware-cnc.rules) * 1:33224 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.Blocker variant outbound connection attempt (indicator-compromise.rules) * 1:33225 <-> ENABLED <-> SERVER-MAIL Exim gethostbyname heap buffer overflow attempt (server-mail.rules) * 1:33226 <-> ENABLED <-> SERVER-MAIL Exim gethostbyname heap buffer overflow attempt (server-mail.rules) * 1:33227 <-> DISABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules) * 1:33228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33232 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33233 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33235 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33236 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33237 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33238 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33239 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33240 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33242 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33244 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - PPKHandler - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33248 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33249 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33252 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33253 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33254 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33255 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33256 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33257 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33258 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33259 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules) * 1:33261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33269 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33271 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33272 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33273 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33274 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33275 <-> ENABLED <-> SERVER-WEBAPP WordPress pingback gethostbyname heap buffer overflow attempt (server-webapp.rules) * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:33279 <-> DISABLED <-> SERVER-WEBAPP McAfee ePolicy Orchestrator XML external entity injection attempt (server-webapp.rules) * 1:33280 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OnLineGames variant outbound connection (malware-cnc.rules) * 1:33285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bavload outbound download request attempt (malware-cnc.rules) * 1:33286 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash SWF exploit download (exploit-kit.rules) * 1:33287 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer same origin policy bypass attempt (browser-ie.rules) * 1:33288 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer same origin policy bypass attempt (browser-ie.rules) * 1:33289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rawpos incoming backdoor connection attempt (malware-cnc.rules) * 1:33290 <-> ENABLED <-> FILE-FLASH Adobe Flash Player stage object use-after-free attempt (file-flash.rules) * 1:33291 <-> ENABLED <-> FILE-FLASH Adobe Flash Player stage object use-after-free attempt (file-flash.rules) * 1:33292 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:33294 <-> DISABLED <-> SERVER-WEBAPP phpBB viewtopic double URL encoding attempt (server-webapp.rules) * 1:33295 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33296 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33297 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound object heap buffer overflow attempt (file-flash.rules) * 1:33299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Foxy variant outbound connection (malware-cnc.rules) * 1:333 <-> DISABLED <-> PROTOCOL-FINGER . query (protocol-finger.rules) * 1:33300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:33301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:33302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:33303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 regex sign-extension denial of service attempt (file-flash.rules) * 1:33304 <-> ENABLED <-> PUA-ADWARE Win.Adware.Gamevance variant outbound connection (pua-adware.rules) * 1:33305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules) * 1:33306 <-> ENABLED <-> MALWARE-OTHER connection to malware sinkhole (malware-other.rules) * 1:33307 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33308 <-> DISABLED <-> FILE-OTHER Microsoft Visio packed object parsing memory corruption attempt (file-other.rules) * 1:33309 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33310 <-> DISABLED <-> FILE-OTHER libxml2 entity reference name heap buffer overflow attempt (file-other.rules) * 1:33311 <-> ENABLED <-> PUA-ADWARE Win.Adware.OptimizerPro variant outbound connection (pua-adware.rules) * 1:33312 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer InsertElementInternal out of bounds indexed array remote code execution attempt (browser-ie.rules) * 1:33313 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer InsertElementInternal out of bounds indexed array remote code execution attempt (browser-ie.rules) * 1:33314 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedSvgTreeNode use-after-free attempt (browser-ie.rules) * 1:33315 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:33316 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:33317 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use after free attempt (browser-ie.rules) * 1:33318 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use after free attempt (browser-ie.rules) * 1:33319 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules) * 1:33320 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules) * 1:33321 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules) * 1:33322 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt (browser-ie.rules) * 1:33323 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer use exploit attempt (browser-ie.rules) * 1:33324 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFormElement use after free attempt (browser-ie.rules) * 1:33325 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFormElement use after free attempt (browser-ie.rules) * 1:33328 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33329 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33330 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Yinli outbound connection (malware-cnc.rules) * 1:33331 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditorProxy use after free attempt (browser-ie.rules) * 1:33332 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHTMLEditorProxy use after free attempt (browser-ie.rules) * 1:33333 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Hyphenator object use after free attempt (browser-ie.rules) * 1:33334 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Hyphenator object use after free attempt (browser-ie.rules) * 1:33335 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:33336 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:33337 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:33338 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:33339 <-> DISABLED <-> INDICATOR-SHELLCODE ASCII heapspray characters detected (indicator-shellcode.rules) * 1:33340 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CParaElement use after free attempt (browser-ie.rules) * 1:33341 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CParaElement use after free attempt (browser-ie.rules) * 1:33342 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33343 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33344 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 x64 linked cursor double free attempt (os-windows.rules) * 1:33345 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBatchParentUndoUnit object use after free attempt (browser-ie.rules) * 1:33346 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBatchParentUndoUnit object use after free attempt (browser-ie.rules) * 1:33347 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use-after-free attempt (browser-ie.rules) * 1:33348 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer dximagetransform.microsoft.shadow out of bounds array access attempt (browser-ie.rules) * 1:33349 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer dximagetransform.microsoft.shadow out of bounds array access attempt (browser-ie.rules) * 1:33350 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib use after free attempt (file-office.rules) * 1:33351 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib use after free attempt (file-office.rules) * 1:33352 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 error handler XSS exploit attempt (browser-ie.rules) * 1:33353 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray object used after free attempt (browser-ie.rules) * 1:33354 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray object used after free attempt (browser-ie.rules) * 1:33355 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use-after-free attempt (os-windows.rules) * 1:33356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object used after free attempt (browser-ie.rules) * 1:33357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object used after free attempt (browser-ie.rules) * 1:33358 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SLayoutRun use-after-free attempt (browser-ie.rules) * 1:33359 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer svg use after free attempt (browser-ie.rules) * 1:33360 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer svg use after free attempt (browser-ie.rules) * 1:33361 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CCharFormat use-after-free attempt (browser-ie.rules) * 1:33362 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote exploit attempt (file-office.rules) * 1:33363 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:33365 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMapElement use-after-free attempt (browser-ie.rules) * 1:33366 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMapElement use-after-free attempt (browser-ie.rules) * 1:33367 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33369 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33375 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33377 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33379 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33380 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33381 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33384 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33385 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33386 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33387 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33388 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33389 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33390 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33391 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33392 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33395 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33396 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33397 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:334 <-> DISABLED <-> PROTOCOL-FTP .forward (protocol-ftp.rules) * 1:33400 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33401 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33403 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33407 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33409 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33411 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33412 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style type confusion remote code execution attempt (browser-ie.rules) * 1:33413 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer unitialized memory access attempt (browser-ie.rules) * 1:33414 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer unitialized memory access attempt (browser-ie.rules) * 1:33415 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLineCore use after free attempt (browser-ie.rules) * 1:33416 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLineCore use after free attempt (browser-ie.rules) * 1:33417 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules) * 1:33418 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules) * 1:33419 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules) * 1:33420 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules) * 1:33421 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeDataPos use-after-free remote code execution attempt (browser-ie.rules) * 1:33422 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory leak exploit attempt (browser-ie.rules) * 1:33423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CHeaderElement object use after free attempt (browser-ie.rules) * 1:33424 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CHeaderElement object use after free attempt (browser-ie.rules) * 1:33425 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:33426 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:33427 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupTransNavContext object use after free attempt (browser-ie.rules) * 1:33428 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupTransNavContext object use after free attempt (browser-ie.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33430 <-> DISABLED <-> APP-DETECT I2P traffic transmission attempt (app-detect.rules) * 1:33431 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33436 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33437 <-> DISABLED <-> FILE-OTHER Microsoft Windows True Type Font integer overflow attempt (file-other.rules) * 1:33439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gefetroe variant outbound connection (malware-cnc.rules) * 1:33440 <-> DISABLED <-> SERVER-WEBAPP WordPress EasyCart PHP code execution attempt (server-webapp.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:33445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP channel driver denial of service attempt (protocol-voip.rules) * 1:33446 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:33447 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:33448 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:33449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt (malware-cnc.rules) * 1:33450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules) * 1:33451 <-> DISABLED <-> PROTOCOL-TELNET Microsoft Telnet Server buffer overflow attempt (protocol-telnet.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:33453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33454 <-> DISABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33455 <-> ENABLED <-> FILE-OTHER Adobe Reader CoolType.DLL out-of-bounds memory access attempt (file-other.rules) * 1:33456 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Dridex outbound connection (malware-cnc.rules) * 1:33457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:33458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:33459 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:33460 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:33461 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:33462 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:33463 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:33464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dynamer variant outbound connection (malware-cnc.rules) * 1:33465 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap overflow using special characters with regex options attempt (file-flash.rules) * 1:33466 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap overflow using special characters with regex options attempt (file-flash.rules) * 1:33467 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap overflow using special characters with regex options attempt (file-flash.rules) * 1:33468 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap overflow using special characters with regex options attempt (file-flash.rules) * 1:33469 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE regex compilation memory corruption attempt (file-flash.rules) * 1:33470 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE regex compilation memory corruption attempt (file-flash.rules) * 1:33471 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules) * 1:33472 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules) * 1:33473 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 malformed avc atom memory corruption attempt (file-multimedia.rules) * 1:33474 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 malformed avc atom memory corruption attempt (file-multimedia.rules) * 1:33475 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array use after free attempt (file-flash.rules) * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:33481 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33482 <-> DISABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33483 <-> DISABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules) * 1:33484 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33485 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33486 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33487 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:33491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33497 <-> DISABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33498 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:335 <-> DISABLED <-> PROTOCOL-FTP .rhosts (protocol-ftp.rules) * 1:33500 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33507 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33508 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33510 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33511 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33512 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33513 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - XAgent - Operation Pawn Storm (malware-cnc.rules) * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (server-webapp.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33519 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules) * 1:33520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33522 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules) * 1:33523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules) * 1:33536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules) * 1:33538 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules) * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules) * 1:33541 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules) * 1:33542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules) * 1:33543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:33548 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:33549 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33550 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33551 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addHeader null pointer dereference attempt (file-flash.rules) * 1:33553 <-> DISABLED <-> PUA-ADWARE Win.Adware.iBryte variant outbound connection (pua-adware.rules) * 1:33554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:33555 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF use-after-free attempt (file-flash.rules) * 1:33556 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XMLsocket connect arbitrary code execution attempt (file-flash.rules) * 1:33557 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XMLsocket connect arbitrary code execution attempt (file-flash.rules) * 1:33558 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XMLsocket connect arbitrary code execution attempt (file-flash.rules) * 1:33559 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XMLsocket connect arbitrary code execution attempt (file-flash.rules) * 1:33561 <-> DISABLED <-> SERVER-OTHER OpenSSL fragmented protocol downgrade attempt (server-other.rules) * 1:33562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document with embedded networking script (file-office.rules) * 1:33564 <-> DISABLED <-> SERVER-MAIL GNU Mailman date field buffer overflow attempt (server-mail.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:33566 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:33567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:33568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:33569 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:33570 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33573 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (server-webapp.rules) * 1:33574 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (server-webapp.rules) * 1:33575 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33576 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33577 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33578 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:33579 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access attempt (browser-plugins.rules) * 1:33580 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33581 <-> DISABLED <-> SERVER-WEBAPP nginx URI processing security bypass attempt (server-webapp.rules) * 1:33582 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules) * 1:33584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:33585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:33586 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:33588 <-> DISABLED <-> FILE-OTHER Oracle Java WebStart JNLP stack buffer overflow attempt (file-other.rules) * 1:33589 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33590 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33591 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules) * 1:33594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules) * 1:33597 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:33598 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:33599 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:336 <-> DISABLED <-> PROTOCOL-FTP CWD ~root attempt (protocol-ftp.rules) * 1:33600 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules) * 1:33601 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:33602 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules) * 1:33605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:33606 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:33607 <-> DISABLED <-> SERVER-WEBAPP cron access (server-webapp.rules) * 1:33608 <-> DISABLED <-> SERVER-WEBAPP bin access (server-webapp.rules) * 1:33609 <-> DISABLED <-> SERVER-WEBAPP .wwwpasswd access (server-webapp.rules) * 1:33610 <-> DISABLED <-> SERVER-WEBAPP .wwwgroup access (server-webapp.rules) * 1:33611 <-> DISABLED <-> SERVER-WEBAPP httpd.conf access (server-webapp.rules) * 1:33612 <-> DISABLED <-> SERVER-WEBAPP stronghold-status access (server-webapp.rules) * 1:33613 <-> DISABLED <-> SERVER-WEBAPP stronghold-info access (server-webapp.rules) * 1:33614 <-> DISABLED <-> SERVER-WEBAPP caucho-status access (server-webapp.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules) * 1:33620 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33621 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules) * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules) * 1:33632 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:33633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules) * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules) * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:33638 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Java applet denial of service attempt (browser-ie.rules) * 1:33639 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Java applet denial of service attempt (browser-ie.rules) * 1:33640 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file download request (file-identify.rules) * 1:33641 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33642 <-> ENABLED <-> FILE-IDENTIFY Apple Motion file attachment detected (file-identify.rules) * 1:33643 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33644 <-> DISABLED <-> FILE-OTHER Apple Motion OZDocumentparseElement Integer Overflow attempt (file-other.rules) * 1:33645 <-> DISABLED <-> PUA-ADWARE SuperFish adware outbound connection attempt (pua-adware.rules) * 1:33646 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33647 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33648 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:33649 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules) * 1:33650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules) * 1:33651 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:33652 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:33653 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:33654 <-> DISABLED <-> SERVER-OTHER OpenSSH maxstartup threshold potential connection exhaustion denial of service attempt (server-other.rules) * 1:33655 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules) * 1:33656 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carbanak data exfiltration attempt (malware-cnc.rules) * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:33661 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted embed use after free attempt (browser-chrome.rules) * 1:33662 <-> DISABLED <-> BROWSER-CHROME Google Chrome NotifyInstanceWasDeleted object use after free attempt (browser-chrome.rules) * 1:33663 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (exploit-kit.rules) * 1:33664 <-> DISABLED <-> BROWSER-OTHER Network Security Services NSS library RSA signature forgery attempt (browser-other.rules) * 1:33665 <-> ENABLED <-> SERVER-OTHER HP Client Automation command injection attempt (server-other.rules) * 1:33666 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file download request (file-identify.rules) * 1:33667 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33668 <-> ENABLED <-> FILE-IDENTIFY PIF Program Information File file attachment detected (file-identify.rules) * 1:33669 <-> DISABLED <-> FILE-OTHER Executable disguised as PIF file (file-other.rules) * 1:33670 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules) * 1:33671 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size2 dos attempt (server-other.rules) * 1:33672 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size3 dos attempt (server-other.rules) * 1:33674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:33676 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway restore.php command injection attempt (server-webapp.rules) * 1:33677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Babar outbound connection (malware-cnc.rules) * 1:33678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules) * 1:33679 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33680 <-> DISABLED <-> SERVER-OTHER Cisco CNS Network Registrar denial of service attempt (server-other.rules) * 1:33681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carbanak connection to server (malware-cnc.rules) * 1:33682 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33683 <-> DISABLED <-> SERVER-OTHER PHP unserialize use after free attempt (server-other.rules) * 1:33684 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:33685 <-> DISABLED <-> SERVER-OTHER PHPMoAdmin remote code execution attempt (server-other.rules) * 1:337 <-> DISABLED <-> PROTOCOL-FTP CEL overflow attempt (protocol-ftp.rules) * 1:33704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33705 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:33706 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:33707 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:33708 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:33709 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript array element use after free attempt (browser-ie.rules) * 1:33710 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript array element use after free attempt (browser-ie.rules) * 1:33711 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules) * 1:33712 <-> ENABLED <-> OS-WINDOWS Type one font out of bounds memory access attempt (os-windows.rules) * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:33715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word incorrect schema property remote code execution attempt (file-office.rules) * 1:33716 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word incorrect schema property remote code execution attempt (file-office.rules) * 1:33717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler access control bypass attempt (os-windows.rules) * 1:33718 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules) * 1:33719 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules) * 1:33720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 sandbox bypass attempt (browser-ie.rules) * 1:33721 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 sandbox bypass attempt (browser-ie.rules) * 1:33722 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules) * 1:33723 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules) * 1:33724 <-> ENABLED <-> FILE-OTHER Microsoft Windows Type 1 font blend operator negative operand code execution attempt (file-other.rules) * 1:33725 <-> ENABLED <-> FILE-OTHER Microsoft Windows Type 1 font blend operator negative operand code execution attempt (file-other.rules) * 1:33726 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:33727 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:33728 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33729 <-> DISABLED <-> OS-WINDOWS ATLMFD.DLL improperly terminated encrypted charstrings in type 1 font attempt (os-windows.rules) * 1:33730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules) * 1:33731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules) * 1:33732 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33733 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font atlmfd.dll uninitialized memory read attempt (file-other.rules) * 1:33734 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33735 <-> DISABLED <-> FILE-OFFICE Microsoft Office ADODB.RecordSet code execution attempt (file-office.rules) * 1:33736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules) * 1:33737 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules) * 1:33738 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CInputContext object use after free attempt (browser-ie.rules) * 1:33739 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CInputContext object use after free attempt (browser-ie.rules) * 1:33740 <-> DISABLED <-> FILE-IMAGE Microsoft emf file download request (file-image.rules) * 1:33741 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules) * 1:33742 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules) * 1:33743 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table cell out-of-bounds access attempt (browser-ie.rules) * 1:33744 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table cell out-of-bounds access attempt (browser-ie.rules) * 1:33745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33747 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33750 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules) * 1:33756 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33757 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33758 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33759 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.CTB-Locker download attempt (malware-other.rules) * 1:33760 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33761 <-> DISABLED <-> FILE-IMAGE Microsoft Internet Explorer PNG tRNS chuck size 1 information disclosure attempt (file-image.rules) * 1:33762 <-> DISABLED <-> SERVER-WEBAPP Microsoft Outlook WebAccess msgParam cross site scripting attempt (server-webapp.rules) * 1:33763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CInputContext object use after free attempt (browser-ie.rules) * 1:33764 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CInputContext object use after free attempt (browser-ie.rules) * 1:33765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetClipboardAccessToken privilege escalation attempt (os-windows.rules) * 1:33767 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33768 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserFnINOUTNCCALCSIZE kernel memory leak attempt (os-windows.rules) * 1:33769 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserfnINSTRINGNULL memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33771 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33772 <-> DISABLED <-> FILE-OTHER Microsoft Windows jxr information disclosure attempt (file-other.rules) * 1:33773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CmpGetVirtualizationID race condition user impersonation attempt (os-windows.rules) * 1:33775 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules) * 1:33776 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules) * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade cipher suite attempt (server-other.rules) * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules) * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules) * 1:33807 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange OWA X-OWA-CANARY command injection attempt (server-mail.rules) * 1:33808 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint Server Newsfeed XSS attempt (server-other.rules) * 1:33809 <-> DISABLED <-> SERVER-OTHER Microsoft Sharepoint user display name XSS attempt (server-other.rules) * 1:33810 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server custom DLP policy name cross-site scripting attempt (server-other.rules) * 1:33811 <-> DISABLED <-> SERVER-MAIL Microsoft Exchange UM Management user stored XSS attempt (server-mail.rules) * 1:33812 <-> DISABLED <-> SERVER-WEBAPP Seagate NAS remote code execution attempt (server-webapp.rules) * 1:33813 <-> DISABLED <-> SERVER-WEBAPP Eclipse Foundation Jetty HttpParser information disclosure attempt (server-webapp.rules) * 1:33814 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33815 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33816 <-> DISABLED <-> PUA-ADWARE Adware Goobzo/CrossRider variant outbound connection (pua-adware.rules) * 1:33817 <-> DISABLED <-> SERVER-OTHER Lighttpd Host header directory traversal attempt (server-other.rules) * 1:33818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33821 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Egamipload variant outbound connection (malware-cnc.rules) * 1:33823 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Speccom variant outbound connection (malware-backdoor.rules) * 1:33824 <-> DISABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules) * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules) * 1:33827 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33828 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33829 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:33831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules) * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules) * 1:33833 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33834 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33835 <-> DISABLED <-> PUA-ADWARE User-Agent adware OutBrowse/Amonitize (pua-adware.rules) * 1:33851 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poseidon outbound connection (malware-cnc.rules) * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.ccp command injection attempt (server-webapp.rules) * 1:33854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogPOS variant outbound connection (malware-cnc.rules) * 1:33855 <-> DISABLED <-> SERVER-WEBAPP Wordpress Ultimate CSV Importer auth bypass export attempt (server-webapp.rules) * 1:33856 <-> DISABLED <-> SERVER-WEBAPP Wordpress Holding Pattern theme file upload attempt (server-webapp.rules) * 1:33857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PwnPOS data exfiltration attempt (malware-cnc.rules) * 1:33858 <-> DISABLED <-> SERVER-OTHER rsyslog remote PRI out of bounds attempt (server-other.rules) * 1:33859 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33860 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules) * 1:33872 <-> DISABLED <-> MALWARE-CNC Win.Worm.Urahu outbound connection (malware-cnc.rules) * 1:33873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tepoyx outbound connection detection (malware-cnc.rules) * 1:33874 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Latekonsul Runtime Detection (malware-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meowner runtime detection (malware-cnc.rules) * 1:33880 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules) * 1:33883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadtre variant outbound connection (malware-cnc.rules) * 1:33884 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules) * 1:33885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:33886 <-> DISABLED <-> MALWARE-CNC WIn.Trojan.HawkEye keylogger variant outbound connection (malware-cnc.rules) * 1:33887 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules) * 1:33888 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler xen_hotfix object parameter command injection attempt (server-webapp.rules) * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules) * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules) * 1:33891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Amasages variant outbound connection (malware-cnc.rules) * 1:33892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xerq outbound connection (malware-cnc.rules) * 1:33893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:33894 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (server-webapp.rules) * 1:33895 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (server-webapp.rules) * 1:33896 <-> DISABLED <-> SERVER-WEBAPP OpenNMS XML external entity injection attempt (server-webapp.rules) * 1:33897 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript iframe injection attempt (browser-ie.rules) * 1:33898 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript iframe injection attempt (browser-ie.rules) * 1:33899 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript memory corruption attempt (file-flash.rules) * 1:33900 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript memory corruption attempt (file-flash.rules) * 1:33901 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript memory corruption attempt (file-flash.rules) * 1:33902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript memory corruption attempt (file-flash.rules) * 1:33903 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules) * 1:33904 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules) * 1:33905 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:33906 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:33907 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33910 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33911 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit rowspan denial of service attempt (browser-webkit.rules) * 1:33912 <-> DISABLED <-> MALWARE-CNC Cryptofortress Decryption Software Purchase Tor Website (malware-cnc.rules) * 1:33913 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Concbak outbound connection (malware-cnc.rules) * 1:33914 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules) * 1:33915 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:33916 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:33917 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:33918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource caption unlink use-after-free attempt (file-flash.rules) * 1:33919 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource caption unlink use-after-free attempt (file-flash.rules) * 1:33920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource caption unlink use-after-free attempt (file-flash.rules) * 1:33921 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource caption unlink use-after-free attempt (file-flash.rules) * 1:33922 <-> DISABLED <-> SERVER-WEBAPP WordPress arbitrary web script injection attempt (server-webapp.rules) * 1:33923 <-> ENABLED <-> FILE-FLASH Adobe Flash Player paletteMap integer overflow attempt (file-flash.rules) * 1:33924 <-> ENABLED <-> FILE-FLASH Adobe Flash Player paletteMap integer overflow attempt (file-flash.rules) * 1:33925 <-> DISABLED <-> FILE-FLASH Adobe Flash Player paletteMap integer overflow attempt (file-flash.rules) * 1:33926 <-> DISABLED <-> FILE-FLASH Adobe Flash Player paletteMap integer overflow attempt (file-flash.rules) * 1:33930 <-> DISABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33931 <-> DISABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules) * 1:33932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33933 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules) * 1:33934 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin directory traversal attempt (server-webapp.rules) * 1:33935 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin privilege escalation attempt (server-webapp.rules) * 1:33936 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33937 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33938 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS send_test_email command injection attempt (server-webapp.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33966 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules) * 1:33967 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33968 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33969 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:3397 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP ISystemActivator RemoteCreateInstance attempt (os-windows.rules) * 1:33970 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33971 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33975 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF object type mismatch attempt (file-flash.rules) * 1:33976 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF object type mismatch attempt (file-flash.rules) * 1:33977 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt (file-flash.rules) * 1:33978 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt (file-flash.rules) * 1:33979 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:3398 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP ISystemActivator RemoteCreateInstance attempt (os-windows.rules) * 1:33980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33981 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules) * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:33983 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules) * 1:33984 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-345 Network Storage System system_mgr.cgi command injection attempt (server-webapp.rules) * 1:33985 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:33989 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33992 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33993 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33994 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:33996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules) * 1:33998 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules) * 1:33999 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules) * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules) * 1:34001 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules) * 1:34004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34008 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34009 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules) * 1:34013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules) * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules) * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules) * 1:34020 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules) * 1:34021 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules) * 1:34027 <-> DISABLED <-> SERVER-OTHER PHP 4 unserialize ZVAL Reference Counter Overflow attempt (server-other.rules) * 1:34028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bruecimig variant outbound connection (malware-cnc.rules) * 1:34029 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:34030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules) * 1:34039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banklaed variant outbound connection (malware-cnc.rules) * 1:34041 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant initial outbound connection (malware-cnc.rules) * 1:34042 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Igliveforg variant outbound connection (malware-cnc.rules) * 1:34044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Exacrytion variant outbound connection (malware-cnc.rules) * 1:34045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules) * 1:34046 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expilan variant outbound connection (malware-cnc.rules) * 1:34047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBPasswordStealer variant outbound connection (malware-cnc.rules) * 1:34048 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:34049 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules) * 1:34050 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules) * 1:34052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NewPos outbound connection (malware-cnc.rules) * 1:34053 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34054 <-> DISABLED <-> SERVER-OTHER PHP unserialize and __wakeup use after free attempt (server-other.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34058 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:34059 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBodyElement use after free attempt (browser-ie.rules) * 1:34060 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CBodyElement use after free attempt (browser-ie.rules) * 1:34061 <-> DISABLED <-> SERVER-IIS Microsoft IIS Range header integer overflow attempt (server-iis.rules) * 1:34062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document memory corruption attempt (file-office.rules) * 1:34063 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document memory corruption attempt (file-office.rules) * 1:34064 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt (browser-ie.rules) * 1:34065 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CMapStringToPtr use after free attempt (browser-ie.rules) * 1:34066 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:34067 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:34068 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 invalid array element read attempt (browser-ie.rules) * 1:34069 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 invalid array element read attempt (browser-ie.rules) * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules) * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules) * 1:34074 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:34075 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:34076 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer append and swap use after free attempt (browser-ie.rules) * 1:34077 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer append and swap use after free attempt (browser-ie.rules) * 1:34078 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34079 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34080 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34081 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows DosDevices mapping privilege escalation attempt (file-executable.rules) * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules) * 1:34084 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules) * 1:34085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules) * 1:34086 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF double-free remote code execution attempt (file-office.rules) * 1:34087 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF double-free remote code execution attempt (file-office.rules) * 1:34088 <-> DISABLED <-> SERVER-IIS Web.config information disclosure attempt (server-iis.rules) * 1:34089 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer incorrect array element read information disclosure attempt (browser-ie.rules) * 1:3409 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP IActivation remoteactivation overflow attempt (os-windows.rules) * 1:34090 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer incorrect array element read information disclosure attempt (browser-ie.rules) * 1:34091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34092 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender misconfiguration MpCmdRun.exe system execution attempt (os-windows.rules) * 1:34093 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF out-of-bounds array access remote code execution attempt (file-office.rules) * 1:34094 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF out-of-bounds array access remote code execution attempt (file-office.rules) * 1:34095 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtCreateTransactionManager type confusion attempt (os-windows.rules) * 1:34097 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34098 <-> DISABLED <-> FILE-OTHER Multiple products external entity injection attempt (file-other.rules) * 1:34099 <-> DISABLED <-> SERVER-OTHER Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt (server-other.rules) * 1:34104 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:34105 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:34106 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:34108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules) * 1:34109 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules) * 1:34110 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules) * 1:34111 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules) * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules) * 1:34113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules) * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules) * 1:34115 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34116 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules) * 1:34117 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules) * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules) * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules) * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules) * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules) * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules) * 1:34123 <-> DISABLED <-> SERVER-WEBAPP PHP php_date.c DateTimeZone data user after free attempt (server-webapp.rules) * 1:34124 <-> DISABLED <-> SERVER-WEBAPP PHP php_date.c DateTimeZone data user after free attempt (server-webapp.rules) * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules) * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules) * 1:34128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules) * 1:34130 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:34132 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules) * 1:34133 <-> ENABLED <-> FILE-IMAGE Adobe Flash Player element array stack overflow attempt (file-image.rules) * 1:34134 <-> ENABLED <-> FILE-IMAGE Adobe Flash Player element array stack overflow attempt (file-image.rules) * 1:34135 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:34136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules) * 1:34137 <-> DISABLED <-> PUA-ADWARE SearchProtect user-agent detection (pua-adware.rules) * 1:34138 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Netkrypt inbound response (malware-cnc.rules) * 1:34139 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks configuration management file upload directory traversal attempt (server-other.rules) * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules) * 1:34141 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34142 <-> DISABLED <-> SERVER-OTHER Oracle CorelDRAW file parser heap buffer overflow attempt (server-other.rules) * 1:34143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypvault outbound connection (malware-cnc.rules) * 1:34144 <-> DISABLED <-> PUA-ADWARE SuperOptimizer installation status (pua-adware.rules) * 1:34145 <-> DISABLED <-> PUA-ADWARE SuperOptimizer encrypted data transmission (pua-adware.rules) * 1:34146 <-> DISABLED <-> PUA-ADWARE SuperOptimizer geolocation request (pua-adware.rules) * 1:34147 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34148 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter heap information disclosure attempt (file-flash.rules) * 1:34151 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound class type confusion attempt (file-flash.rules) * 1:34152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sound class type confusion attempt (file-flash.rules) * 1:34153 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sound class type confusion attempt (file-flash.rules) * 1:34154 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sound class type confusion attempt (file-flash.rules) * 1:34155 <-> DISABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules) * 1:34156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34158 <-> DISABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:34161 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey outbound connection (malware-cnc.rules) * 1:34162 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RegExp zero length assertion heap overflow attempt (file-flash.rules) * 1:34163 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RegExp zero length assertion heap overflow attempt (file-flash.rules) * 1:34164 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp zero length assertion heap overflow attempt (file-flash.rules) * 1:34165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player RegExp zero length assertion heap overflow attempt (file-flash.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34170 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34171 <-> DISABLED <-> BROWSER-OTHER Opera SVG use after free memory corruption attempt (browser-other.rules) * 1:34172 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filter use-after-free attempt (file-flash.rules) * 1:34173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filter use-after-free attempt (file-flash.rules) * 1:34174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filter use-after-free attempt (file-flash.rules) * 1:34175 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filter use-after-free attempt (file-flash.rules) * 1:34176 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34177 <-> DISABLED <-> FILE-FLASH Adobe Flash Player domain security bypass attempt (file-flash.rules) * 1:34178 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34179 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34184 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense services_unbound_acls cross site scripting attempt (server-webapp.rules) * 1:34185 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense status_captiveportal cross site scripting attempt (server-webapp.rules) * 1:34186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules) * 1:34187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules) * 1:34188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules) * 1:34189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules) * 1:34190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:34194 <-> ENABLED <-> SERVER-WEBAPP RevSlider information disclosure attempt (server-webapp.rules) * 1:34195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:34213 <-> DISABLED <-> SERVER-WEBAPP WordPress overly large password class-phpass.php denial of service attempt (server-webapp.rules) * 1:34214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules) * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules) * 1:34216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:34217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules) * 1:34219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules) * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:34223 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules) * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules) * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules) * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules) * 1:34228 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules) * 1:34229 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules) * 1:34230 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules) * 1:34231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules) * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules) * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules) * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34242 <-> DISABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules) * 1:34247 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules) * 1:34248 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules) * 1:34249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules) * 1:34250 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules) * 1:34251 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34252 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules) * 1:34255 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules) * 1:34256 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules) * 1:34257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules) * 1:34258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules) * 1:34259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules) * 1:34260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules) * 1:34261 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34262 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34263 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules) * 1:34264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules) * 1:34265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules) * 1:34266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules) * 1:34267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules) * 1:34268 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules) * 1:34269 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules) * 1:34270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules) * 1:34271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules) * 1:34272 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules) * 1:34273 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules) * 1:34274 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules) * 1:34275 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules) * 1:34276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules) * 1:34277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules) * 1:34278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules) * 1:34279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules) * 1:34280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34282 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34283 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection (malware-cnc.rules) * 1:34284 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_rules cross site scripting attempt (server-webapp.rules) * 1:34285 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_shaper cross site scripting attempt (server-webapp.rules) * 1:34286 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules) * 1:34287 <-> DISABLED <-> SERVER-WEBAPP vBulletin XSS redirect attempt (server-webapp.rules) * 1:34288 <-> DISABLED <-> SERVER-OTHER Windows iSCSI target login request Denial of Service attempt (server-other.rules) * 1:34289 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34290 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Plez outbound connection (malware-cnc.rules) * 1:34291 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string crackim (malware-cnc.rules) * 1:34292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraken outbound connection (malware-cnc.rules) * 1:34293 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:34294 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:34295 <-> DISABLED <-> SQL Lblog possible sql injection attempt - GET parameter (sql.rules) * 1:34296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules) * 1:34298 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Trouble Shooter ActiveX object access (browser-plugins.rules) * 1:34299 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpagehide use after free attempt (browser-ie.rules) * 1:34300 <-> ENABLED <-> SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (server-webapp.rules) * 1:34301 <-> DISABLED <-> SERVER-OTHER GNU Mailman listname directory traversal attempt (server-other.rules) * 1:34302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player shared byte array memory corruption attempt (file-flash.rules) * 1:34303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player shared byte array memory corruption attempt (file-flash.rules) * 1:34304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player shared byte array memory corruption attempt (file-flash.rules) * 1:34305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player shared byte array memory corruption attempt (file-flash.rules) * 1:34306 <-> DISABLED <-> SERVER-WEBAPP Subversion HTTP excessive REPORT requests denial of service attempt (server-webapp.rules) * 1:34307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34320 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer BSTR use after free attempt (browser-ie.rules) * 1:34321 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer BSTR use after free attempt (browser-ie.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules) * 1:34329 <-> DISABLED <-> MALWARE-CNC Cryptolocker variant inbound connection (malware-cnc.rules) * 1:34330 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Flash exploit download (exploit-kit.rules) * 1:34331 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Microsoft SilverLight exploit download (exploit-kit.rules) * 1:34332 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Oracle Java exploit download (exploit-kit.rules) * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34348 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34349 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34350 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34352 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34353 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34354 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:34355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:34356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:34357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:34358 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL SonicOS macIpSpoofView cross site scripting attempt (server-webapp.rules) * 1:34359 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:34360 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:34361 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34363 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management GetStoredResult.class SQL injection attempt (server-webapp.rules) * 1:34364 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34365 <-> DISABLED <-> SERVER-WEBAPP Magento remote code execution attempt (server-webapp.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34371 <-> ENABLED <-> FILE-OTHER Microsoft Journal memory corruption attempt (file-other.rules) * 1:34372 <-> ENABLED <-> FILE-OTHER Microsoft Journal memory corruption attempt (file-other.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34377 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34378 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt (os-windows.rules) * 1:34379 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode sandbox privilege escalation attempt (browser-ie.rules) * 1:34380 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode sandbox privilege escalation attempt (browser-ie.rules) * 1:34381 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer range use after free attempt (browser-ie.rules) * 1:34382 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer range use after free attempt (browser-ie.rules) * 1:34383 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:34384 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:34385 <-> ENABLED <-> FILE-OTHER Microsoft Journal memory corruption attempt (file-other.rules) * 1:34386 <-> ENABLED <-> FILE-OTHER Microsoft Journal memory corruption attempt (file-other.rules) * 1:34387 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds write attempt (file-other.rules) * 1:34388 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds write attempt (file-other.rules) * 1:34389 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules) * 1:34390 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules) * 1:34391 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextData out of bounds read attempt (browser-ie.rules) * 1:34392 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextData out of bounds read attempt (browser-ie.rules) * 1:34393 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript regular expression information disclosure attempt (browser-ie.rules) * 1:34394 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript regular expression information disclosure attempt (browser-ie.rules) * 1:34395 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34396 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34397 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34398 <-> ENABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34399 <-> ENABLED <-> FILE-OTHER Microsoft Journal file exploitation attempt (file-other.rules) * 1:34400 <-> ENABLED <-> FILE-OTHER Microsoft Journal file exploitation attempt (file-other.rules) * 1:34401 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Calendar object heap corruption attempt (os-windows.rules) * 1:34402 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Calendar object heap corruption attempt (os-windows.rules) * 1:34403 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules) * 1:34404 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules) * 1:34405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:34406 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:34407 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode sandbox bypass attempt (browser-ie.rules) * 1:34408 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode sandbox bypass attempt (browser-ie.rules) * 1:34409 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMNodeInserted use-after-free attempt (browser-ie.rules) * 1:3441 <-> DISABLED <-> PROTOCOL-FTP PORT bounce attempt (protocol-ftp.rules) * 1:34410 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMNodeInserted use-after-free attempt (browser-ie.rules) * 1:34411 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSecurityContext type confusion use after free attempt (browser-ie.rules) * 1:34412 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSecurityContext type confusion use after free attempt (browser-ie.rules) * 1:34413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt (os-windows.rules) * 1:34415 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer dd element use after free attempt (browser-ie.rules) * 1:34416 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer 8 compatibility mode enable attempt (indicator-compromise.rules) * 1:34417 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer dd element use after free attempt (browser-ie.rules) * 1:34418 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:34419 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:3442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP print service overflow attempt (os-windows.rules) * 1:34420 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispScroller object use-after-free attempt (browser-ie.rules) * 1:34421 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispScroller object use-after-free attempt (browser-ie.rules) * 1:34422 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use-after-free attempt (browser-ie.rules) * 1:34423 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use-after-free attempt (browser-ie.rules) * 1:34424 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer compatibility mode use after free attempt (browser-ie.rules) * 1:34425 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer compatibility mode use after free attempt (browser-ie.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34428 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules) * 1:34429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules) * 1:34430 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use after free attempt (browser-ie.rules) * 1:34431 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use after free attempt (browser-ie.rules) * 1:34432 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock use after free attempt (browser-ie.rules) * 1:34433 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock use after free attempt (browser-ie.rules) * 1:34434 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34435 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET XML recursive call denial of service attempt (os-windows.rules) * 1:34436 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement use after free attempt (browser-ie.rules) * 1:34437 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement use after free attempt (browser-ie.rules) * 1:34438 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34439 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .msc file stack overflow attempt (os-windows.rules) * 1:34440 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k TrueType Font parsing out of bounds attempt (os-windows.rules) * 1:34441 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k TrueType Font parsing out of bounds attempt (os-windows.rules) * 1:34442 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34443 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt (os-windows.rules) * 1:34444 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules) * 1:34445 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34448 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPMonitor ActiveX clsid access attempt (browser-plugins.rules) * 1:34449 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPMonitor ActiveX clsid access attempt (browser-plugins.rules) * 1:34450 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPMonitor ActiveX clsid access attempt (browser-plugins.rules) * 1:34451 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPMonitor ActiveX clsid access attempt (browser-plugins.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34454 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPPlaybackCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:34455 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPPlaybackCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:34456 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPPlaybackCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:34457 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPPlaybackCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34463 <-> DISABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules) * 1:34464 <-> DISABLED <-> SERVER-OTHER AsusWRT infosvr remote command execution attempt (server-other.rules) * 1:34465 <-> DISABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - APT28 Lisuife (indicator-compromise.rules) * 1:34466 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules) * 1:34467 <-> ENABLED <-> FILE-EXECUTABLE Adobe Reader AcroBroker registry value out of bounds attempt (file-executable.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (server-webapp.rules) * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (server-webapp.rules) * 1:34473 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules) * 1:34474 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader WillSave action use after free attempt (file-pdf.rules) * 1:34475 <-> DISABLED <-> SERVER-WEBAPP Wordpress username enumeration attempt (server-webapp.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules) * 1:34478 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object type confusion attempt (file-flash.rules) * 1:34479 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34480 <-> DISABLED <-> FILE-EXECUTABLE Adobe Flash Player Internet Explorer broker process directory traversal attempt (file-executable.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34496 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query attempt (app-detect.rules) * 1:34497 <-> DISABLED <-> APP-DETECT Your-Freedom DNS tunneling query response attempt (app-detect.rules) * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules) * 1:34500 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Wekby Torn variant outbound connection (malware-backdoor.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:34502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules) * 1:34503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript AVSS memory corruption attempt (file-flash.rules) * 1:34504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules) * 1:34505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTags memory corruption attempt (file-flash.rules) * 1:34506 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules) * 1:34507 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setCuePointTags memory corruption attempt (file-flash.rules) * 1:34508 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules) * 1:34509 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setSubscribedTagsForBackgroundManifest memory corruption attempt (file-flash.rules) * 1:34510 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules) * 1:34511 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules) * 1:34512 <-> DISABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules) * 1:34513 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 avcC atom memory corruption attempt (file-other.rules) * 1:34514 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules) * 1:34515 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules) * 1:34516 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules) * 1:34517 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader addAnnot invalid type conversion attempt (file-pdf.rules) * 1:34518 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules) * 1:34519 <-> ENABLED <-> FILE-OTHER Adobe Flash Player invalid mpd memory corruption attempt (file-other.rules) * 1:34520 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules) * 1:34521 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules) * 1:34522 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules) * 1:34523 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Button.filters type confusion remote code execution attempt (file-flash.rules) * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules) * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules) * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules) * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules) * 1:34528 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:34529 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader AVDoc use-after-free attempt (file-pdf.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:34530 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34531 <-> DISABLED <-> FILE-OTHER Microsoft CAB incorrect version multiple antivirus evasion attempt (file-other.rules) * 1:34532 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34533 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader customDictionaryExport information disclosure attempt (file-pdf.rules) * 1:34534 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34535 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PRC invalid index attempt (file-pdf.rules) * 1:34536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules) * 1:34543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules) * 1:34544 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules) * 1:34545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player GIF sprite kernel memory leak attempt (file-flash.rules) * 1:34546 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34547 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PCR null pointer dereference attempt (file-pdf.rules) * 1:34548 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules) * 1:34549 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader 11.0.09 keystroke combobox use after free attempt (file-pdf.rules) * 1:3455 <-> DISABLED <-> SERVER-OTHER Bontago Game Server Nickname buffer overflow (server-other.rules) * 1:34550 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34551 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript API trustPropagatorFunction execution bypass attempt (file-pdf.rules) * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:34553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:34554 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:34555 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:34556 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:34557 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:34558 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JavaScript remote code execution attempt (file-pdf.rules) * 1:34559 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules) * 1:3456 <-> DISABLED <-> SERVER-MYSQL 4.0 root login attempt (server-mysql.rules) * 1:34560 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader openDoc dangling pointer attempt (file-pdf.rules) * 1:34561 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules) * 1:34562 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules) * 1:34563 <-> DISABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules) * 1:34564 <-> ENABLED <-> FILE-FLASH Adobe Flash Player asynchronous shader changes memory corruption attempt (file-flash.rules) * 1:34565 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics engine EMF rendering vulnerability (os-windows.rules) * 1:34566 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34568 <-> DISABLED <-> SERVER-WEBAPP Wordpress Gravity Forms gf_page arbitrary file upload attempt (server-webapp.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (server-webapp.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34576 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid BitmapData use after free attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34587 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BrokerMoveFileEx sandbox escape attempt (file-flash.rules) * 1:34589 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:3459 <-> DISABLED <-> PUA-P2P Manolito Search Query (pua-p2p.rules) * 1:34590 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34591 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34592 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34593 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34594 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader stateModel use-after-free attempt (file-pdf.rules) * 1:34595 <-> DISABLED <-> SERVER-OTHER OpenSSL handshake with potentially unseeded PRNG information disclosure attempt (server-other.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:3460 <-> DISABLED <-> PROTOCOL-FTP REST with numeric argument (protocol-ftp.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:34602 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34603 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34604 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34605 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34606 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:3461 <-> DISABLED <-> SERVER-MAIL Content-Type overflow attempt (server-mail.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:34612 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules) * 1:34613 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:34615 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules) * 1:34616 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules) * 1:34617 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules) * 1:34618 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station exif description command injection attempt (server-webapp.rules) * 1:34619 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:3462 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Content-Encoding overflow attempt (browser-ie.rules) * 1:34620 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34621 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34625 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules) * 1:34626 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules) * 1:34627 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules) * 1:34628 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules) * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:3463 <-> DISABLED <-> SERVER-WEBAPP awstats access (server-webapp.rules) * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules) * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules) * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules) * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34638 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access attempt (browser-plugins.rules) * 1:34639 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules) * 1:3464 <-> DISABLED <-> SERVER-WEBAPP awstats.pl command execution attempt (server-webapp.rules) * 1:34640 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules) * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAfee Virtual Technician ActiveX clsid access attempt (browser-plugins.rules) * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAfee Virtual Technician ActiveX clsid access attempt (browser-plugins.rules) * 1:34643 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX clsid access (browser-plugins.rules) * 1:34644 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX function call (browser-plugins.rules) * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules) * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules) * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules) * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules) * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules) * 1:3465 <-> DISABLED <-> SERVER-WEBAPP RiSearch show.pl proxy attempt (server-webapp.rules) * 1:34650 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules) * 1:34651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules) * 1:34652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules) * 1:34653 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules) * 1:3467 <-> DISABLED <-> SERVER-WEBAPP CISCO VoIP Portinformation access (server-webapp.rules) * 1:3468 <-> DISABLED <-> SERVER-WEBAPP math_sum.mscgi access (server-webapp.rules) * 1:3469 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Gold dos attempt (server-webapp.rules) * 1:3470 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer VIDORV30 header length buffer overflow (file-multimedia.rules) * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules) * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules) * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:3472 <-> DISABLED <-> SERVER-OTHER ARCserve discovery service overflow (server-other.rules) * 1:34720 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit exploit download (exploit-kit.rules) * 1:34721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules) * 1:34722 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer callback function use-after-free attempt (browser-ie.rules) * 1:34723 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules) * 1:34724 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array access attempt (browser-ie.rules) * 1:34725 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules) * 1:34726 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode undefined beforeElement use-after-free attempt (browser-ie.rules) * 1:34727 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:34728 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:34729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules) * 1:3473 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL file overflow attempt (file-multimedia.rules) * 1:34730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer stack exhaustion handler remote code execution attempt (browser-ie.rules) * 1:34731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules) * 1:34732 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player DataObject buffer overflow attempt (os-windows.rules) * 1:34733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules) * 1:34734 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrValue uninitialized object access attempt (browser-ie.rules) * 1:34735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules) * 1:34736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COptionElement object use after free attempt (browser-ie.rules) * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules) * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules) * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules) * 1:3474 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client name overflow (server-other.rules) * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules) * 1:34743 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules) * 1:34744 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules) * 1:34745 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules) * 1:34746 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextNode object use after free attempt (browser-ie.rules) * 1:34747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules) * 1:34748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CoInternetParseUrl use-after-free attempt (browser-ie.rules) * 1:34749 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules) * 1:3475 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP slot info msg client domain overflow (server-other.rules) * 1:34750 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBlock object use after free attempt (browser-ie.rules) * 1:34751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules) * 1:34752 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll privilege escalation attempt (browser-ie.rules) * 1:34753 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules) * 1:34754 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLegendElement object use after free attempt (browser-ie.rules) * 1:34755 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules) * 1:34756 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized VARIANT object remote code execution attempt (browser-ie.rules) * 1:34757 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules) * 1:34758 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDXTFilterNode object remote code execution attempt (browser-ie.rules) * 1:34759 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules) * 1:3476 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client domain overflow (server-other.rules) * 1:34760 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTableSection object use-after-free attempt (browser-ie.rules) * 1:34761 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34762 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference privilege escalation attempt (os-windows.rules) * 1:34763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:34764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:34765 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules) * 1:34766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleAttrArray use after free attempt (browser-ie.rules) * 1:34767 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules) * 1:34768 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea parent use-after-free attempt (browser-ie.rules) * 1:34769 <-> DISABLED <-> SERVER-IIS Microsoft Active Directory Federation Services wct parameter cross site scripting attempt (server-iis.rules) * 1:3477 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9b client name overflow (server-other.rules) * 1:34770 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34771 <-> DISABLED <-> OS-WINDOWS Microsoft Windows bitmap menu item use after free attempt (os-windows.rules) * 1:34772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules) * 1:34773 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MOTW.dll sandbox escape attempt (browser-ie.rules) * 1:34774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34775 <-> DISABLED <-> OS-WINDOWS Microsoft Windows multiple linked fonts memory corruption attempt (os-windows.rules) * 1:34776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserMessageCall information disclosure attempt (os-windows.rules) * 1:34778 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules) * 1:34779 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer LayoutLineBoxFullShort use after free attempt (browser-ie.rules) * 1:3478 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client domain overflow (server-other.rules) * 1:34780 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34781 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context visible region memory corruption attempt (file-other.rules) * 1:34782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows BrushAttributes use-after-free attempt (os-windows.rules) * 1:34784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34785 <-> DISABLED <-> OS-WINDOWS Microsoft Windows window placement invalid memory write attempt (os-windows.rules) * 1:34786 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34787 <-> DISABLED <-> FILE-OTHER Microsoft Windows device context memory corruption attempt (file-other.rules) * 1:34788 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:34789 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 8 CreateWindowEx privilege escalation attempt (os-windows.rules) * 1:3479 <-> DISABLED <-> SERVER-OTHER ARCserve backup TCP product info msg 0x9c client name overflow (server-other.rules) * 1:34790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules) * 1:34791 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds memory access attempt (browser-ie.rules) * 1:34792 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34793 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WM_SYSTIMER null pWnd attempt (os-windows.rules) * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34795 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules) * 1:34799 <-> ENABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules) * 1:3480 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client name overflow (server-other.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34805 <-> DISABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34809 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:3481 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP slot info msg client domain overflow (server-other.rules) * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34814 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:3482 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client name overflow (server-other.rules) * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34824 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34825 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:3483 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9b client domain overflow (server-other.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:3484 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client name overflow (server-other.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:3485 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP product info msg 0x9c client domain overflow (server-other.rules) * 1:34850 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34851 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34855 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:34858 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:3486 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SSLv3 invalid data version attempt (os-windows.rules) * 1:34860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34873 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules) * 1:34874 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules) * 1:34875 <-> DISABLED <-> SERVER-WEBAPP ManageEngine EventLog Analyzer cross site request forgery attempt (server-webapp.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34878 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34879 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34880 <-> DISABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt (server-webapp.rules) * 1:34881 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34882 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34883 <-> ENABLED <-> SERVER-WEBAPP Arcserve Unified Data Protection reportFileServlet directory traversal attempt (server-webapp.rules) * 1:34884 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:34885 <-> DISABLED <-> BROWSER-PLUGINS Samsung iPOLiS device manager clsid access attempt (browser-plugins.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34918 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules) * 1:34919 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34920 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access (browser-plugins.rules) * 1:34921 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34922 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34923 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access (browser-plugins.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swaylib variant outbound connection (malware-cnc.rules) * 1:34937 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management preboot policy service stack buffer overflow attempt (server-other.rules) * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules) * 1:34946 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34947 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox automatic user click event attempt (browser-firefox.rules) * 1:34948 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules) * 1:34949 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:34951 <-> DISABLED <-> SERVER-OTHER PHP DateTimeZone object timezone unserialize type confusion attempt (server-other.rules) * 1:34952 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34953 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34954 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34955 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34956 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid PSS parameter denial of service attempt (server-other.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34960 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk RdsLogsEntry servlet directory traversal attempt (server-webapp.rules) * 1:34961 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk RdsLogsEntry servlet directory traversal attempt (server-webapp.rules) * 1:34962 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk RdsLogsEntry servlet directory traversal attempt (server-webapp.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:34964 <-> DISABLED <-> PUA-ADWARE Win.Adware.Sendori user-agent detection (pua-adware.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:34969 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34970 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:34973 <-> DISABLED <-> SERVER-OTHER Apache mod_include buffer overflow attempt (server-other.rules) * 1:34974 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34975 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio UML string object heap buffer overflow attempt (file-office.rules) * 1:34976 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk getGfiUpgradeFile directory traversal attempt (server-webapp.rules) * 1:34977 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk getGfiUpgradeFile directory traversal attempt (server-webapp.rules) * 1:34978 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk getGfiUpgradeFile directory traversal attempt (server-webapp.rules) * 1:34979 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk getAgentLogFile directory traversal attempt (server-webapp.rules) * 1:34980 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk getAgentLogFile directory traversal attempt (server-webapp.rules) * 1:34981 <-> DISABLED <-> SERVER-WEBAPP SysAid Help Desk getAgentLogFile directory traversal attempt (server-webapp.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:34983 <-> DISABLED <-> SERVER-WEBAPP PHP SoapClient __call method type confusion attempt (server-webapp.rules) * 1:34984 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34985 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34986 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34987 <-> DISABLED <-> FILE-OTHER VMWare Workstation JPEG2000 stack overflow attempt (file-other.rules) * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules) * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules) * 1:34990 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules) * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules) * 1:34992 <-> DISABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:34999 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules) * 1:35000 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules) * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules) * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:35006 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:35007 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:35008 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:35009 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:35010 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:35011 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:35012 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules) * 1:35013 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules) * 1:35014 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXMLTrapsForVendor.php SQL injection attempt (server-webapp.rules) * 1:35015 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXmlTree.php SQL injection attempt (server-webapp.rules) * 1:35016 <-> ENABLED <-> SERVER-WEBAPP Centreon cmdGetExample.php SQL injection attempt (server-webapp.rules) * 1:35017 <-> ENABLED <-> SERVER-WEBAPP Centreon makeXML_ListMetrics.php SQL injection attempt (server-webapp.rules) * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35020 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules) * 1:35022 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35023 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules) * 1:35024 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules) * 1:35025 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules) * 1:35026 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS mailqueue.spl command injection attempt (server-webapp.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35032 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (server-webapp.rules) * 1:35033 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (server-webapp.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:35035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Taleretzbj outbound connection (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35038 <-> DISABLED <-> SERVER-OTHER Trustwave ModSecurity chunked transfer encoding policy bypass attempt (server-other.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:35040 <-> DISABLED <-> SERVER-WEBAPP PHP php_parse_metadata heap corruption attempt (server-webapp.rules) * 1:35041 <-> DISABLED <-> SERVER-WEBAPP PHP php_parse_metadata heap corruption attempt (server-webapp.rules) * 1:35042 <-> DISABLED <-> POLICY-OTHER Apple Cups cupsd.conf change attempt (policy-other.rules) * 1:35043 <-> DISABLED <-> SERVER-OTHER Apple Cups cupsd privilege escalation attempt (server-other.rules) * 1:35044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35045 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari URI spoofing attempt (browser-webkit.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:35048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:35049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35051 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules) * 1:35052 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules) * 1:35053 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules) * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules) * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35084 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit binary download request (exploit-kit.rules) * 1:35085 <-> DISABLED <-> EXPLOIT-KIT Null Hole exploit kit malicious swf request (exploit-kit.rules) * 1:35086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35087 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35088 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35089 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35090 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules) * 1:35091 <-> ENABLED <-> OS-MOBILE iOS lockdownd plist object buffer overflow attempt (os-mobile.rules) * 1:35092 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:35095 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35096 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35097 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35098 <-> DISABLED <-> POLICY-OTHER IPv6 neighbor solicitation - THC-IPv6 tool indicator attempt (policy-other.rules) * 1:35101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35105 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35106 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35107 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35108 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD.dll open font type privilege escalation attempt (os-windows.rules) * 1:35109 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35110 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit obfuscated Flash actionscript classname detected (exploit-kit.rules) * 1:35111 <-> DISABLED <-> SERVER-OTHER OpenSSL anomalous x509 certificate with default org name and certificate chain detected (server-other.rules) * 1:35112 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35113 <-> DISABLED <-> OS-WINDOWS Microsoft Windows clipboard null pointer dereference attempt (os-windows.rules) * 1:35114 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:35115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:35116 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer svg elements use after free attempt (browser-ie.rules) * 1:35117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer svg elements use after free attempt (browser-ie.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:35119 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode type confusion attempt (browser-ie.rules) * 1:3512 <-> DISABLED <-> SERVER-ORACLE utl_file.fcopy directory traversal attempt (server-oracle.rules) * 1:35120 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode type confusion attempt (browser-ie.rules) * 1:35121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextArea use after free attempt (browser-ie.rules) * 1:35122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextArea use after free attempt (browser-ie.rules) * 1:35123 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow use after free attempt (browser-ie.rules) * 1:35124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow use after free attempt (browser-ie.rules) * 1:35125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput use after free attempt (browser-ie.rules) * 1:35126 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput use after free attempt (browser-ie.rules) * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules) * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules) * 1:35129 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:3513 <-> DISABLED <-> SERVER-ORACLE utl_file.fopen_nchar directory traversal attempt (server-oracle.rules) * 1:35130 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid table information disclosure attempt (file-office.rules) * 1:35131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure attempt (os-windows.rules) * 1:35133 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox read permission bypass attempt (browser-ie.rules) * 1:35134 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox read permission bypass attempt (browser-ie.rules) * 1:35135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos access after release code injection attempt (os-windows.rules) * 1:35137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory access attempt (file-office.rules) * 1:35138 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory access attempt (file-office.rules) * 1:35139 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox permission bypass registry read attempt (browser-ie.rules) * 1:3514 <-> DISABLED <-> SERVER-ORACLE utl_file.fopen directory traversal attempt (server-oracle.rules) * 1:35140 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox permission bypass registry read attempt (browser-ie.rules) * 1:35141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed workbook record remote code execution attempt (file-office.rules) * 1:35142 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed workbook record remote code execution attempt (file-office.rules) * 1:35143 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer msostyle.dll dll-load exploit attempt (file-office.rules) * 1:35144 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Viewer request for msostyle.dll over SMB attempt (file-office.rules) * 1:35145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection use after free attempt (browser-ie.rules) * 1:35146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection use after free attempt (browser-ie.rules) * 1:35147 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35148 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer IE6 compatibility mode attempt (policy-other.rules) * 1:35149 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:3515 <-> DISABLED <-> SERVER-ORACLE utl_file.fremove directory traversal attempt (server-oracle.rules) * 1:35150 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop reference use after free attempt (os-windows.rules) * 1:35151 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP server PDU length heap overflow attempt (os-windows.rules) * 1:35152 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer memory access through an uninitialized pointer attempt (browser-ie.rules) * 1:35153 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer memory access through an uninitialized pointer attempt (browser-ie.rules) * 1:35154 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules) * 1:35155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use after free attempt (browser-ie.rules) * 1:35156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection object out of bounds memory access attempt (browser-ie.rules) * 1:35157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSection object out of bounds memory access attempt (browser-ie.rules) * 1:35158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFancyFormat object use-after-free attempt (browser-ie.rules) * 1:35159 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFancyFormat object use-after-free attempt (browser-ie.rules) * 1:3516 <-> DISABLED <-> SERVER-ORACLE utl_file.frename directory traversal attempt (server-oracle.rules) * 1:35160 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35161 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35162 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35163 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer IDataObject bitmap data conversion integer overflow attempt (file-flash.rules) * 1:35164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object use after free attempt (browser-ie.rules) * 1:35165 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode object use after free attempt (browser-ie.rules) * 1:35166 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35167 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF object remote code execution attempt (file-office.rules) * 1:35168 <-> DISABLED <-> FILE-OFFICE Microsoft Office rapi.dll dll-load exploit attempt (file-office.rules) * 1:35169 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for rapi.dll over SMB attempt (file-office.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:35170 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MutationObserver use after free attempt (browser-ie.rules) * 1:35171 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MutationObserver use after free attempt (browser-ie.rules) * 1:35172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use after free attempt (browser-ie.rules) * 1:35173 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTitleElement object use after free attempt (browser-ie.rules) * 1:35174 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:35175 <-> DISABLED <-> OS-WINDOWS DCOM DCE/RPC NTLM reflection elevation of privilege attempt (os-windows.rules) * 1:35176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel c legend remote code execution attempt (file-office.rules) * 1:35177 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel c legend remote code execution attempt (file-office.rules) * 1:35178 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute object use after free attempt (browser-ie.rules) * 1:35179 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute object use after free attempt (browser-ie.rules) * 1:3518 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow (server-mysql.rules) * 1:35180 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35181 <-> DISABLED <-> POLICY-OTHER Remote non-JavaScript file found in script tag src attribute (policy-other.rules) * 1:35182 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column resize use-after-free attempt (browser-ie.rules) * 1:35183 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table column resize use-after-free attempt (browser-ie.rules) * 1:35184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:35185 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:35186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:35189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:3519 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow default port (server-mysql.rules) * 1:35190 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmPItap heap corruption attempt (file-office.rules) * 1:35191 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmPItap heap corruption attempt (file-office.rules) * 1:35192 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35193 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35194 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35195 <-> DISABLED <-> POLICY-OTHER Microsoft Internet Explorer InPrivate mode image information leak attempt (policy-other.rules) * 1:35196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFieldSetElement object use after free attempt (browser-ie.rules) * 1:35197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFieldSetElement object use after free attempt (browser-ie.rules) * 1:35198 <-> ENABLED <-> SERVER-MSSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mssql.rules) * 1:35199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeComputedContent object use after free attempt (browser-ie.rules) * 1:3520 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR NETWORK overflow attempt (server-other.rules) * 1:35200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TreeComputedContent object use after free attempt (browser-ie.rules) * 1:35201 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OCX use after free attempt (file-office.rules) * 1:35202 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OCX use after free attempt (file-office.rules) * 1:35203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules) * 1:35204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules) * 1:35205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules) * 1:35206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object use after free attempt (browser-ie.rules) * 1:35207 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON stringify double free attempt (browser-ie.rules) * 1:35208 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON stringify double free attempt (browser-ie.rules) * 1:35209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:3521 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR CHECKSUMS overflow attempt (server-other.rules) * 1:35210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:35211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:35212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup object use after free attempt (browser-ie.rules) * 1:35213 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 VBScript array element use after free attempt (browser-ie.rules) * 1:35214 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 VBScript array element use after free attempt (browser-ie.rules) * 1:35215 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode atlthunk.dll dll-load exploit attempt (browser-ie.rules) * 1:35216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer protected mode request for atlthunk.dll over SMB attempt (browser-ie.rules) * 1:35217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules) * 1:35218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules) * 1:35219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules) * 1:3522 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG server overflow attempt (server-other.rules) * 1:35220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData use-after-free attempt (file-flash.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:35222 <-> ENABLED <-> INDICATOR-COMPROMISE known malicious SSL certificate - Win.Trojan.Dridex (indicator-compromise.rules) * 1:35223 <-> ENABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35224 <-> ENABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35227 <-> DISABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35228 <-> ENABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35229 <-> DISABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:3523 <-> DISABLED <-> PROTOCOL-FTP SITE INDEX format string attempt (protocol-ftp.rules) * 1:35230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35231 <-> ENABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35232 <-> ENABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35238 <-> DISABLED <-> FILE-FLASH Adobe Flash Player valueOf and toString use after free attempt (file-flash.rules) * 1:35239 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:3524 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR CHECKSUMS attempt (server-other.rules) * 1:35240 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35241 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35242 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader mishandling of invalid triangle edge access attempt (file-pdf.rules) * 1:35243 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules) * 1:35244 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules) * 1:35245 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules) * 1:35246 <-> DISABLED <-> SERVER-WEBAPP Accellion Secure File Sharing Appliance command injection attempt (server-webapp.rules) * 1:35247 <-> ENABLED <-> FILE-IDENTIFY GNI file download request (file-identify.rules) * 1:35248 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:35249 <-> ENABLED <-> FILE-IDENTIFY GNI file attachment detected (file-identify.rules) * 1:3525 <-> DISABLED <-> SERVER-OTHER Computer Associates license invalid GCR NETWORK attempt (server-other.rules) * 1:35250 <-> ENABLED <-> FILE-IDENTIFY GNI file magic detected (file-identify.rules) * 1:35251 <-> DISABLED <-> SERVER-OTHER Advantech ADAMView conditional bitmap buffer overflow attempt (server-other.rules) * 1:35252 <-> DISABLED <-> SERVER-OTHER Advantech ADAMView conditional bitmap buffer overflow attempt (server-other.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35256 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35257 <-> DISABLED <-> SERVER-WEBAPP Accellion FTA verify_oauth_token command injection attempt (server-webapp.rules) * 1:35258 <-> DISABLED <-> SERVER-WEBAPP Accellion FTA verify_oauth_token command injection attempt (server-webapp.rules) * 1:35259 <-> DISABLED <-> SERVER-WEBAPP Accellion FTA verify_oauth_token command injection attempt (server-webapp.rules) * 1:3526 <-> DISABLED <-> SERVER-ORACLE XDB FTP UNLOCK overflow attempt (server-oracle.rules) * 1:35260 <-> DISABLED <-> SERVER-WEBAPP Accellion FTA verify_oauth_token command injection attempt (server-webapp.rules) * 1:35261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player textfield filter use-after-free attempt (file-flash.rules) * 1:35268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player textfield filter use-after-free attempt (file-flash.rules) * 1:35269 <-> DISABLED <-> FILE-FLASH Adobe Flash Player textfield filter use-after-free attempt (file-flash.rules) * 1:3527 <-> DISABLED <-> OS-SOLARIS Oracle Solaris LPD overflow attempt (os-solaris.rules) * 1:35270 <-> DISABLED <-> FILE-FLASH Adobe Flash Player textfield filter use-after-free attempt (file-flash.rules) * 1:35271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buildTraitsBindings null pointer dereference attempt (file-flash.rules) * 1:35272 <-> ENABLED <-> FILE-FLASH Adobe Flash Player buildTraitsBindings null pointer dereference attempt (file-flash.rules) * 1:35273 <-> DISABLED <-> FILE-FLASH Adobe Flash Player buildTraitsBindings null pointer dereference attempt (file-flash.rules) * 1:35274 <-> DISABLED <-> FILE-FLASH Adobe Flash Player buildTraitsBindings null pointer dereference attempt (file-flash.rules) * 1:35275 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection type confusion attempt (file-flash.rules) * 1:35276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection type confusion attempt (file-flash.rules) * 1:35277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection type confusion attempt (file-flash.rules) * 1:35278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection type confusion attempt (file-flash.rules) * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:3528 <-> DISABLED <-> SERVER-MYSQL create function access attempt (server-mysql.rules) * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:35282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site information disclosure attempt (file-flash.rules) * 1:35286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:35289 <-> DISABLED <-> FILE-FLASH Adobe Flash Player universal allowDomain command proxying attempt (file-flash.rules) * 1:3529 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG client overflow attempt (server-other.rules) * 1:35290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject array.prototype.push use after free attempt (file-flash.rules) * 1:35291 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject array.prototype.push use after free attempt (file-flash.rules) * 1:35292 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject array.prototype.push use after free attempt (file-flash.rules) * 1:35293 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject array.prototype.push use after free attempt (file-flash.rules) * 1:35294 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject array.prototype.push use after free attempt (file-flash.rules) * 1:35295 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject array.prototype.push use after free attempt (file-flash.rules) * 1:35296 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject type confusion attempt (file-flash.rules) * 1:35297 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject type confusion attempt (file-flash.rules) * 1:35298 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject type confusion attempt (file-flash.rules) * 1:35299 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject type confusion attempt (file-flash.rules) * 1:353 <-> DISABLED <-> PROTOCOL-FTP adm scan (protocol-ftp.rules) * 1:3530 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client name overflow (server-other.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:35302 <-> DISABLED <-> SERVER-WEBAPP Accellion FTA arbitrary file read attempt (server-webapp.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35304 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules) * 1:35305 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:35308 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35309 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:3531 <-> DISABLED <-> SERVER-OTHER ARCserve backup UDP msg 0x99 client domain overflow (server-other.rules) * 1:35310 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35311 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35319 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:3532 <-> DISABLED <-> SERVER-ORACLE ftp password buffer overflow attempt (server-oracle.rules) * 1:35320 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35323 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35324 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35325 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35327 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35328 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35329 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:35330 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:3534 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - NETSCAPE2.0 (file-image.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35345 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35346 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35349 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35350 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35351 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35352 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35354 <-> DISABLED <-> SERVER-WEBAPP Cacti graphs local_graph_id SQL injection attempt (server-webapp.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35356 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35357 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35358 <-> DISABLED <-> SERVER-WEBAPP Wordpress RightNow theme file upload attempt (server-webapp.rules) * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules) * 1:35360 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35361 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35362 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35363 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35366 <-> DISABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35376 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35377 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35378 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35379 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:3538 <-> DISABLED <-> SERVER-OTHER RADIUS registration MSID overflow attempt (server-other.rules) * 1:35380 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35381 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35382 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35383 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:3539 <-> DISABLED <-> SERVER-OTHER RADIUS MSID overflow attempt (server-other.rules) * 1:35393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules) * 1:354 <-> DISABLED <-> PROTOCOL-FTP iss scan (protocol-ftp.rules) * 1:3540 <-> DISABLED <-> SERVER-OTHER RADIUS registration vendor ATTR_TYPE_STR overflow attempt (server-other.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:3541 <-> DISABLED <-> SERVER-OTHER RADIUS ATTR_TYPE_STR overflow attempt (server-other.rules) * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome xssauditor policy bypass command injection attempt (browser-chrome.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35419 <-> DISABLED <-> BROWSER-PLUGINS Scneider Electric IsObjectModel RemoveParameter buffer overflow attempt (browser-plugins.rules) * 1:3542 <-> DISABLED <-> SQL SA brute force login attempt (sql.rules) * 1:35420 <-> DISABLED <-> BROWSER-PLUGINS Scneider Electric IsObjectModel RemoveParameter buffer overflow attempt (browser-plugins.rules) * 1:35421 <-> DISABLED <-> BROWSER-PLUGINS Scneider Electric IsObjectModel RemoveParameter buffer overflow attempt (browser-plugins.rules) * 1:35422 <-> DISABLED <-> BROWSER-PLUGINS Scneider Electric IsObjectModel RemoveParameter buffer overflow attempt (browser-plugins.rules) * 1:35423 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Charts ActiveX function call access (browser-plugins.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:3543 <-> DISABLED <-> SQL SA brute force login attempt TDS v7/8 (sql.rules) * 1:35430 <-> ENABLED <-> FILE-PDF Adobe Reader nested events use-after-free attempt (file-pdf.rules) * 1:35431 <-> ENABLED <-> FILE-PDF Adobe Reader nested events use-after-free attempt (file-pdf.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY M4A file magic detected (file-identify.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:3544 <-> DISABLED <-> SERVER-WEBAPP TrackerCam ComGetLogFile.php3 directory traversal attempt (server-webapp.rules) * 1:35440 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35441 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35442 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35443 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35444 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35445 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35446 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35447 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep variant outbound connection (malware-cnc.rules) * 1:35449 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:3545 <-> DISABLED <-> SERVER-WEBAPP TrackerCam ComGetLogFile.php3 log information disclosure (server-webapp.rules) * 1:35450 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35451 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35452 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:3546 <-> DISABLED <-> SERVER-WEBAPP TrackerCam User-Agent buffer overflow attempt (server-webapp.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35463 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35464 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35465 <-> DISABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35466 <-> DISABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:3547 <-> DISABLED <-> SERVER-WEBAPP TrackerCam overly long php parameter overflow attempt (server-webapp.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35473 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COrphanedStylesheetArray use-after-free attempt (browser-ie.rules) * 1:35474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COrphanedStylesheetArray use-after-free attempt (browser-ie.rules) * 1:35475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COrphanedStylesheetArray use after free attempt (browser-ie.rules) * 1:35476 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer COrphanedStylesheetArray use after free attempt (browser-ie.rules) * 1:35477 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLabelElement object use after free attempt (browser-ie.rules) * 1:35478 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLabelElement object use after free attempt (browser-ie.rules) * 1:35479 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules) * 1:3548 <-> DISABLED <-> SERVER-WEBAPP TrackerCam negative Content-Length attempt (server-webapp.rules) * 1:35480 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer RecyclableObject type-confusion remote code execution attempt (browser-ie.rules) * 1:35481 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CParaElement use-after-free attempt (browser-ie.rules) * 1:35482 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CParaElement use-after-free attempt (browser-ie.rules) * 1:35483 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (file-other.rules) * 1:35484 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (file-other.rules) * 1:35485 <-> ENABLED <-> FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (file-other.rules) * 1:35486 <-> ENABLED <-> FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (file-other.rules) * 1:35487 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:35488 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Notepad remote printer file access attempt (os-windows.rules) * 1:35489 <-> ENABLED <-> FILE-OTHER Microsoft Windows OTF file parsing error exploitation attempt (file-other.rules) * 1:35490 <-> ENABLED <-> FILE-OTHER Microsoft Windows OTF file parsing error exploitation attempt (file-other.rules) * 1:35491 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remote code execution attempt (file-other.rules) * 1:35492 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI DrvQueryFontData function uninitialized glyph data remote code execution attempt (file-other.rules) * 1:35493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules) * 1:35494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules) * 1:35495 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (file-other.rules) * 1:35496 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file remote code execution attempt (file-other.rules) * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules) * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules) * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:355 <-> DISABLED <-> PROTOCOL-FTP pass wh00t (protocol-ftp.rules) * 1:3550 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML http/https scheme hostname overflow attempt (browser-ie.rules) * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:35501 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom out of bounds read attempt (file-office.rules) * 1:35502 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom out of bounds read attempt (file-office.rules) * 1:35503 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules) * 1:35504 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules) * 1:35505 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word mso.dll use-after-free attempt (file-office.rules) * 1:35506 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word mso.dll use-after-free attempt (file-office.rules) * 1:35507 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt (browser-ie.rules) * 1:35508 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt (browser-ie.rules) * 1:35509 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll out of bounds read attempt (file-office.rules) * 1:3551 <-> ENABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:35510 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll out of bounds read attempt (file-office.rules) * 1:35511 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word msptls.dll integer underflow attempt (file-office.rules) * 1:35512 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word msptls.dll integer underflow attempt (file-office.rules) * 1:35513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35514 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetTextMetricsW TEXTMETRICW kernel mode ASLR bypass attempt (os-windows.rules) * 1:35515 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt (os-windows.rules) * 1:35516 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATFM.DLL malformed OTF use-after-free attempt (os-windows.rules) * 1:35517 <-> ENABLED <-> FILE-OTHER Microsoft Windows FontView OpenType Font atmfd.dll invalid memory reference attempt (file-other.rules) * 1:35518 <-> DISABLED <-> FILE-OTHER Microsoft Windows FontView OpenType Font atmfd.dll invalid memory reference attempt (file-other.rules) * 1:35519 <-> ENABLED <-> FILE-OTHER Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt (file-other.rules) * 1:3552 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:35520 <-> ENABLED <-> FILE-OTHER Microsoft Windows kernel-mode driver TTF file glyf table out of bounds attempt (file-other.rules) * 1:35521 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed document file use after free attempt (file-office.rules) * 1:35522 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed document file use after free attempt (file-office.rules) * 1:35523 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TTF invalid system memory access attempt (os-windows.rules) * 1:35524 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TTF invalid system memory access attempt (os-windows.rules) * 1:35525 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (os-windows.rules) * 1:35526 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (os-windows.rules) * 1:35527 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35528 <-> DISABLED <-> POLICY-OTHER Microsoft cabinet file default sha1 signature detected (policy-other.rules) * 1:35529 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:3553 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM null DHTML element insertion attempt (browser-ie.rules) * 1:35530 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed TTF table hmtx remote code execution attempt (file-other.rules) * 1:35531 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (server-webapp.rules) * 1:35532 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (server-webapp.rules) * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:35536 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules) * 1:35537 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules) * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules) * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules) * 1:35540 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules) * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit flash exploit download attempt (exploit-kit.rules) * 1:35543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35544 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35545 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35548 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35550 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35552 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35553 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35554 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35555 <-> DISABLED <-> SERVER-MAIL cURL protocol file path URL parsing control character injection attempt (server-mail.rules) * 1:35556 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK MulticastAddr ActiveX clsid access attempt (browser-plugins.rules) * 1:35557 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK MulticastAddr ActiveX clsid access attempt (browser-plugins.rules) * 1:35558 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK MulticastAddr ActiveX clsid access attempt (browser-plugins.rules) * 1:35559 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK MulticastAddr ActiveX clsid access attempt (browser-plugins.rules) * 1:35560 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:35561 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35562 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35563 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:35564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime esds atom buffer overread attempt (file-multimedia.rules) * 1:35567 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:35568 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid mvhd atom size out of bounds read attempt (file-multimedia.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:35571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF dereference attempt (file-flash.rules) * 1:35572 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF dereference attempt (file-flash.rules) * 1:35573 <-> DISABLED <-> SERVER-WEBAPP Watchguard XCS compose.php SQL injection attempt (server-webapp.rules) * 1:35574 <-> DISABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules) * 1:35575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules) * 1:35576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules) * 1:35577 <-> ENABLED <-> FILE-FLASH Adobe Flash Player secret cookie location disclosure attempt (file-flash.rules) * 1:35578 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules) * 1:35579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules) * 1:35580 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules) * 1:35581 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData applyFilter heap overflow attempt (file-flash.rules) * 1:35582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player button pointer exploit attempt (file-flash.rules) * 1:35583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player button pointer exploit attempt (file-flash.rules) * 1:35584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules) * 1:35585 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules) * 1:35586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules) * 1:35587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object use after free attempt (file-flash.rules) * 1:35588 <-> DISABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules) * 1:35589 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules) * 1:35590 <-> DISABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules) * 1:35591 <-> ENABLED <-> FILE-FLASH Google Chrome pepflashplayer SurfaceFilterList use-after-free attempt (file-flash.rules) * 1:35592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tag length buffer overflow attempt (file-flash.rules) * 1:35593 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tag length buffer overflow attempt (file-flash.rules) * 1:35594 <-> DISABLED <-> SERVER-WEBAPP Websense Triton Content Manager handle_debug_network stack buffer overflow attempt (server-webapp.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35598 <-> DISABLED <-> POLICY-OTHER OCSP response with no nextUpdate field (policy-other.rules) * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules) * 1:356 <-> DISABLED <-> PROTOCOL-FTP passwd retrieval attempt (protocol-ftp.rules) * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules) * 1:35601 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules) * 1:35602 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules) * 1:35603 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules) * 1:35604 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules) * 1:35605 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules) * 1:35606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setAdvancedAntialiasingTable type confusion attempt (file-flash.rules) * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:35609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:35610 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:35611 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules) * 1:35612 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules) * 1:35613 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection directory traversal attempt (server-webapp.rules) * 1:35614 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules) * 1:35615 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules) * 1:35616 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules) * 1:35617 <-> DISABLED <-> BROWSER-PLUGINS NetIQ SafeShellExecute ActiveX clsid access attempt (browser-plugins.rules) * 1:35618 <-> ENABLED <-> FILE-FLASH Adobe Flash Player slow script invalid pointer dereference attempt (file-flash.rules) * 1:35619 <-> ENABLED <-> FILE-FLASH Adobe Flash Player slow script invalid pointer dereference attempt (file-flash.rules) * 1:35620 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules) * 1:35621 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules) * 1:35622 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules) * 1:35623 <-> DISABLED <-> BROWSER-PLUGINS Panasonic Security API SDK Ipropsapi ActiveX clsid access attempt (browser-plugins.rules) * 1:35624 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules) * 1:35625 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules) * 1:35626 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules) * 1:35627 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid samr atom out of bounds read attempt (file-multimedia.rules) * 1:35628 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35629 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35642 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35643 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35645 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35646 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35647 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35648 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35649 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35650 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35652 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35656 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35657 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35658 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35659 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35660 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35661 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35662 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules) * 1:35663 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35666 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules) * 1:35667 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules) * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35671 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35672 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35674 <-> DISABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules) * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules) * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35685 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:35686 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:35687 <-> DISABLED <-> SERVER-WEBAPP Semantec Endpoint Protection Manager server elevated privilege code execution attempt (server-webapp.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:35690 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:35691 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35697 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35698 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35699 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:357 <-> DISABLED <-> PROTOCOL-FTP piss scan (protocol-ftp.rules) * 1:35700 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules) * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules) * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules) * 1:35707 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35708 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35709 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:35711 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules) * 1:35712 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid alis atom out of bounds read attempt (file-multimedia.rules) * 1:35713 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules) * 1:35714 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime invalid dref atom out of bounds read attempt (file-multimedia.rules) * 1:35715 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35716 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35717 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35718 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime mdat atom corruption out of bounds read attempt (file-multimedia.rules) * 1:35719 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CDD font parsing kernel memory corruption attempt (os-windows.rules) * 1:35720 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CDD font parsing kernel memory corruption attempt (os-windows.rules) * 1:35725 <-> ENABLED <-> FILE-MULTIMEDIA Matroska libmatroska ebml unicode string out of bounds read attempt (file-multimedia.rules) * 1:35726 <-> ENABLED <-> FILE-MULTIMEDIA Matroska libmatroska ebml unicode string out of bounds read attempt (file-multimedia.rules) * 1:35731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules) * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules) * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules) * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules) * 1:35739 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35740 <-> DISABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules) * 1:35741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules) * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35751 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules) * 1:35752 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules) * 1:35753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules) * 1:35759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35767 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules) * 1:35768 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules) * 1:35769 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike inbound connection (malware-backdoor.rules) * 1:35770 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Cobrike outbound connection (malware-backdoor.rules) * 1:35771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35779 <-> ENABLED <-> FILE-PDF Adobe Reader XML XSL transform exploitation attempt (file-pdf.rules) * 1:35780 <-> ENABLED <-> FILE-PDF Adobe Reader XML XSL transform exploitation attempt (file-pdf.rules) * 1:35781 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35782 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:35783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jiripbot variant outbound connection (malware-cnc.rules) * 1:35784 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:35785 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm null pointer dereference attempt (file-pdf.rules) * 1:35786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35787 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader trusted function privilege escalation attempt (file-pdf.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35795 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35796 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file attachment detected (file-identify.rules) * 1:35797 <-> ENABLED <-> FILE-IDENTIFY ZSoft PCX file download request (file-identify.rules) * 1:35798 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat malformed PCX one-byte heap overwrite attempt (file-image.rules) * 1:35799 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat malformed PCX one-byte heap overwrite attempt (file-image.rules) * 1:358 <-> DISABLED <-> PROTOCOL-FTP saint scan (protocol-ftp.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:35805 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:35806 <-> DISABLED <-> FILE-EXECUTABLE Adobe Reader NtSetInformationFile privilege escalation attempt (file-executable.rules) * 1:35807 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:35808 <-> DISABLED <-> FILE-PDF Adobe Reader validation bypass privilege escalation attempt (file-pdf.rules) * 1:35809 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANSendForReview - possible privilege escalation attempt (file-pdf.rules) * 1:35810 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANSendForReview - possible privilege escalation attempt (file-pdf.rules) * 1:35811 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules) * 1:35812 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript API ANStartApproval - possible privilege escalation attempt (file-pdf.rules) * 1:35813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound type confusion attempt (file-flash.rules) * 1:35814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound type confusion attempt (file-flash.rules) * 1:35815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound type confusion attempt (file-flash.rules) * 1:35816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound type confusion attempt (file-flash.rules) * 1:35817 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca Server RenameFile method directory traversal attempt (server-webapp.rules) * 1:35818 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca Server RenameFile method directory traversal attempt (server-webapp.rules) * 1:35819 <-> DISABLED <-> SQL union select - possible percent-delimited SQL injection attempt - GET parameter (sql.rules) * 1:35820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35823 <-> DISABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35824 <-> DISABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35825 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35826 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35827 <-> DISABLED <-> FILE-OTHER TAR archive with absolute path detected (file-other.rules) * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules) * 1:35831 <-> DISABLED <-> SERVER-OTHER multiple vendors NTP daemon integer overflow attempt (server-other.rules) * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:35836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLabelElement object use after free attempt (browser-ie.rules) * 1:35837 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CLabelElement object use after free attempt (browser-ie.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:35843 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca Server MoveFile method directory traversal attempt (server-webapp.rules) * 1:35844 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca Server MoveFile method directory traversal attempt (server-webapp.rules) * 1:35845 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:35846 <-> DISABLED <-> SERVER-WEBAPP Navis DocumentCloud WordPress plugin window.php cross site scripting attempt (server-webapp.rules) * 1:35847 <-> DISABLED <-> SERVER-WEBAPP Oracle Endeca server directory traversal attempt (server-webapp.rules) * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:35849 <-> DISABLED <-> POLICY-OTHER EMC Documentum Content Server remote access attempt (policy-other.rules) * 1:35850 <-> ENABLED <-> SERVER-OTHER EMC Documentum Content Server privilege escalation attempt (server-other.rules) * 1:35851 <-> DISABLED <-> SERVER-OTHER QEMU VNC set-pixel-format memory corruption attempt (server-other.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35853 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35854 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35855 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35856 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35859 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules) * 1:35860 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules) * 1:35861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt (browser-ie.rules) * 1:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules) * 1:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules) * 1:35872 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 1:35873 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 1:35874 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 1:35875 <-> DISABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 1:35876 <-> DISABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 1:35886 <-> DISABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 1:35887 <-> DISABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 1:35888 <-> DISABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules) * 1:35889 <-> DISABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 1:35892 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules) * 1:35893 <-> DISABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules) * 1:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt (server-other.rules) * 1:359 <-> DISABLED <-> PROTOCOL-FTP satan scan (protocol-ftp.rules) * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:35904 <-> DISABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 1:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules) * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules) * 1:35916 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:35917 <-> DISABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 1:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt (server-other.rules) * 1:35921 <-> DISABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 1:35933 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP select directory traversal attempt (server-webapp.rules) * 1:35934 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP append directory traversal attempt (server-webapp.rules) * 1:35935 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35936 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35937 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35938 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules) * 1:35944 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP color palette stack buffer overflow attempt (server-mail.rules) * 1:35945 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35946 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35947 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35948 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35949 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35950 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35951 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35952 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35953 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35954 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:35955 <-> ENABLED <-> BROWSER-IE Microsoft Edge CStr object use after free attempt (browser-ie.rules) * 1:35956 <-> ENABLED <-> BROWSER-IE Microsoft Edge CStr object use after free attempt (browser-ie.rules) * 1:35957 <-> ENABLED <-> BROWSER-IE Microsoft Edge CStr object use after free attempt (browser-ie.rules) * 1:35958 <-> ENABLED <-> BROWSER-IE Microsoft Edge CStr object use after free attempt (browser-ie.rules) * 1:35959 <-> ENABLED <-> BROWSER-IE Microsoft Edge DOMNode manipulation use after free attempt (browser-ie.rules) * 1:35960 <-> ENABLED <-> BROWSER-IE Microsoft Edge DOMNode manipulation use after free attempt (browser-ie.rules) * 1:35961 <-> ENABLED <-> FILE-OTHER Microsoft Journal file parsing remote code execution attempt (file-other.rules) * 1:35962 <-> ENABLED <-> FILE-OTHER Microsoft Journal file parsing remote code execution attempt (file-other.rules) * 1:35963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element attribute use after free attempt (browser-ie.rules) * 1:35964 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element attribute use after free attempt (browser-ie.rules) * 1:35965 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement input type memory corruption attempt (browser-ie.rules) * 1:35966 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement input type memory corruption attempt (browser-ie.rules) * 1:35967 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules) * 1:35968 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules) * 1:35969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules) * 1:35970 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules) * 1:35971 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules) * 1:35972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Embedded Windows Media Player CMarkup object use after free attempt (browser-ie.rules) * 1:35973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:35974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SURFACE objects kernel privilege escalation attempt (os-windows.rules) * 1:35975 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use-after-free attempt (browser-ie.rules) * 1:35976 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use-after-free attempt (browser-ie.rules) * 1:35977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateObjectTask privilege escalation attempt (os-windows.rules) * 1:35979 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file download request (file-identify.rules) * 1:35980 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35981 <-> ENABLED <-> FILE-IDENTIFY Windows Media Center link file attachment detected (file-identify.rules) * 1:35983 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:35984 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI+ denial of service attempt (os-windows.rules) * 1:35985 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI+ denial of service attempt (os-windows.rules) * 1:35986 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:35987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtUserSetWindowsHook memory disclosure attempt (os-windows.rules) * 1:35988 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35989 <-> DISABLED <-> FILE-EXECUTABLE NtGdiStretchBlt buffer overflow privilege escalation attempt (file-executable.rules) * 1:35990 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JScript.Compact insertBefore memory corruption attempt (browser-ie.rules) * 1:35991 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JScript.Compact insertBefore memory corruption attempt (browser-ie.rules) * 1:35992 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgTaskSvgDoc object double free attempt (browser-ie.rules) * 1:35993 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgTaskSvgDoc object double free attempt (browser-ie.rules) * 1:35994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:35995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows desktop window privilege escalation attempt (os-windows.rules) * 1:35996 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OLESS directory entry type confusion remote code execution attempt (file-office.rules) * 1:35997 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel OLESS directory entry type confusion remote code execution attempt (file-office.rules) * 1:35998 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer msGetRegionContent memory corruption attempt (browser-ie.rules) * 1:35999 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer msGetRegionContent memory corruption attempt (browser-ie.rules) * 1:360 <-> DISABLED <-> PROTOCOL-FTP serv-u directory traversal (protocol-ftp.rules) * 1:36000 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules) * 1:36001 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules) * 1:36002 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules) * 1:36003 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules) * 1:36004 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object double free attempt (browser-ie.rules) * 1:36005 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CImgElement object double free attempt (browser-ie.rules) * 1:36006 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableColCalc out of bounds memory write attempt (browser-ie.rules) * 1:36007 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableColCalc out of bounds memory write attempt (browser-ie.rules) * 1:36008 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array memory access attempt (browser-ie.rules) * 1:36009 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds array memory access attempt (browser-ie.rules) * 1:36010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:36011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows task scheduler race condition attempt (os-windows.rules) * 1:36012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:36013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel SettingsSyncDiagnostics privilege escalation attempt (os-windows.rules) * 1:36014 <-> ENABLED <-> OS-WINDOWS Microsoft Windows System.DirectoryServices.Protocols.Utility class memory overflow attempt (os-windows.rules) * 1:36015 <-> ENABLED <-> OS-WINDOWS Microsoft Windows System.DirectoryServices.Protocols.Utility class memory overflow attempt (os-windows.rules) * 1:36016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:36017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:36018 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid memory access attempt (browser-ie.rules) * 1:36019 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid memory access attempt (browser-ie.rules) * 1:36020 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EPM SetValue sandbox bypass attempt (browser-ie.rules) * 1:36021 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EPM SetValue sandbox bypass attempt (browser-ie.rules) * 1:36022 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules) * 1:36023 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules) * 1:36024 <-> DISABLED <-> SERVER-WEBAPP FireEye ModuleDispatch.php name parameter directory traversal directory traversal attempt (server-webapp.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:36026 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:36027 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:36028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:36029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys use after free attempt (os-windows.rules) * 1:36030 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules) * 1:36031 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules) * 1:36032 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules) * 1:36033 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station subtitle.cgi command injection attempt (server-webapp.rules) * 1:36034 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36036 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules) * 1:36037 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36038 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36039 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36040 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36041 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules) * 1:36042 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules) * 1:36043 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station watchstatus.cgi SQL injection attempt (server-webapp.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36049 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules) * 1:36050 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules) * 1:36051 <-> DISABLED <-> SERVER-WEBAPP Synology Video Station audiotrack.cgi SQL injection attempt (server-webapp.rules) * 1:36052 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA JSON interface hidden credentials authentication attempt (server-webapp.rules) * 1:36053 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA snmp JSON interface command injection attempt (server-webapp.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:36055 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported DNSKEY cryptographic algorithm attempt (protocol-dns.rules) * 1:36057 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ directory traversal attempt (server-webapp.rules) * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules) * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules) * 1:36060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shifu variant outbound connection (malware-cnc.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36067 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join attempt (indicator-obfuscation.rules) * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules) * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 1:36097 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36098 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36099 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:361 <-> DISABLED <-> PROTOCOL-FTP SITE EXEC attempt (protocol-ftp.rules) * 1:36100 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager default credentials authentication attempt (server-webapp.rules) * 1:36101 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules) * 1:36102 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules) * 1:36104 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA configdb_file.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36109 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven InterfaceFilter ActiveX clsid access (browser-plugins.rules) * 1:36110 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven InterfaceFilter ActiveX clsid access (browser-plugins.rules) * 1:36111 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven InterfaceFilter ActiveX clsid access (browser-plugins.rules) * 1:36112 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven InterfaceFilter ActiveX clsid access (browser-plugins.rules) * 1:36113 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player ID3 tag integer overflow attempt (file-multimedia.rules) * 1:36114 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player ID3 tag integer overflow attempt (file-multimedia.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36120 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36122 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36130 <-> DISABLED <-> PROTOCOL-DNS ISC BIND zero length OPENPGPKEY rdata response attempt (protocol-dns.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36136 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36137 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36138 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36141 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36146 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36147 <-> DISABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules) * 1:36148 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules) * 1:36149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36151 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36160 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36161 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36162 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36163 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36164 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36165 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36166 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36167 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36168 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36169 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36170 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36171 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36172 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36173 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36174 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36175 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36176 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36177 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36178 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules) * 1:36181 <-> DISABLED <-> SERVER-WEBAPP Endian Firewall Proxy chpasswd.cgi command injection attempt (server-webapp.rules) * 1:36182 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire server-session-details cross site scripting attempt (server-webapp.rules) * 1:36183 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire create-bookmark cross site scripting attempt (server-webapp.rules) * 1:36184 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire group-summary cross site scripting attempt (server-webapp.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display list use after free attempt (file-flash.rules) * 1:36188 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display list use after free attempt (file-flash.rules) * 1:36189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list use after free attempt (file-flash.rules) * 1:36190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list use after free attempt (file-flash.rules) * 1:36191 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:36192 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:36193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Exploit Kit decryption key detected (file-flash.rules) * 1:36194 <-> DISABLED <-> POLICY-OTHER BitTorrent distributed reflected denial-of-service attempt (policy-other.rules) * 1:36195 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36196 <-> DISABLED <-> SERVER-WEBAPP Reprise license manager actserver and akey HTTP parameters parsing stack buffer overflow attempt (server-webapp.rules) * 1:36197 <-> DISABLED <-> SERVER-WEBAPP nginx SMTP proxy STARTTLS plaintext command injection attempt (server-webapp.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:362 <-> DISABLED <-> PROTOCOL-FTP tar parameters (protocol-ftp.rules) * 1:36201 <-> ENABLED <-> EXPLOIT-KIT Scanbox exploit kit exfiltration attempt (exploit-kit.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36203 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom uninitialized memory access attempt (file-office.rules) * 1:36204 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll corrupt fcPlcfFldMom uninitialized memory access attempt (file-office.rules) * 1:36212 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules) * 1:36213 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules) * 1:36216 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules) * 1:36217 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules) * 1:36224 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer superscript use after free attempt (browser-ie.rules) * 1:36225 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36226 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36227 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36228 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules) * 1:36229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules) * 1:36230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules) * 1:36236 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules) * 1:36237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules) * 1:36238 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGenericElement use after free attempt (browser-ie.rules) * 1:36239 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:36240 <-> ENABLED <-> FILE-JAVA Oracle Java System.arraycopy race condition attempt (file-java.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:36242 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules) * 1:36243 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite frm_splitfrm remote file include attempt (server-webapp.rules) * 1:36244 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:36245 <-> ENABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:36247 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:36248 <-> DISABLED <-> SERVER-OTHER IRC w3wt0rk pitbull perl bot remote command execution attempt (server-other.rules) * 1:36249 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSelectElement SetCurSel remote code execution attempt (browser-ie.rules) * 1:36250 <-> DISABLED <-> SERVER-OTHER ntpd keyfile buffer overflow attempt (server-other.rules) * 1:36251 <-> DISABLED <-> SERVER-OTHER ntpq atoascii memory corruption attempt (server-other.rules) * 1:36252 <-> DISABLED <-> SERVER-OTHER ntpd remote configuration denial of service attempt (server-other.rules) * 1:36253 <-> DISABLED <-> SERVER-OTHER ntpd saveconfig directory traversal attempt (server-other.rules) * 1:36254 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:36255 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:3626 <-> DISABLED <-> PROTOCOL-ICMP PATH MTU denial of service attempt (protocol-icmp.rules) * 1:36260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:3627 <-> DISABLED <-> SERVER-MAIL X-LINK2STATE CHUNK command attempt (server-mail.rules) * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules) * 1:36272 <-> ENABLED <-> SERVER-WEBAPP GE MDS PulseNet hidden credentials authentication attempt (server-webapp.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36277 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36278 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36279 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:3628 <-> DISABLED <-> APP-DETECT Data Rescue IDA Pro startup license check attempt (app-detect.rules) * 1:36280 <-> DISABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36281 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36282 <-> ENABLED <-> POLICY-OTHER Cisco router Security Device Manager default banner (policy-other.rules) * 1:36283 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules) * 1:36284 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules) * 1:36285 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager APMAlertOperations servlet SQL injection attempt (server-webapp.rules) * 1:36286 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit browser detection attempt (exploit-kit.rules) * 1:36287 <-> ENABLED <-> FILE-FLASH Adobe Flash Player avc_core out of bounds memory access attempt (file-flash.rules) * 1:36288 <-> ENABLED <-> FILE-FLASH Adobe Flash Player avc_core out of bounds memory access attempt (file-flash.rules) * 1:36289 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream.appendBytes use after free attempt (file-flash.rules) * 1:3629 <-> DISABLED <-> SERVER-WEBAPP sambar /search/results.stm access (server-webapp.rules) * 1:36290 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream.appendBytes use after free attempt (file-flash.rules) * 1:36291 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetStream.appendBytes use after free attempt (file-flash.rules) * 1:36292 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetStream.appendBytes use after free attempt (file-flash.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36295 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movie signed integer memory corruption attempt (file-flash.rules) * 1:36296 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movie signed integer memory corruption attempt (file-flash.rules) * 1:36297 <-> ENABLED <-> FILE-FLASH Adobe Flash Player video decode use after free attempt (file-flash.rules) * 1:36298 <-> ENABLED <-> FILE-FLASH Adobe Flash Player video decode use after free attempt (file-flash.rules) * 1:36299 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:363 <-> DISABLED <-> PROTOCOL-ICMP IRDP router advertisement (protocol-icmp.rules) * 1:3630 <-> DISABLED <-> SERVER-ORACLE ftp TEST command buffer overflow attempt (server-oracle.rules) * 1:36300 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:36301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:36302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36305 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:36306 <-> DISABLED <-> FILE-PDF Foxit Reader PNG to PDF conversion heap buffer overflow attempt (file-pdf.rules) * 1:36307 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36308 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36309 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:3631 <-> DISABLED <-> SERVER-ORACLE ftp user name buffer overflow attempt (server-oracle.rules) * 1:36310 <-> ENABLED <-> FILE-IMAGE Trimble SketchUp corrupt BMP RLE4 heap buffer overflow attempt (file-image.rules) * 1:36311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player class scope bypass attempt (file-flash.rules) * 1:36312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player class scope bypass attempt (file-flash.rules) * 1:36313 <-> ENABLED <-> FILE-FLASH Adobe Flash Player class scope bypass attempt (file-flash.rules) * 1:36314 <-> DISABLED <-> FILE-FLASH Adobe Flash Player class scope bypass attempt (file-flash.rules) * 1:36315 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36316 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded MP4 potential information leak attempt (file-flash.rules) * 1:36317 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URI loaded FLV potential information leak attempt (file-flash.rules) * 1:36318 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Netstream Video null pointer dereference attempt (file-flash.rules) * 1:36319 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Netstream Video null pointer dereference attempt (file-flash.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:36320 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 2 ActiveX clsid access attempt (browser-plugins.rules) * 1:36321 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeChildren use-after-free attempt (file-flash.rules) * 1:36322 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeChildren use-after-free attempt (file-flash.rules) * 1:36323 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeChildren use-after-free attempt (file-flash.rules) * 1:36324 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeChildren use-after-free attempt (file-flash.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36330 <-> DISABLED <-> SERVER-WEBAPP Kaseya VSA uploader.aspx PathData directory traversal attempt (server-webapp.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36333 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:36334 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-password cross site request forgery attempt (server-webapp.rules) * 1:36335 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-create cross site request forgery attempt (server-webapp.rules) * 1:36336 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire server properties cross site request forgery attempt (server-webapp.rules) * 1:36337 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire permitted-clients cross site request forgery attempt (server-webapp.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:36339 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36340 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36341 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36342 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36343 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36344 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36349 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:3635 <-> DISABLED <-> MALWARE-BACKDOOR Amanda 2.0 connection established (malware-backdoor.rules) * 1:36350 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36353 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36359 <-> DISABLED <-> SERVER-WEBAPP pfSense WebGui Zone Parameter cross-site scripting attempt (server-webapp.rules) * 1:3636 <-> DISABLED <-> MALWARE-BACKDOOR Crazzy Net 5.0 connection established (malware-backdoor.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36369 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:3637 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF directory traversal attempt (server-other.rules) * 1:36370 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36372 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:3638 <-> DISABLED <-> SERVER-WEBAPP SoftCart.exe CGI buffer overflow attempt (server-webapp.rules) * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36385 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules) * 1:36386 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules) * 1:36387 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules) * 1:36388 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules) * 1:3639 <-> DISABLED <-> NETBIOS SMB Trans andx data displacement null pointer DOS attempt (netbios.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:36399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:364 <-> DISABLED <-> PROTOCOL-ICMP IRDP router selection (protocol-icmp.rules) * 1:3640 <-> DISABLED <-> NETBIOS SMB Trans data displacement null pointer DOS attempt (netbios.rules) * 1:36400 <-> DISABLED <-> SERVER-WEBAPP OpenDocMan redirection parameter cross site scripting attempt (server-webapp.rules) * 1:36401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuickLinks object use-after-free attempt (browser-ie.rules) * 1:36402 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuickLinks object use-after-free attempt (browser-ie.rules) * 1:36403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:36404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SepReferenceLowBoxObjects privilege escalation attempt (os-windows.rules) * 1:36405 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:36406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows sandbox policy bypass attempt (os-windows.rules) * 1:36407 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36408 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36409 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:3641 <-> DISABLED <-> NETBIOS SMB Trans unicode data displacement null pointer DOS attempt (netbios.rules) * 1:36410 <-> DISABLED <-> OS-WINDOWS RDP client dll-load exploit attempt (os-windows.rules) * 1:36411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox escape attempt (browser-ie.rules) * 1:36412 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox escape attempt (browser-ie.rules) * 1:36413 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox escape attempt (browser-ie.rules) * 1:36414 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox escape attempt (browser-ie.rules) * 1:36415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ALPC synchronous requests memory corruption attempt (os-windows.rules) * 1:36417 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CWindow object use after free attempt (browser-ie.rules) * 1:36418 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CWindow object use after free attempt (browser-ie.rules) * 1:36419 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:3642 <-> DISABLED <-> NETBIOS SMB Trans unicode andx data displacement null pointer DOS attempt (netbios.rules) * 1:36420 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36421 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36422 <-> DISABLED <-> POLICY-OTHER Remote non-VBScript file found in Visual Basic script tag src attribute (policy-other.rules) * 1:36423 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDeskBand use-after-free attempt (browser-ie.rules) * 1:36424 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDeskBand use-after-free attempt (browser-ie.rules) * 1:36425 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:36426 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:36427 <-> ENABLED <-> FILE-OFFICE Microsoft Visio lmetaclasscount buffer overflow attempt (file-office.rules) * 1:36428 <-> ENABLED <-> FILE-OFFICE Microsoft Visio lmetaclasscount buffer overflow attempt (file-office.rules) * 1:36429 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed binary format use after free attempt (file-office.rules) * 1:3643 <-> DISABLED <-> NETBIOS SMB-DS Trans andx data displacement null pointer DOS attempt (netbios.rules) * 1:36430 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed binary format use after free attempt (file-office.rules) * 1:36431 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36432 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36433 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:36434 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:36435 <-> DISABLED <-> SERVER-OTHER Xerox Administrator Console password extraction attempt (server-other.rules) * 1:36436 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer pre-line use after free attempt (browser-ie.rules) * 1:36437 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll ActiveX clsid access (browser-ie.rules) * 1:36438 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ieframe.dll ActiveX clsid access (browser-ie.rules) * 1:36439 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSelection use-after-free attempt (browser-ie.rules) * 1:3644 <-> DISABLED <-> NETBIOS SMB-DS Trans data displacement null pointer DOS attempt (netbios.rules) * 1:36440 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableSelection use-after-free attempt (browser-ie.rules) * 1:36441 <-> ENABLED <-> FILE-OTHER Visual Basic scripting engine Filter argument mishandling attempt (file-other.rules) * 1:36442 <-> ENABLED <-> FILE-OTHER Visual Basic scripting engine Filter argument mishandling attempt (file-other.rules) * 1:36443 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EventListener use after free attempt (browser-ie.rules) * 1:36444 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EventListener use after free attempt (browser-ie.rules) * 1:36445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:36446 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:36447 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyle object out-of-bounds read attempt (browser-ie.rules) * 1:36448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyle object out-of-bounds read attempt (browser-ie.rules) * 1:36449 <-> DISABLED <-> SERVER-WEBAPP Wordpress xmlrpc.php multiple failed authentication response (server-webapp.rules) * 1:3645 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode data displacement null pointer DOS attempt (netbios.rules) * 1:36450 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer RegExp object use after free attempt (browser-ie.rules) * 1:36451 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer RegExp object use after free attempt (browser-ie.rules) * 1:36452 <-> DISABLED <-> BROWSER-IE Microsoft Edge cross site scripting filter bypass attempt (browser-ie.rules) * 1:36453 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer argument validation in print preview handling exploitation attempt (browser-ie.rules) * 1:36454 <-> DISABLED <-> SERVER-OTHER multiple products WinExec function remote code execution attempt (server-other.rules) * 1:36455 <-> DISABLED <-> SERVER-OTHER Schneider Electric InduSoft Web Studio Remote Agent remote code execution attempt (server-other.rules) * 1:36456 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules) * 1:36457 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36458 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript regular expression information disclosure attempt (browser-ie.rules) * 1:36459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript regular expression information disclosure attempt (browser-ie.rules) * 1:3646 <-> DISABLED <-> NETBIOS SMB-DS Trans unicode andx data displacement null pointer DOS attempt (netbios.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:3647 <-> DISABLED <-> NETBIOS SMB Trans andx data displacement null pointer DOS attempt (netbios.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access (browser-plugins.rules) * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access (browser-plugins.rules) * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access (browser-plugins.rules) * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access (browser-plugins.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:3648 <-> DISABLED <-> NETBIOS SMB Trans data displacement null pointer DOS attempt (netbios.rules) * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:3649 <-> DISABLED <-> NETBIOS SMB Trans unicode data displacement null pointer DOS attempt (netbios.rules) * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36492 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:36495 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Import ActiveX clsid access attempt (browser-plugins.rules) * 1:36496 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Import ActiveX clsid access attempt (browser-plugins.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36498 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:365 <-> DISABLED <-> PROTOCOL-ICMP PING undefined code (protocol-icmp.rules) * 1:3650 <-> DISABLED <-> NETBIOS SMB Trans unicode andx data displacement null pointer DOS attempt (netbios.rules) * 1:36500 <-> DISABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36501 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:36502 <-> DISABLED <-> FILE-FLASH Adobe Flash Player scrollRect property use after free attempt (file-flash.rules) * 1:36503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player scrollRect property use after free attempt (file-flash.rules) * 1:36504 <-> DISABLED <-> FILE-FLASH Adobe Flash Player scrollRect property use after free attempt (file-flash.rules) * 1:36505 <-> DISABLED <-> FILE-FLASH Adobe Flash Player scrollRect property use after free attempt (file-flash.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:36507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36508 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:3651 <-> DISABLED <-> SERVER-OTHER CVS rsh annotate revision overflow attempt (server-other.rules) * 1:36510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36511 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire server properties cross site request forgery attempt (server-webapp.rules) * 1:36512 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 CABAC encoding out of bounds read attempt (file-multimedia.rules) * 1:36513 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 CABAC encoding out of bounds read attempt (file-multimedia.rules) * 1:36514 <-> DISABLED <-> BROWSER-PLUGINS X360 VideoPlayer ConvertFile ActiveX clsid access (browser-plugins.rules) * 1:36515 <-> DISABLED <-> BROWSER-PLUGINS X360 VideoPlayer SetText ActiveX clsid access (browser-plugins.rules) * 1:36516 <-> DISABLED <-> BROWSER-PLUGINS X360 VideoPlayer ConvertFile ActiveX clsid access (browser-plugins.rules) * 1:36517 <-> DISABLED <-> BROWSER-PLUGINS X360 VideoPlayer SetText ActiveX clsid access (browser-plugins.rules) * 1:3652 <-> DISABLED <-> SERVER-OTHER CVS pserver annotate revision overflow attempt (server-other.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36523 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules) * 1:36524 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:36525 <-> DISABLED <-> FILE-JAVA Oracle Java TrueType font parsing mort table ligature subtable buffer overflow attempt (file-java.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:3653 <-> DISABLED <-> SERVER-MAIL SAML overflow attempt (server-mail.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36531 <-> ENABLED <-> FILE-IDENTIFY Oracle Java JMX management loading mlet detected (file-identify.rules) * 1:36532 <-> DISABLED <-> SERVER-OTHER Oracle Java JMX server insecure configuration remote code execution attempt (server-other.rules) * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:36535 <-> DISABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page detected (exploit-kit.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:3654 <-> DISABLED <-> SERVER-MAIL SOML overflow attempt (server-mail.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36541 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:36543 <-> ENABLED <-> EXPLOIT-KIT Hunter exploit kit landing page detected (exploit-kit.rules) * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (server-webapp.rules) * 1:36545 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36546 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36547 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36548 <-> DISABLED <-> SERVER-OTHER Avast Antivirus X.509 Common Name remote code execution attempt (server-other.rules) * 1:36549 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:3655 <-> DISABLED <-> SERVER-MAIL SEND overflow attempt (server-mail.rules) * 1:36550 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36551 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36554 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36555 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36556 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36559 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:3656 <-> DISABLED <-> SERVER-MAIL MDaemon 6.5.1 and prior versions MAIL overflow attempt (server-mail.rules) * 1:36560 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer arraybuffer entryslice memory corruption attempt (browser-ie.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:3657 <-> DISABLED <-> SERVER-ORACLE ctxsys.driload attempt (server-oracle.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36573 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion check stack overflow attempt (file-flash.rules) * 1:36574 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion check stack overflow attempt (file-flash.rules) * 1:36575 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion check stack overflow attempt (file-flash.rules) * 1:36576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player recursion check stack overflow attempt (file-flash.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slackbot variant outbound connection (malware-cnc.rules) * 1:3658 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 little endian buffer overflow attempt (server-other.rules) * 1:36580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slackbot variant outbound connection (malware-cnc.rules) * 1:36581 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE engine find_recurse out-of-bounds read attempt (file-flash.rules) * 1:36582 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE engine find_recurse out-of-bounds read attempt (file-flash.rules) * 1:36583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE engine find_recurse out-of-bounds read attempt (file-flash.rules) * 1:36584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE engine find_recurse out-of-bounds read attempt (file-flash.rules) * 1:36585 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules) * 1:36586 <-> ENABLED <-> FILE-FLASH Adobe Flash Player message handler array length overflow attempt (file-flash.rules) * 1:36587 <-> ENABLED <-> FILE-FLASH Adobe Flash Player message handler array length overflow attempt (file-flash.rules) * 1:36588 <-> DISABLED <-> FILE-FLASH Adobe Flash Player message handler array length overflow attempt (file-flash.rules) * 1:36589 <-> ENABLED <-> FILE-FLASH Adobe Flash Player message handler array length overflow attempt (file-flash.rules) * 1:3659 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 buffer overflow attempt (server-other.rules) * 1:36590 <-> ENABLED <-> FILE-FLASH Adobe Flash Player textLine use-after-free attempt (file-flash.rules) * 1:36591 <-> ENABLED <-> FILE-FLASH Adobe Flash Player textLine use-after-free attempt (file-flash.rules) * 1:36592 <-> DISABLED <-> FILE-FLASH Adobe Flash Player textLine use-after-free attempt (file-flash.rules) * 1:36593 <-> DISABLED <-> FILE-FLASH Adobe Flash Player textLine use-after-free attempt (file-flash.rules) * 1:36594 <-> DISABLED <-> SERVER-WEBAPP OpenEMR globals.php authentication bypass attempt (server-webapp.rules) * 1:36595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR globals.php authentication bypass attempt (server-webapp.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:36597 <-> ENABLED <-> FILE-FLASH Adobe Flash Player assertion out of bounds corruption attempt (file-flash.rules) * 1:36598 <-> ENABLED <-> FILE-FLASH Adobe Flash Player assertion out of bounds corruption attempt (file-flash.rules) * 1:36599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assertion out of bounds corruption attempt (file-flash.rules) * 1:366 <-> DISABLED <-> PROTOCOL-ICMP PING Unix (protocol-icmp.rules) * 1:3660 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 little endian buffer overflow attempt (server-other.rules) * 1:36600 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assertion out of bounds corruption attempt (file-flash.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36604 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:36605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules) * 1:36606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36607 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36608 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:36609 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NavigatetoURL new tab open attempt (file-flash.rules) * 1:3661 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 00 buffer overflow attempt (server-other.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36611 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:36612 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:36613 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (server-webapp.rules) * 1:36614 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (server-webapp.rules) * 1:36615 <-> DISABLED <-> SERVER-WEBAPP Joomla com_contenthistory module SQL injection attempt (server-webapp.rules) * 1:36616 <-> DISABLED <-> SERVER-WEBAPP Joomla com_contenthistory module SQL injection attempt (server-webapp.rules) * 1:36617 <-> DISABLED <-> SERVER-WEBAPP Joomla com_contenthistory module SQL injection attempt (server-webapp.rules) * 1:36618 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven GetWideStrCpy ActiveX clsid access (browser-plugins.rules) * 1:36619 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven GetWideStrCpy ActiveX clsid access (browser-plugins.rules) * 1:3662 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 little endian buffer overflow attempt (server-other.rules) * 1:36620 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven GetWideStrCpy ActiveX clsid access (browser-plugins.rules) * 1:36621 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven GetWideStrCpy ActiveX clsid access (browser-plugins.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:36628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recodler variant outbound connection (malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:3663 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 03 buffer overflow attempt (server-other.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules) * 1:36632 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules) * 1:36633 <-> DISABLED <-> SERVER-OTHER NTP decodenetnum assertion failure denial of service attempt (server-other.rules) * 1:36635 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit search uri request attempt (exploit-kit.rules) * 1:36636 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit index uri request attempt (exploit-kit.rules) * 1:36637 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit viewtopic uri request attempt (exploit-kit.rules) * 1:36638 <-> DISABLED <-> SERVER-WEBAPP WordPress Font Plugin AjaxProxy.php absolute path traversal attempt (server-webapp.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:3664 <-> DISABLED <-> SERVER-OTHER PPTP echo request buffer overflow attempt (server-other.rules) * 1:36640 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess SCADA webdact.ocx AccessCode ActiveX clsid access attempt (browser-plugins.rules) * 1:36641 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess SCADA webdact.ocx AccessCode ActiveX clsid access attempt (browser-plugins.rules) * 1:36642 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess SCADA webdact.ocx AccessCode ActiveX clsid access attempt (browser-plugins.rules) * 1:36643 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess SCADA webdact.ocx AccessCode ActiveX clsid access attempt (browser-plugins.rules) * 1:36644 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36645 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36646 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus iNotes Attachment_Times ActiveX clsid access (browser-plugins.rules) * 1:36647 <-> DISABLED <-> BROWSER-PLUGINS Oracle Hyperion Strategic Finance Client SetDevNames ActiveX clsid access attempt (browser-plugins.rules) * 1:36648 <-> DISABLED <-> BROWSER-PLUGINS Oracle Hyperion Strategic Finance Client SetDevNames ActiveX clsid access attempt (browser-plugins.rules) * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules) * 1:36650 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:36651 <-> DISABLED <-> PROTOCOL-ICMP Squid Pinger IPv6 denial of service attempt (protocol-icmp.rules) * 1:36653 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:36654 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Aztec ActiveX clsid access (browser-plugins.rules) * 1:36655 <-> DISABLED <-> SERVER-WEBAPP Joomla com_realestatemanager module SQL injection attempt (server-webapp.rules) * 1:36656 <-> DISABLED <-> SERVER-WEBAPP Joomla com_realestatemanager module SQL injection attempt (server-webapp.rules) * 1:36657 <-> DISABLED <-> SERVER-WEBAPP Joomla com_realestatemanager module SQL injection attempt (server-webapp.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:3666 <-> DISABLED <-> SERVER-MYSQL server greeting finished (server-mysql.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36662 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess SCADA ActiveX clsid access (browser-plugins.rules) * 1:36663 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess SCADA ActiveX clsid access (browser-plugins.rules) * 1:36664 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess SCADA ActiveX clsid access (browser-plugins.rules) * 1:36665 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess SCADA ActiveX clsid access (browser-plugins.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:36671 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer fragmented CtxtBlk heap overflow attempt (browser-ie.rules) * 1:36672 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer fragmented CtxtBlk heap overflow attempt (browser-ie.rules) * 1:36673 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetPlainText negative start index out of bounds write attempt (browser-ie.rules) * 1:36674 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetPlainText negative start index out of bounds write attempt (browser-ie.rules) * 1:36675 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup use-after-free attempt (browser-ie.rules) * 1:36676 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup use-after-free attempt (browser-ie.rules) * 1:36677 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG textbox out of bound memory access attempt (browser-ie.rules) * 1:36678 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG textbox out of bound memory access attempt (browser-ie.rules) * 1:36679 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cache management code overflow attempt (browser-ie.rules) * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules) * 1:36680 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cache management code overflow attempt (browser-ie.rules) * 1:36681 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer access violation attempt (browser-ie.rules) * 1:36682 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer access violation attempt (browser-ie.rules) * 1:36683 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell object use after free attempt (browser-ie.rules) * 1:36684 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell object use after free attempt (browser-ie.rules) * 1:36685 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer col onpropertychange memory corruption attempt (browser-ie.rules) * 1:36686 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer col onpropertychange memory corruption attempt (browser-ie.rules) * 1:36687 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:36688 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:36689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer managed CDispNode objects use-after-free attempt (browser-ie.rules) * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules) * 1:36690 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer managed CDispNode objects use-after-free attempt (browser-ie.rules) * 1:36691 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CUListElement use-after-free attempt (browser-ie.rules) * 1:36692 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CUListElement use-after-free attempt (browser-ie.rules) * 1:36693 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style object stylesheet use after free attempt (browser-ie.rules) * 1:36694 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style object stylesheet use after free attempt (browser-ie.rules) * 1:36695 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table element modification use after free attempt (browser-ie.rules) * 1:36696 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table element modification use after free attempt (browser-ie.rules) * 1:36697 <-> ENABLED <-> FILE-OTHER Microsoft Windows Journal integer overflow attempt (file-other.rules) * 1:36698 <-> ENABLED <-> FILE-OTHER Microsoft Windows Journal integer overflow attempt (file-other.rules) * 1:36699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode row element removal remote code execution attempt (browser-ie.rules) * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules) * 1:36700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode row element removal remote code execution attempt (browser-ie.rules) * 1:36701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CEditEventSink navigate use after free attempt (browser-ie.rules) * 1:36702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CEditEventSink navigate use after free attempt (browser-ie.rules) * 1:36703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos privilege escalation attempt (os-windows.rules) * 1:36704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeferWindowPos privilege escalation attempt (os-windows.rules) * 1:36705 <-> ENABLED <-> OS-WINDOWS Microsoft Windows afd.sys memory corruption attempt (os-windows.rules) * 1:36706 <-> ENABLED <-> OS-WINDOWS Microsoft Windows afd.sys memory corruption attempt (os-windows.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36709 <-> ENABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules) * 1:36710 <-> ENABLED <-> OS-WINDOWS Microsoft Windows use after free kernel privilege escalation attempt (os-windows.rules) * 1:36711 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Application file attachment detected (file-identify.rules) * 1:36712 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36716 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word PmwdFromDoc use after free attempt (file-office.rules) * 1:36717 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word PmwdFromDoc use after free attempt (file-office.rules) * 1:36718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:36719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel memory information disclosure attempt (os-windows.rules) * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules) * 1:36720 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word CoCreateInstance elevation of privilege attempt (file-office.rules) * 1:36721 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word CoCreateInstance elevation of privilege attempt (file-office.rules) * 1:36722 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:36723 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:3673 <-> DISABLED <-> OS-WINDOWS Microsoft SMS remote control client DoS overly long length attempt (os-windows.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36733 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36734 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36735 <-> DISABLED <-> PROTOCOL-VOIP javascript found in SIP headers attempt (protocol-voip.rules) * 1:36736 <-> ENABLED <-> FILE-OTHER Microsoft Windows malformed TrueType file remote code execution attempt (file-other.rules) * 1:36737 <-> ENABLED <-> FILE-OTHER Microsoft Windows malformed TrueType file remote code execution attempt (file-other.rules) * 1:36738 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTsfTextStore use-after-free attempt (browser-ie.rules) * 1:36739 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTsfTextStore use-after-free attempt (browser-ie.rules) * 1:3674 <-> DISABLED <-> SERVER-WEBAPP db4web_c directory traversal attempt (server-webapp.rules) * 1:36740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word FGetCpFlowDr memory corruption attempt (file-office.rules) * 1:36741 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word FGetCpFlowDr memory corruption attempt (file-office.rules) * 1:36742 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:36743 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:36744 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:36745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:36746 <-> DISABLED <-> BROWSER-IE Microsoft Edge click method use after free attempt (browser-ie.rules) * 1:36747 <-> DISABLED <-> BROWSER-IE Microsoft Edge click method use after free attempt (browser-ie.rules) * 1:36748 <-> ENABLED <-> FILE-IDENTIFY TTF file attachment detected (file-identify.rules) * 1:36749 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing out of bounds write attempt (file-other.rules) * 1:3675 <-> DISABLED <-> SERVER-OTHER IBM DB2 DTS empty format string dos attempt (server-other.rules) * 1:36750 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing out of bounds write attempt (file-other.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36753 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CElement JSON write-what-where attempt (browser-ie.rules) * 1:36754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CElement JSON write-what-where attempt (browser-ie.rules) * 1:36755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadBytes buffer overflow remote code execution attempt (file-flash.rules) * 1:36756 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadBytes buffer overflow remote code execution attempt (file-flash.rules) * 1:36757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadBytes buffer overflow remote code execution attempt (file-flash.rules) * 1:36758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadBytes buffer overflow remote code execution attempt (file-flash.rules) * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:3676 <-> DISABLED <-> SERVER-WEBAPP newsscript.pl admin attempt (server-webapp.rules) * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:36761 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtSetInformationFile hard link sandbox bypass attempt (os-windows.rules) * 1:36762 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtSetInformationFile hard link sandbox bypass attempt (os-windows.rules) * 1:36763 <-> ENABLED <-> SERVER-WEBAPP vBulletin decodeArguments PHP object injection attempt (server-webapp.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36766 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:36767 <-> DISABLED <-> FILE-OTHER Microsoft Outlook for Mac EML file http-equiv refresh url attempt (file-other.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36778 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP iControl API arbitrary command execution attempt (server-webapp.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:36783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36785 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36786 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:36787 <-> DISABLED <-> FILE-OTHER Apple SceneKit qlmanage setelementname buffer overflow attempt (file-other.rules) * 1:36788 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript large regex memory corruption attempt (browser-firefox.rules) * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules) * 1:36790 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36791 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream header remote code execution attempt (browser-ie.rules) * 1:36792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro ActiveX clsid access (browser-plugins.rules) * 1:36793 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules) * 1:36794 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules) * 1:36795 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive playAudioFile.jsp directory traversal attempt (server-webapp.rules) * 1:36796 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36797 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36798 <-> ENABLED <-> EXPLOIT-KIT GongDa landing page detected (exploit-kit.rules) * 1:368 <-> DISABLED <-> PROTOCOL-ICMP PING BSDtype (protocol-icmp.rules) * 1:3680 <-> DISABLED <-> PUA-P2P AOL Instant Messenger file send attempt (pua-p2p.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:36801 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:36802 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:36804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet peerdistsvc.dll dll-load exploit attempt (os-windows.rules) * 1:36805 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wininet request for peerdistsvc.dll over SMB attempt (os-windows.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36808 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:3681 <-> DISABLED <-> PUA-P2P AOL Instant Messenger file receive attempt (pua-p2p.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36813 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36814 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt (server-other.rules) * 1:36815 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 SPNEGO incoming token detected (server-other.rules) * 1:36816 <-> ENABLED <-> SERVER-OTHER MIT Kerberos 5 IAKERB outbound token detected (server-other.rules) * 1:36817 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt (file-image.rules) * 1:36818 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt (file-image.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:3682 <-> DISABLED <-> SERVER-MAIL spoofed MIME-Type auto-execution attempt (server-mail.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:36824 <-> DISABLED <-> EXPLOIT-KIT Known exploit kit obfuscation routine detected (exploit-kit.rules) * 1:36825 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:36827 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36828 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:3683 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer spoofed MIME-Type auto-execution attempt (browser-ie.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:36836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString with script objects use after free attempt (file-flash.rules) * 1:36837 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString with script objects use after free attempt (file-flash.rules) * 1:36838 <-> ENABLED <-> FILE-FLASH Adobe Flash Player file API validation bypass attempt (file-flash.rules) * 1:36839 <-> ENABLED <-> FILE-FLASH Adobe Flash Player file API validation bypass attempt (file-flash.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip object corruption use after free attempt (file-flash.rules) * 1:36843 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip object corruption use after free attempt (file-flash.rules) * 1:36844 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36845 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GetConsoleMode input action variable corruption attempt (file-flash.rules) * 1:36849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player GetConsoleMode input action variable corruption attempt (file-flash.rules) * 1:3685 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer bitmap BitmapOffset multipacket integer overflow attempt (browser-ie.rules) * 1:36850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player globalToLocal use-after-free attempt (file-flash.rules) * 1:36851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player globalToLocal use-after-free attempt (file-flash.rules) * 1:36852 <-> ENABLED <-> FILE-FLASH Adobe Flash Player globalToLocal use-after-free attempt (file-flash.rules) * 1:36853 <-> ENABLED <-> FILE-FLASH Adobe Flash Player globalToLocal use-after-free attempt (file-flash.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:36856 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption attempt (file-image.rules) * 1:36857 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:36858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:3686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Content Advisor memory corruption attempt (browser-ie.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36862 <-> ENABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36865 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation IDAuto.BarCode ActiveX clsid access attempt (browser-plugins.rules) * 1:36866 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation IDAuto.Datamatrix ActiveX clsid access attempt (browser-plugins.rules) * 1:36867 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation IDAuto.Datamatrix ActiveX clsid access attempt (browser-plugins.rules) * 1:36868 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation IDAuto.BarCode ActiveX clsid access attempt (browser-plugins.rules) * 1:36869 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation IDAuto.PDF417 ActiveX clsid access attempt (browser-plugins.rules) * 1:3687 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT USERVAR information disclosure (protocol-telnet.rules) * 1:36870 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation IDAuto.PDF417 ActiveX clsid access attempt (browser-plugins.rules) * 1:36871 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation IDAuto.Aztec ActiveX clsid access attempt (browser-plugins.rules) * 1:36872 <-> DISABLED <-> BROWSER-PLUGINS IDAutomation IDAuto.Aztec ActiveX clsid access attempt (browser-plugins.rules) * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules) * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules) * 1:36875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:36876 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:36878 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:36879 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:3688 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT VAR information disclosure (protocol-telnet.rules) * 1:36880 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36881 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36882 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36884 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint jpeg with malformed SOFx field integer overflow attempt (file-image.rules) * 1:36885 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:36886 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:36887 <-> DISABLED <-> POLICY-OTHER self-signed SSL certificate eDellRoot use attempt (policy-other.rules) * 1:36888 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:3689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:36891 <-> DISABLED <-> BROWSER-PLUGINS ClearQuest session ActiveX control access (browser-plugins.rules) * 1:36892 <-> DISABLED <-> BROWSER-PLUGINS ClearQuest session ActiveX control access (browser-plugins.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:36894 <-> DISABLED <-> SERVER-WEBAPP Zend Technologies Zend Framework heuristicScan XML external entity injection attempt (server-webapp.rules) * 1:36895 <-> DISABLED <-> SERVER-WEBAPP Zend Technologies Zend Framework heuristicScan XML external entity injection attempt (server-webapp.rules) * 1:36896 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:36897 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript ProgressBar use after free attempt (file-flash.rules) * 1:36898 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript ProgressBar use after free attempt (file-flash.rules) * 1:36899 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:369 <-> DISABLED <-> PROTOCOL-ICMP PING BayRS Router (protocol-icmp.rules) * 1:3690 <-> DISABLED <-> SERVER-WEBAPP Nucleus CMS action.php itemid SQL injection (server-webapp.rules) * 1:36900 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:36901 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:36902 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:36903 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv2 invalid fragment length heap buffer overflow attempt (server-other.rules) * 1:3691 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger Message (policy-social.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:36912 <-> DISABLED <-> SERVER-OTHER Novell eDirectory dhost buffer overflow attempt (server-other.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36915 <-> DISABLED <-> POLICY-OTHER ManageEngine EventLog Analyzer runQuery.do insecure SQL query attempt (policy-other.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:36917 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iCalendar cross site scripting attempt (browser-ie.rules) * 1:36918 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules) * 1:36919 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules) * 1:3692 <-> DISABLED <-> POLICY-SOCIAL Yahoo Messenger File Transfer Initiation Request (policy-social.rules) * 1:36920 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid TableRow use after free attempt (browser-ie.rules) * 1:36921 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid TableRow use after free attempt (browser-ie.rules) * 1:36922 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:36923 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:36924 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MSO reference count use after free attempt (file-office.rules) * 1:36925 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel MSO reference count use after free attempt (file-office.rules) * 1:36926 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CObjectElement type confusion attempt (browser-ie.rules) * 1:36927 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CObjectElement type confusion attempt (browser-ie.rules) * 1:36928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout use after free attempt (browser-ie.rules) * 1:36929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout use after free attempt (browser-ie.rules) * 1:3693 <-> DISABLED <-> SERVER-WEBAPP IBM WebSphere j_security_check overflow attempt (server-webapp.rules) * 1:36930 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for wuaext.dll over SMB attempt (file-office.rules) * 1:36931 <-> ENABLED <-> FILE-OFFICE Microsoft Office wuaext.dll dll-load exploit attempt (file-office.rules) * 1:36932 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (browser-ie.rules) * 1:36933 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe climbing cross site scripting attempt (browser-ie.rules) * 1:36934 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word pointer release validation use after free attempt (file-office.rules) * 1:36935 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word pointer release validation use after free attempt (file-office.rules) * 1:36936 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock out of bounds read attempt (browser-ie.rules) * 1:36937 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock out of bounds read attempt (browser-ie.rules) * 1:36938 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid table grid memory corruption attempt (browser-ie.rules) * 1:36939 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer invalid table grid memory corruption attempt (browser-ie.rules) * 1:3694 <-> DISABLED <-> SERVER-WEBAPP Squid content length cache poisoning attempt (server-webapp.rules) * 1:36940 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSpliceTreeEngine RemoveSplice null pointer dereference attempt (browser-ie.rules) * 1:36941 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSpliceTreeEngine RemoveSplice null pointer dereference attempt (browser-ie.rules) * 1:36942 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer flexbox use after free attempt (browser-ie.rules) * 1:36943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer flexbox use after free attempt (browser-ie.rules) * 1:36944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules) * 1:36945 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos use after free attempt (browser-ie.rules) * 1:36946 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyleSheet RemoveRule out of bounds read attempt (browser-ie.rules) * 1:36947 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSharedStyleSheet RemoveRule out of bounds read attempt (browser-ie.rules) * 1:36948 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell invalid index memory corruption attempt (browser-ie.rules) * 1:36949 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell invalid index memory corruption attempt (browser-ie.rules) * 1:3695 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:36950 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules) * 1:36951 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SComputedStyle destructor out of bounds read attempt (browser-ie.rules) * 1:36952 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules) * 1:36953 <-> ENABLED <-> FILE-OTHER Microsoft Windows Font Viewer cmap offset integer underflow attempt (file-other.rules) * 1:36956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBoxBuilder UpdateColumnSize out of bounds read attempt (browser-ie.rules) * 1:36957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableGridBoxBuilder UpdateColumnSize out of bounds read attempt (browser-ie.rules) * 1:36958 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt (file-office.rules) * 1:36959 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel StyleXF invalid icvXF out of bounds read attempt (file-office.rules) * 1:3696 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent DoS attempt (server-other.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36962 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt (browser-ie.rules) * 1:36963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttribute to CStyleAttrArray type confusion attempt (browser-ie.rules) * 1:36964 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word gdiplus integer overflow attempt (file-office.rules) * 1:36965 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word gdiplus integer overflow attempt (file-office.rules) * 1:36966 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OGL module out of bounds read attempt (file-office.rules) * 1:36967 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OGL module out of bounds read attempt (file-office.rules) * 1:36968 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules) * 1:36969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:36970 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (os-windows.rules) * 1:36971 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys palette double free attempt (os-windows.rules) * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules) * 1:36974 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules) * 1:36975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules) * 1:36976 <-> ENABLED <-> OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (os-windows.rules) * 1:36977 <-> ENABLED <-> OS-WINDOWS Microsoft Windows thread lock desynchronization null pointer dereference attempt (os-windows.rules) * 1:36980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript argument type confusion attempt (browser-ie.rules) * 1:36981 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript argument type confusion attempt (browser-ie.rules) * 1:36982 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer select use after free attempt (browser-ie.rules) * 1:36983 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer select use after free attempt (browser-ie.rules) * 1:36984 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (browser-ie.rules) * 1:36985 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAttrArray out of bounds read attempt (browser-ie.rules) * 1:36986 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules) * 1:36987 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAttrArray use after free attempt (browser-ie.rules) * 1:36988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cross origin policy bypass via redirect attempt (browser-ie.rules) * 1:36989 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (os-windows.rules) * 1:36990 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gpuenergydrv.sys driver privilege escalation attempt (os-windows.rules) * 1:36991 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispContainer out of bounds read attempt (browser-ie.rules) * 1:36992 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDispContainer out of bounds read attempt (browser-ie.rules) * 1:36993 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for mqrt.dll over SMB attempt (file-office.rules) * 1:36994 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:36995 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for spframe.dll over SMB attempt (file-office.rules) * 1:36996 <-> ENABLED <-> FILE-OFFICE Microsoft Office spframe.dll dll-load exploit attempt (file-office.rules) * 1:36997 <-> ENABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:36999 <-> ENABLED <-> FILE-OFFICE Microsoft Office elsext.dll dll-load exploit attempt (file-office.rules) * 1:370 <-> DISABLED <-> PROTOCOL-ICMP PING BeOS4.x (protocol-icmp.rules) * 1:37000 <-> ENABLED <-> FILE-OFFICE Microsoft Office nwdblib.dll dll-load exploit attempt (file-office.rules) * 1:37001 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for elsext.dll over SMB attempt (file-office.rules) * 1:37002 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for nwdblib.dll over SMB attempt (file-office.rules) * 1:37003 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer UnEmbed out of bounds read attempt (browser-ie.rules) * 1:37004 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkupPointer UnEmbed out of bounds read attempt (browser-ie.rules) * 1:37005 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules) * 1:37006 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules) * 1:37007 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules) * 1:37008 <-> DISABLED <-> BROWSER-PLUGINS AAA EasyGrid DoSaveFile ActiveX clsid access attempt (browser-plugins.rules) * 1:37009 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock object use after free attempt (browser-ie.rules) * 1:37010 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextBlock object use after free attempt (browser-ie.rules) * 1:37011 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook embedded OLE object sandbox bypass attempt (file-office.rules) * 1:37012 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook embedded OLE object sandbox bypass attempt (file-office.rules) * 1:37013 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook embedded OLE object sandbox bypass attempt (file-office.rules) * 1:37014 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:37015 <-> DISABLED <-> PROTOCOL-DNS DNS DNAME query detected - possible attack attempt (protocol-dns.rules) * 1:37016 <-> ENABLED <-> EXPLOIT-KIT DoloMalo exploit kit packer detected (exploit-kit.rules) * 1:37017 <-> DISABLED <-> SERVER-OTHER Redis SSH authorized keys file overwrite attempt (server-other.rules) * 1:37018 <-> DISABLED <-> SERVER-WEBAPP wordpress kses bypass cross site scripting attempt (server-webapp.rules) * 1:37019 <-> DISABLED <-> SERVER-WEBAPP wordpress kses bypass cross site scripting attempt (server-webapp.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:37021 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37022 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37023 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules) * 1:37029 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37030 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37031 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37032 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37033 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37034 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37035 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed record call to freed object attempt (file-office.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:37038 <-> DISABLED <-> SERVER-WEBAPP HumHub index.php from parameter SQL injection attempt (server-webapp.rules) * 1:37039 <-> DISABLED <-> SERVER-WEBAPP Atlassian HipChat Plugin template injection remote code execution attempt (server-webapp.rules) * 1:37040 <-> DISABLED <-> BROWSER-PLUGINS Microsoft CAPICOM CAPICOM.Certificates ActiveX clsid access attempt (browser-plugins.rules) * 1:37041 <-> DISABLED <-> BROWSER-PLUGINS Microsoft CAPICOM CAPICOM.Certificates ActiveX clsid access attempt (browser-plugins.rules) * 1:37042 <-> DISABLED <-> BROWSER-PLUGINS Microsoft CAPICOM CAPICOM.Certificates ActiveX clsid access attempt (browser-plugins.rules) * 1:37043 <-> DISABLED <-> BROWSER-PLUGINS Microsoft CAPICOM CAPICOM.Certificates ActiveX clsid access attempt (browser-plugins.rules) * 1:37044 <-> DISABLED <-> BROWSER-PLUGINS Microsoft CAPICOM CAPICOM.Certificates ActiveX clsid access attempt (browser-plugins.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bookworm variant outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37054 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37055 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37056 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37057 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37058 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37059 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37060 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37061 <-> DISABLED <-> FILE-OTHER BACnet OPC client csv file buffer overflow attempt (file-other.rules) * 1:37062 <-> DISABLED <-> APP-DETECT 12P DNS request attempt (app-detect.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37069 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object Filters type confusion use after free attempt (file-flash.rules) * 1:37070 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object Filters type confusion use after free attempt (file-flash.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37073 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37076 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37077 <-> ENABLED <-> SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (server-webapp.rules) * 1:37078 <-> ENABLED <-> SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (server-webapp.rules) * 1:37079 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37080 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37083 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37084 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow (os-windows.rules) * 1:37088 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37089 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37093 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37095 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37096 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37097 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37098 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37099 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:371 <-> DISABLED <-> PROTOCOL-ICMP PING Cisco Type.x (protocol-icmp.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37103 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37104 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37107 <-> ENABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37108 <-> ENABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules) * 1:37112 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules) * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules) * 1:37114 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules) * 1:37115 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplacementMapFilter mapBitmap use after free attempt (file-flash.rules) * 1:37116 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplacementMapFilter mapBitmap use after free attempt (file-flash.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook embedded OLE object sandbox bypass attempt (file-office.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules) * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules) * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules) * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules) * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules) * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules) * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules) * 1:37147 <-> DISABLED <-> SERVER-OTHER Seagate GoFlex Satellite hidden credentials authentication attempt (server-other.rules) * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (server-webapp.rules) * 1:37149 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37150 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37151 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:37152 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:37153 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules) * 1:37154 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:37155 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid RSASSA-PSS certificate denial of service attempt (server-other.rules) * 1:37156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37162 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37163 <-> ENABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:37165 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37174 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37175 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37176 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37177 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37179 <-> ENABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules) * 1:37182 <-> ENABLED <-> FILE-FLASH Adobe Flash Player String null check memory corruption attempt (file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37195 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:37196 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:37197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:37198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:37199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules) * 1:372 <-> DISABLED <-> PROTOCOL-ICMP PING Delphi-Piette Windows (protocol-icmp.rules) * 1:37200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules) * 1:37201 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules) * 1:37202 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules) * 1:37203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37207 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37209 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37211 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules) * 1:37221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:37223 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules) * 1:37224 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules) * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules) * 1:37231 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules) * 1:37232 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules) * 1:37233 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus FileUploader servlet directory traversal attempt (server-webapp.rules) * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules) * 1:37241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules) * 1:37242 <-> ENABLED <-> SERVER-WEBAPP D-Link DCS-900 Series Network Camera arbitrary file upload attempt (server-webapp.rules) * 1:37243 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules) * 1:37244 <-> DISABLED <-> INDICATOR-COMPROMISE download of a Office document with embedded PowerShell (indicator-compromise.rules) * 1:37245 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:37246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CrErr record integer overflow attempt (file-office.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37250 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37251 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37252 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37254 <-> ENABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37256 <-> ENABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37257 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mapi32x.dll dll-load exploit attempt (browser-ie.rules) * 1:37258 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer request for mapi32x.dll over SMB attempt (browser-ie.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37260 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37261 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for mfplat.dll over SMB attempt (file-office.rules) * 1:37262 <-> ENABLED <-> FILE-OFFICE Microsoft Office mfplat.dll dll-load exploit attempt (file-office.rules) * 1:37263 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for api-ms-win-core-winrt-l1-1-0.dll over SMB attempt (file-office.rules) * 1:37264 <-> ENABLED <-> FILE-OFFICE Microsoft Office api-ms-win-core-winrt-l1-1-0.dll dll-load exploit attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37269 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:37270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:37271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:37272 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 low integrity level NTFS mount reparse point bypass attempt (os-windows.rules) * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37275 <-> ENABLED <-> OS-WINDOWS Microsoft Windows feclient.dll dll-load exploit attempt (os-windows.rules) * 1:37276 <-> ENABLED <-> OS-WINDOWS Microsoft Windows request for feclient.dll over SMB attempt (os-windows.rules) * 1:37277 <-> ENABLED <-> OS-WINDOWS Microsoft Windows devenum.dll device moniker underflow attempt (os-windows.rules) * 1:37278 <-> ENABLED <-> OS-WINDOWS Microsoft Windows devenum.dll device moniker underflow attempt (os-windows.rules) * 1:37279 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:37280 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:37281 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:37282 <-> DISABLED <-> FILE-OTHER Microsoft Office MScomctl.ocx memory leak attempt (file-other.rules) * 1:37283 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:37284 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:37285 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37286 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37287 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37288 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37289 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37290 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37291 <-> DISABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37292 <-> ENABLED <-> SERVER-OTHER Trend Micro local node.js http command execution attempt (server-other.rules) * 1:37293 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:37294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37298 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:37299 <-> DISABLED <-> APP-DETECT Hola VPN installation attempt (app-detect.rules) * 1:373 <-> DISABLED <-> PROTOCOL-ICMP PING Flowpoint2200 or Network Management Software (protocol-icmp.rules) * 1:37300 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37301 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37302 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header nonstandard port attempt (app-detect.rules) * 1:37303 <-> DISABLED <-> APP-DETECT Hola VPN X-Hola-Version header attempt (app-detect.rules) * 1:37304 <-> DISABLED <-> APP-DETECT Hola VPN non-http port ping (app-detect.rules) * 1:37305 <-> DISABLED <-> APP-DETECT Hola VPN tunnel keep alive (app-detect.rules) * 1:37306 <-> DISABLED <-> APP-DETECT Hola VPN startup attempt (app-detect.rules) * 1:37310 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:37311 <-> DISABLED <-> BROWSER-CHROME Google Chrome MOTW pageSerializer HTML injection attempt (browser-chrome.rules) * 1:37312 <-> DISABLED <-> FILE-OTHER Mulitple products external entity data exfiltration attempt (file-other.rules) * 1:37313 <-> DISABLED <-> FILE-OTHER Multiple products external entity data exfiltration attempt (file-other.rules) * 1:37314 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:37315 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader privileged method protection bypass attempt (file-pdf.rules) * 1:37316 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer corrupted HROW instance write access violation attempt (browser-ie.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rpawinet.dll dll-load exploit attempt (file-office.rules) * 1:37319 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word request for rpawinet.dll over SMB attempt (file-office.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37321 <-> DISABLED <-> SERVER-WEBAPP Cacti graphs_new.php SQL injection attempt (server-webapp.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37324 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox dsl_control stack buffer overflow attempt (server-webapp.rules) * 1:37325 <-> DISABLED <-> BROWSER-CHROME Google Chrome same origin policy bypass attempt (browser-chrome.rules) * 1:37326 <-> DISABLED <-> BROWSER-CHROME Google Chrome PDF Viewer information disclosure attempt (browser-chrome.rules) * 1:37327 <-> DISABLED <-> BROWSER-CHROME Google Chrome PDF Viewer information disclosure attempt (browser-chrome.rules) * 1:37329 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37331 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37332 <-> DISABLED <-> FILE-IMAGE Adobe Camera Raw Plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:37343 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-326 check_login command injection attempt (server-webapp.rules) * 1:37344 <-> ENABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37348 <-> DISABLED <-> SERVER-WEBAPP Limesurvey unauthenticated file download attempt (server-webapp.rules) * 1:37349 <-> DISABLED <-> SERVER-WEBAPP Limesurvey unauthenticated file download attempt (server-webapp.rules) * 1:37350 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid parent pointer use after free attempt (file-flash.rules) * 1:37351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid parent pointer use after free attempt (file-flash.rules) * 1:37352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SimpleButton constructor type confusion attempt (file-flash.rules) * 1:37353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SimpleButton constructor type confusion attempt (file-flash.rules) * 1:37354 <-> DISABLED <-> APP-DETECT Jenkins Groovy script access through script console attempt (app-detect.rules) * 1:37355 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit landing page detected (exploit-kit.rules) * 1:37356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy DropBear SSH public key (malware-cnc.rules) * 1:37357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy DropBear SSH server password authentication (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37361 <-> DISABLED <-> EXPLOIT-KIT DarkLeech iframe injection tool detected (exploit-kit.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:37363 <-> DISABLED <-> SERVER-OTHER Java Library SpringFramework unauthorized serialized object attempt (server-other.rules) * 1:37364 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:37365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST client identifier overflow attempt (os-windows.rules) * 1:37366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP REQUEST hostname overflow attempt (os-windows.rules) * 1:37368 <-> DISABLED <-> SERVER-OTHER Multiple Vendors SOAP large array information disclosure attempt (server-other.rules) * 1:37369 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp iDroneComAPI SQL injection attempt (server-webapp.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37371 <-> ENABLED <-> SERVER-OTHER OpenSSH insecure roaming key exchange attempt (server-other.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37375 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers EXAMINE command buffer overflow attempt (server-mail.rules) * 1:37378 <-> DISABLED <-> SERVER-WEBAPP ABB default password login attempt (server-webapp.rules) * 1:37379 <-> DISABLED <-> SERVER-WEBAPP BinTec Elmeg default password login attempt (server-webapp.rules) * 1:37380 <-> DISABLED <-> SERVER-WEBAPP BinTec Elmeg default password login attempt (server-webapp.rules) * 1:37381 <-> DISABLED <-> SERVER-WEBAPP Digi default password login attempt (server-webapp.rules) * 1:37382 <-> DISABLED <-> SERVER-WEBAPP Digi default password login attempt (server-webapp.rules) * 1:37383 <-> DISABLED <-> SERVER-WEBAPP Digi default password login attempt (server-webapp.rules) * 1:37384 <-> DISABLED <-> SERVER-WEBAPP Emerson default password login attempt (server-webapp.rules) * 1:37385 <-> DISABLED <-> SERVER-WEBAPP Hirschmann default password login attempt (server-webapp.rules) * 1:37386 <-> DISABLED <-> SERVER-WEBAPP Hirschmann default password login attempt (server-webapp.rules) * 1:37387 <-> DISABLED <-> SERVER-WEBAPP Moxa default password login attempt (server-webapp.rules) * 1:37388 <-> DISABLED <-> SERVER-WEBAPP NOVUS AUTOMATION default password login attempt (server-webapp.rules) * 1:37389 <-> DISABLED <-> SERVER-WEBAPP Rockwell Automation default password login attempt (server-webapp.rules) * 1:37390 <-> DISABLED <-> SERVER-WEBAPP Rockwell Automation default password login attempt (server-webapp.rules) * 1:37391 <-> DISABLED <-> SERVER-WEBAPP Samsung default password login attempt (server-webapp.rules) * 1:37392 <-> DISABLED <-> SERVER-WEBAPP Schneider default password login attempt (server-webapp.rules) * 1:37393 <-> DISABLED <-> SERVER-WEBAPP Schneider default password login attempt (server-webapp.rules) * 1:37394 <-> DISABLED <-> SERVER-WEBAPP Wago default password login attempt (server-webapp.rules) * 1:37395 <-> DISABLED <-> SERVER-WEBAPP Westermo default password login attempt (server-webapp.rules) * 1:37396 <-> DISABLED <-> SERVER-WEBAPP eWON default password login attempt (server-webapp.rules) * 1:37397 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules) * 1:37398 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:374 <-> DISABLED <-> PROTOCOL-ICMP PING IP NetMonitor Macintosh (protocol-icmp.rules) * 1:37400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37401 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37402 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37403 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request password parameter overflow attempt (server-other.rules) * 1:37404 <-> DISABLED <-> SERVER-OTHER Easy Chat server authentication request username parameter overflow attempt (server-other.rules) * 1:37405 <-> ENABLED <-> FILE-PDF Adobe Reader addAnnot JavaScript based memory corruption attempt (file-pdf.rules) * 1:37406 <-> ENABLED <-> FILE-PDF Adobe Reader addAnnot JavaScript based memory corruption attempt (file-pdf.rules) * 1:37407 <-> DISABLED <-> FILE-OTHER librtmp invalid pointer dereference attempt (file-other.rules) * 1:37409 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules) * 1:37410 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ActiveX object uninitialized memory access attempt (file-office.rules) * 1:37411 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS hidden credentials authentication attempt (server-webapp.rules) * 1:37412 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules) * 1:37413 <-> DISABLED <-> SERVER-WEBAPP SevOne NMS kill.php command injection attempt (server-webapp.rules) * 1:37415 <-> DISABLED <-> SERVER-WEBAPP JBoss expression language actionOutcome remote code execution attempt (server-webapp.rules) * 1:37416 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37417 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:37418 <-> ENABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37419 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT inbound connection (malware-backdoor.rules) * 1:37420 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT initial connection (malware-backdoor.rules) * 1:37421 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT download (malware-backdoor.rules) * 1:37422 <-> DISABLED <-> MALWARE-BACKDOOR Adzok RAT server file download (malware-backdoor.rules) * 1:37424 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState double free attempt (file-pdf.rules) * 1:37425 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState double free attempt (file-pdf.rules) * 1:37427 <-> DISABLED <-> SERVER-WEBAPP IP Camera /cgi-bin/admin/servetest command injection attempt (server-webapp.rules) * 1:37428 <-> DISABLED <-> SERVER-WEBAPP IP Camera /cgi-bin/admin/servetest command injection attempt (server-webapp.rules) * 1:37429 <-> DISABLED <-> SERVER-WEBAPP IP Camera /cgi-bin/admin/servetest command injection attempt (server-webapp.rules) * 1:37430 <-> DISABLED <-> SERVER-WEBAPP IP Camera /cgi-bin/admin/servetest command injection attempt (server-webapp.rules) * 1:37431 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:37432 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ExtGState use after free attempt (file-pdf.rules) * 1:37433 <-> DISABLED <-> FILE-PDF Adobe Reader setPersistent use after free attempt (file-pdf.rules) * 1:37434 <-> DISABLED <-> FILE-PDF Adobe Reader setPersistent use after free attempt (file-pdf.rules) * 1:37435 <-> ENABLED <-> OS-LINUX Linux Kernel keyring object exploit download attempt (os-linux.rules) * 1:37436 <-> ENABLED <-> OS-LINUX Linux Kernel keyring object exploit download attempt (os-linux.rules) * 1:37437 <-> ENABLED <-> OS-LINUX Linux Kernel keyring object exploit download attempt (os-linux.rules) * 1:37438 <-> ENABLED <-> OS-LINUX Linux Kernel keyring object exploit download attempt (os-linux.rules) * 1:37441 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:37442 <-> ENABLED <-> FILE-OTHER Adobe Flash Player javascript parsing cross site scripting attempt (file-other.rules) * 1:37443 <-> DISABLED <-> SQL use of sleep function with select - likely SQL injection (sql.rules) * 1:37444 <-> DISABLED <-> SERVER-WEBAPP Roundcube Webmail index.php _skin directory traversal attempt (server-webapp.rules) * 1:37445 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37448 <-> ENABLED <-> FILE-PDF Adobe Acrobat U3D Bone Weight Modifier memory corruption attempt (file-pdf.rules) * 1:37449 <-> ENABLED <-> FILE-PDF Adobe Acrobat U3D Bone Weight Modifier memory corruption attempt (file-pdf.rules) * 1:37450 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 chroma sub-pattern memory corruption attempt (file-pdf.rules) * 1:37451 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 chroma sub-pattern memory corruption attempt (file-pdf.rules) * 1:37452 <-> DISABLED <-> FILE-IDENTIFY PESpin v0.3 packer file magic detected (file-identify.rules) * 1:37453 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox location.hostname DOM modification bypass attempt (browser-firefox.rules) * 1:37454 <-> ENABLED <-> FILE-PDF Adobe Acrobat CoolType malformed font memory corruption attempt (file-pdf.rules) * 1:37455 <-> ENABLED <-> FILE-PDF Adobe Acrobat CoolType malformed font memory corruption attempt (file-pdf.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37458 <-> ENABLED <-> FILE-PDF Adobe Acrobat CoolType font representation decoding memory corruption attempt (file-pdf.rules) * 1:37459 <-> ENABLED <-> FILE-PDF Adobe Acrobat CoolType font representation decoding memory corruption attempt (file-pdf.rules) * 1:37460 <-> ENABLED <-> FILE-PDF Adobe Reader Graphic State Parameter Dictionaries use after free attempt (file-pdf.rules) * 1:37461 <-> ENABLED <-> FILE-PDF Adobe Reader Graphic State Parameter Dictionaries use after free attempt (file-pdf.rules) * 1:37462 <-> DISABLED <-> SERVER-WEBAPP WordPress Job Manager plugin cross site scripting attempt (server-webapp.rules) * 1:37463 <-> DISABLED <-> SERVER-WEBAPP WordPress Job Manager plugin cross site scripting attempt (server-webapp.rules) * 1:37464 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript model privileged API bypass attempt (file-pdf.rules) * 1:37465 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript model privileged API bypass attempt (file-pdf.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37468 <-> DISABLED <-> SERVER-WEBAPP InterWoven WorkDocs XSS attempt (server-webapp.rules) * 1:37469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules) * 1:37470 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader null pointer dereference attempt (file-pdf.rules) * 1:37471 <-> DISABLED <-> SERVER-WEBAPP F-Secure web console username overflow attempt (server-webapp.rules) * 1:37493 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules) * 1:37494 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules) * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules) * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules) * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:375 <-> DISABLED <-> PROTOCOL-ICMP PING LINUX/*BSD (protocol-icmp.rules) * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules) * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules) * 1:37503 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ shutdown command denial of service attempt (server-other.rules) * 1:37504 <-> DISABLED <-> SERVER-WEBAPP SAP HANA hdbindexserver buffer overflow attempt (server-webapp.rules) * 1:37507 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Media Service Component mdsauth.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37508 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Media Service Component mdsauth.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37509 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Media Service Component mdsauth.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Media Service Component mdsauth.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules) * 1:37512 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:37513 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:37514 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:37515 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37517 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules) * 1:37518 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules) * 1:37519 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules) * 1:37520 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37524 <-> DISABLED <-> FILE-OTHER ReGet Deluxe wjr file buffer overflow attempt (file-other.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37526 <-> ENABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:37528 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound uri request attempt (exploit-kit.rules) * 1:37529 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit iframe injection attempt (exploit-kit.rules) * 1:37530 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pdfshell preview mode - possible denial of service attempt (file-pdf.rules) * 1:37531 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pdfshell preview mode - possible denial of service attempt (file-pdf.rules) * 1:37532 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pdfshell preview mode - possible denial of service attempt (file-pdf.rules) * 1:37533 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pdfshell preview mode - possible denial of service attempt (file-pdf.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37537 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules) * 1:37538 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules) * 1:37539 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules) * 1:37540 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules) * 1:37541 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules) * 1:37542 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge SEListCtrlX ActiveX clsid access attempt (browser-plugins.rules) * 1:37543 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules) * 1:37544 <-> DISABLED <-> BROWSER-PLUGINS Siemens Solid Edge WebPartHelper ActiveX clsid access attempt (browser-plugins.rules) * 1:37545 <-> DISABLED <-> POLICY-OTHER Netcore/Netis firmware hard-coded backdoor account access attempt (policy-other.rules) * 1:37546 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:37547 <-> DISABLED <-> SERVER-WEBAPP eClinicalWorks portalUserService.jsp SQL injection attempt (server-webapp.rules) * 1:37548 <-> ENABLED <-> EXPLOIT-KIT Malicious iFrame redirection injection attempt (exploit-kit.rules) * 1:37549 <-> DISABLED <-> EXPLOIT-KIT Malicious iFrame injection outbound URI request attempt (exploit-kit.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37551 <-> ENABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37553 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDATA use-after-free attempt (browser-ie.rules) * 1:37554 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDATA use-after-free attempt (browser-ie.rules) * 1:37555 <-> ENABLED <-> FILE-OFFICE Microsoft Office msdaora.dll dll-load exploit attempt (file-office.rules) * 1:37556 <-> ENABLED <-> FILE-OFFICE Microsoft Office phoneinfo.dll dll-load exploit attempt (file-office.rules) * 1:37557 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for msdaora.dll over SMB attempt (file-office.rules) * 1:37558 <-> ENABLED <-> FILE-OFFICE Microsoft Office request for phoneinfo.dll over SMB attempt (file-office.rules) * 1:37559 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file ffdefres integer underflow attempt (file-office.rules) * 1:37560 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file ffdefres integer underflow attempt (file-office.rules) * 1:37561 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word missing dpinfo structure integer overflow attempt (file-office.rules) * 1:37562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word missing dpinfo structure integer overflow attempt (file-office.rules) * 1:37563 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word missing dpinfo structure integer overflow attempt (file-office.rules) * 1:37564 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word missing dpinfo structure integer overflow attempt (file-office.rules) * 1:37565 <-> ENABLED <-> FILE-PDF Microsoft Reader dynamic object stream uninitialized memory corruption attempt (file-pdf.rules) * 1:37566 <-> ENABLED <-> FILE-PDF Microsoft Reader dynamic object stream uninitialized memory corruption attempt (file-pdf.rules) * 1:37567 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (os-windows.rules) * 1:37568 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (os-windows.rules) * 1:37569 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (os-windows.rules) * 1:37570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WmipReceiveNotifications out of bounds write attempt (os-windows.rules) * 1:37571 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37572 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37573 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37574 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37575 <-> ENABLED <-> BROWSER-IE Microsoft Edge CTextBlock out of bounds read attempt (browser-ie.rules) * 1:37576 <-> ENABLED <-> BROWSER-IE Microsoft Edge CTextBlock out of bounds read attempt (browser-ie.rules) * 1:37577 <-> ENABLED <-> FILE-OTHER Microsoft Windows Journal CWispTiss use after free attempt (file-other.rules) * 1:37578 <-> ENABLED <-> FILE-OTHER Microsoft Windows Journal CWispTiss use after free attempt (file-other.rules) * 1:37579 <-> ENABLED <-> FILE-OFFICE Microsoft Powerpoint shape object null pointer dereference attempt (file-office.rules) * 1:37580 <-> ENABLED <-> FILE-OFFICE Microsoft Powerpoint shape object null pointer dereference attempt (file-office.rules) * 1:37581 <-> ENABLED <-> BROWSER-IE Microsoft Edge SysFreeString double free attempt (browser-ie.rules) * 1:37582 <-> ENABLED <-> BROWSER-IE Microsoft Edge SysFreeString double free attempt (browser-ie.rules) * 1:37583 <-> DISABLED <-> INDICATOR-SHELLCODE Javascript 0xCCCC unicode unescape (indicator-shellcode.rules) * 1:37584 <-> ENABLED <-> OS-WINDOWS Microsoft Windows wind32kfull.sys out of bounds write attempt (os-windows.rules) * 1:37585 <-> ENABLED <-> OS-WINDOWS Microsoft Windows wind32kfull.sys out of bounds write attempt (os-windows.rules) * 1:37586 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (os-windows.rules) * 1:37587 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (os-windows.rules) * 1:37588 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word BCSRuntime.dll dll-load exploit attempt (file-office.rules) * 1:37589 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word OLMAPI32.dll dll-load exploit attempt (file-office.rules) * 1:37590 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word request for BCSRuntime.dll over SMB attempt (file-office.rules) * 1:37591 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word request for OLMAPI32.dll over SMB attempt (file-office.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37594 <-> ENABLED <-> FILE-PDF Microsoft Windows PDF Library invalid JPX image heap corruption attempt (file-pdf.rules) * 1:37595 <-> ENABLED <-> FILE-PDF Microsoft Windows PDF Library invalid JPX image heap corruption attempt (file-pdf.rules) * 1:37596 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextBlock use-after-free attempt (browser-ie.rules) * 1:37597 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextBlock use-after-free attempt (browser-ie.rules) * 1:37598 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word external document access use-after-free attempt (file-office.rules) * 1:37599 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word external document access use-after-free attempt (file-office.rules) * 1:376 <-> DISABLED <-> PROTOCOL-ICMP PING Microsoft Windows (protocol-icmp.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37602 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IFRAME object constructor cross site scripting attempt (browser-ie.rules) * 1:37603 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer IFRAME object constructor cross site scripting attempt (browser-ie.rules) * 1:37604 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer StrCmpNICW string object use after free attempt (browser-ie.rules) * 1:37605 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer StrCmpNICW string object use after free attempt (browser-ie.rules) * 1:37606 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules) * 1:37607 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf file bitmap width integer overflow attempt (file-office.rules) * 1:37608 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CallInvoke type confusion attempt (browser-ie.rules) * 1:37609 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CallInvoke type confusion attempt (browser-ie.rules) * 1:37610 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CallInvoke type confusion attempt (browser-ie.rules) * 1:37611 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CallInvoke type confusion attempt (browser-ie.rules) * 1:37612 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CACPWrap object use-after-free attempt (browser-ie.rules) * 1:37613 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CACPWrap object use-after-free attempt (browser-ie.rules) * 1:37614 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFGBitmap heap code execution attempt (browser-ie.rules) * 1:37615 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CFGBitmap heap code execution attempt (browser-ie.rules) * 1:37618 <-> DISABLED <-> POLICY-OTHER SupRemo remote desktop outbound connection attempt (policy-other.rules) * 1:37619 <-> DISABLED <-> SERVER-OTHER InterSystems Cache UtilConfigHome.csp buffer overflow attempt (server-other.rules) * 1:37620 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework variant outbound connection (pua-adware.rules) * 1:37621 <-> DISABLED <-> PUA-ADWARE Genieo Adware framework User-Agent (pua-adware.rules) * 1:37622 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules) * 1:37623 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules) * 1:37624 <-> ENABLED <-> SERVER-WEBAPP Allen-Bradley Compact Logix cross site scripting attempt (server-webapp.rules) * 1:37625 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX clsid access attempt (browser-plugins.rules) * 1:37626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:37630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:37631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:37632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:37633 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules) * 1:37634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules) * 1:37635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SPNEGO ASN.1 library heap corruption overflow attempt (os-windows.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37638 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37639 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37640 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37641 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37642 <-> ENABLED <-> PUA-ADWARE Win.Adware.Dealply outbound POST attempt (pua-adware.rules) * 1:37643 <-> DISABLED <-> SQL Oracle e-Business Suite ORACLESSWA SQL injection attempt (sql.rules) * 1:37644 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37645 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:37648 <-> DISABLED <-> SQL Oracle e-Business Suite JTF_BISUTILITY_PUB SQL injection attempt (sql.rules) * 1:37649 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus reserved device name handling vulnerability attempt (file-other.rules) * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules) * 1:37651 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Downloader outbound connection attempt (malware-tools.rules) * 1:37652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:37653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray exception null pointer access attempt (file-flash.rules) * 1:37654 <-> DISABLED <-> OS-LINUX Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt (os-linux.rules) * 1:37655 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Framework XSLT parser stack exhaustion attempt (os-windows.rules) * 1:37656 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Framework XSLT parser stack exhaustion attempt (os-windows.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37663 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37665 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37668 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37669 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37672 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap object address enumeration technique (file-flash.rules) * 1:37673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap object address enumeration technique (file-flash.rules) * 1:37674 <-> ENABLED <-> SERVER-OTHER Cisco ASA IKEv1 invalid fragment length heap buffer overflow attempt (server-other.rules) * 1:37677 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules) * 1:37678 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules) * 1:37679 <-> ENABLED <-> FILE-FLASH Adobe Flash player ASNative textField use after free attempt (file-flash.rules) * 1:37680 <-> ENABLED <-> FILE-FLASH Adobe Flash player ASNative textField use after free attempt (file-flash.rules) * 1:37681 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnetd.bpspsserver.connection flowbit (policy-other.rules) * 1:37682 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable smb.session.negotiate flowbit (policy-other.rules) * 1:37683 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable pop3.stat flowbit (policy-other.rules) * 1:37684 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules) * 1:37685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37687 <-> ENABLED <-> SERVER-WEBAPP Oracle e-Business Suite HR_UTIL_DISP_WEB SQL injection attempt (server-webapp.rules) * 1:37688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:377 <-> DISABLED <-> PROTOCOL-ICMP PING Network Toolbox 3 Windows (protocol-icmp.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37708 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37709 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37712 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:37713 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules) * 1:37714 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules) * 1:37715 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:37716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37720 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37721 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37722 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules) * 1:37725 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37728 <-> DISABLED <-> INDICATOR-OBFUSCATION SWF with large DefineBinaryData tag (indicator-obfuscation.rules) * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules) * 1:37730 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (protocol-dns.rules) * 1:37731 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo AAAA record stack buffer overflow attempt (protocol-dns.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37735 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37738 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules) * 1:37747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules) * 1:37748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules) * 1:37749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules) * 1:37750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules) * 1:37751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules) * 1:37752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37763 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37765 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37766 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37768 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37769 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37772 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37773 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37775 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37778 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules) * 1:37779 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules) * 1:37780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules) * 1:37781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules) * 1:37782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37789 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37791 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules) * 1:37794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules) * 1:37795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37799 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:378 <-> DISABLED <-> PROTOCOL-ICMP PING Ping-O-MeterWindows (protocol-icmp.rules) * 1:37800 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:37811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37818 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37819 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37820 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37821 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:37823 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37826 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules) * 1:37827 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules) * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37836 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:37837 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:37839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules) * 1:37840 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules) * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules) * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37846 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:37847 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:37848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:37849 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules) * 1:37850 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules) * 1:37851 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules) * 1:37852 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules) * 1:37854 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37855 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37856 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37857 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37858 <-> DISABLED <-> SERVER-WEBAPP Thru Managed File Transfer Portal command injection attempt (server-webapp.rules) * 1:37859 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules) * 1:37860 <-> ENABLED <-> SERVER-WEBAPP Java Library CommonsCollection unauthorized serialized object attempt (server-webapp.rules) * 1:37861 <-> DISABLED <-> SERVER-OTHER SafeNEt SoftRemote IKE service buffer overflow attempt (server-other.rules) * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules) * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules) * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules) * 1:37870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer tRNS overflow attempt (browser-ie.rules) * 1:37871 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit index uri request attempt (exploit-kit.rules) * 1:37872 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit viewthread uri request attempt (exploit-kit.rules) * 1:37873 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit view uri request attempt (exploit-kit.rules) * 1:37874 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37875 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:37876 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI metafile integer overflow attempt (file-image.rules) * 1:37877 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI metafile integer overflow attempt (file-image.rules) * 1:37878 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI metafile integer overflow attempt (file-image.rules) * 1:37879 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI metafile integer overflow attempt (file-image.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:37881 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:37882 <-> DISABLED <-> BROWSER-PLUGINS IBM SizerOne ActiveX clsid access attempt (browser-plugins.rules) * 1:37883 <-> DISABLED <-> BROWSER-PLUGINS IBM SizerOne ActiveX clsid access attempt (browser-plugins.rules) * 1:37884 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:37885 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:37886 <-> DISABLED <-> OS-WINDOWS DCERPC Plug and Play registry key access buffer overflow attempt (os-windows.rules) * 1:37887 <-> DISABLED <-> OS-WINDOWS DCERPC Plug and Play registry key access buffer overflow attempt (os-windows.rules) * 1:37888 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic page reloading memory corruption attempt (browser-ie.rules) * 1:37889 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic page reloading memory corruption attempt (browser-ie.rules) * 1:37890 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS arbitrary JSP file upload attempt (server-webapp.rules) * 1:37891 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:37892 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS tunneling attempt (indicator-obfuscation.rules) * 1:37893 <-> DISABLED <-> FILE-OTHER Oracle Outside In tag parsing buffer overflow attempt (file-other.rules) * 1:37894 <-> DISABLED <-> FILE-OTHER Oracle Outside In tag parsing buffer overflow attempt (file-other.rules) * 1:37895 <-> DISABLED <-> FILE-OTHER Oracle Outside In tag parsing buffer overflow attempt (file-other.rules) * 1:37896 <-> DISABLED <-> FILE-OTHER Oracle Outside In tag parsing buffer overflow attempt (file-other.rules) * 1:37897 <-> DISABLED <-> FILE-OTHER Oracle Outside In tag parsing buffer overflow attempt (file-other.rules) * 1:37898 <-> DISABLED <-> FILE-OTHER Oracle Outside In tag parsing buffer overflow attempt (file-other.rules) * 1:37899 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection ActiveX buffer overflow clsid attempt (browser-plugins.rules) * 1:379 <-> DISABLED <-> PROTOCOL-ICMP PING Pinger Windows (protocol-icmp.rules) * 1:37900 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection ActiveX buffer overflow clsid attempt (browser-plugins.rules) * 1:37901 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection ActiveX buffer overflow function call attempt (browser-plugins.rules) * 1:37902 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection ActiveX buffer overflow function call attempt (browser-plugins.rules) * 1:37903 <-> DISABLED <-> INDICATOR-OBFUSCATION fromCharcode known obfuscation attempt (indicator-obfuscation.rules) * 1:37904 <-> DISABLED <-> INDICATOR-OBFUSCATION fromCharcode known obfuscation attempt (indicator-obfuscation.rules) * 1:37905 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript charset concatentation attempt (indicator-obfuscation.rules) * 1:37906 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript known obfuscation method attempt (indicator-obfuscation.rules) * 1:37907 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript unicode escape variable name attempt (indicator-obfuscation.rules) * 1:37908 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript with hex variable names (indicator-obfuscation.rules) * 1:37909 <-> DISABLED <-> INDICATOR-OBFUSCATION known javascript packer detected (indicator-obfuscation.rules) * 1:37910 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Reader U3D Buffer Overflow buffer overflow attempt (file-pdf.rules) * 1:37911 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Reader U3D Buffer Overflow buffer overflow attempt (file-pdf.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37917 <-> DISABLED <-> SERVER-WEBAPP AMX backdoor username login attempt (server-webapp.rules) * 1:37918 <-> ENABLED <-> EXPLOIT-KIT Magnitude exploit kit Internet Explorer exploit attempt (exploit-kit.rules) * 1:37919 <-> ENABLED <-> EXPLOIT-KIT Gong da exploit kit landing page (exploit-kit.rules) * 1:37920 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules) * 1:37921 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules) * 1:37922 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37923 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37925 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37926 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37927 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37928 <-> DISABLED <-> POLICY-OTHER Shockwave Flash suspicious flash file using URLDownloadToFileA (policy-other.rules) * 1:37929 <-> DISABLED <-> POLICY-OTHER Shockwave Flash file using doswf packer (policy-other.rules) * 1:37930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37932 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37933 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:37934 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:37935 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:37936 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:37937 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37941 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:37942 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:37943 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:37944 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:37945 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:37946 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:37947 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:37948 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious JavaScript decryption routine (indicator-obfuscation.rules) * 1:37949 <-> DISABLED <-> INDICATOR-OBFUSCATION download of heavily compressed PDF attempt (indicator-obfuscation.rules) * 1:37950 <-> DISABLED <-> INDICATOR-OBFUSCATION email of heavily compressed PDF attempt (indicator-obfuscation.rules) * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:37953 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx cross site scripting attempt (server-webapp.rules) * 1:37954 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution attempt (browser-ie.rules) * 1:37955 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution attempt (browser-ie.rules) * 1:37956 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution attempt (browser-ie.rules) * 1:37957 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit view uri request attempt (exploit-kit.rules) * 1:37958 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit viewthread uri request attempt (exploit-kit.rules) * 1:37959 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PLS file parsing buffer overflow attempt (file-multimedia.rules) * 1:37960 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P message integer overflow attempt (server-other.rules) * 1:37961 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer long URL buffer overflow attempt (browser-ie.rules) * 1:37963 <-> DISABLED <-> INDICATOR-COMPROMISE malicious file download attempt (indicator-compromise.rules) * 1:37966 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:37967 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:37968 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server potential cookie disclosure attempt (server-webapp.rules) * 1:37969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:37970 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:37971 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:37972 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:37973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:37974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:37975 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37976 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37977 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37978 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37979 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37980 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37981 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37982 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37983 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37984 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37985 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37986 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37987 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37988 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37989 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37990 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37991 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37992 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37993 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37994 <-> DISABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:37995 <-> DISABLED <-> BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (browser-plugins.rules) * 1:37996 <-> DISABLED <-> BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (browser-plugins.rules) * 1:37997 <-> DISABLED <-> BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (browser-plugins.rules) * 1:37998 <-> DISABLED <-> BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (browser-plugins.rules) * 1:37999 <-> DISABLED <-> BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (browser-plugins.rules) * 1:380 <-> DISABLED <-> PROTOCOL-ICMP PING Seer Windows (protocol-icmp.rules) * 1:38000 <-> DISABLED <-> BROWSER-PLUGINS IE MsRdpClient ActiveX attempt (browser-plugins.rules) * 1:38001 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38002 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38004 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38005 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38006 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38007 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38008 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38010 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38011 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:38012 <-> DISABLED <-> SERVER-WEBAPP Alienvault OSSIM graph_geoloc.php SQL injection attempt (server-webapp.rules) * 1:38013 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:38014 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:38015 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:38016 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38020 <-> DISABLED <-> FILE-FLASH Adobe Flash file with CreateFileA shellcode (file-flash.rules) * 1:38021 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38022 <-> DISABLED <-> FILE-FLASH Adobe Flash file with RC4 decryption routine detected (file-flash.rules) * 1:38023 <-> DISABLED <-> FILE-FLASH Adobe Flash file CreateFileA shellcode found (file-flash.rules) * 1:38024 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38025 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38026 <-> DISABLED <-> FILE-FLASH Adobe Flash file with RC4 decryption routine detected (file-flash.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38035 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38036 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38037 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38038 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38039 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38040 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38041 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38042 <-> DISABLED <-> POLICY-OTHER PDF containing Launch key download detected (policy-other.rules) * 1:38043 <-> DISABLED <-> POLICY-OTHER PDF containing Action key download detected (policy-other.rules) * 1:38044 <-> DISABLED <-> POLICY-OTHER PDF containing AcroForm key download detected (policy-other.rules) * 1:38045 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38046 <-> DISABLED <-> POLICY-OTHER PDF ActiveX CLSID access detected (policy-other.rules) * 1:38047 <-> DISABLED <-> POLICY-OTHER PDF containing mluc tag object download detected (policy-other.rules) * 1:38048 <-> DISABLED <-> POLICY-OTHER PDF containing U3D object download detected (policy-other.rules) * 1:38049 <-> DISABLED <-> SERVER-WEBAPP Centreon Web Interface index.php command injection attempt (server-webapp.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38060 <-> DISABLED <-> POLICY-OTHER SSLv2 Client Hello attempt (policy-other.rules) * 1:38061 <-> ENABLED <-> OS-WINDOWS Microsoft Windows rpdesk remote code execution attempt (os-windows.rules) * 1:38062 <-> ENABLED <-> OS-WINDOWS Microsoft Windows rpdesk remote code execution attempt (os-windows.rules) * 1:38063 <-> ENABLED <-> FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (file-other.rules) * 1:38064 <-> ENABLED <-> FILE-OTHER Microsoft Windows atmfd.dll font driver malformed OTF file remote code execution attempt (file-other.rules) * 1:38065 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GETDISPID invalid pointer access attempt (browser-ie.rules) * 1:38066 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GETDISPID invalid pointer access attempt (browser-ie.rules) * 1:38067 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:38071 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ValidateParentDepth out of bounds read attempt (os-windows.rules) * 1:38072 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ValidateParentDepth out of bounds read attempt (os-windows.rules) * 1:38073 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38075 <-> ENABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38077 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 1:38078 <-> DISABLED <-> BROWSER-IE Microsoft Edge CPostScriptEvaluator out of bounds read attempt (browser-ie.rules) * 1:38079 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer embedded media player use after free attempt (browser-ie.rules) * 1:38080 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer embedded media player use after free attempt (browser-ie.rules) * 1:38081 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SetItem use after free attempt (browser-ie.rules) * 1:38082 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SetItem use after free attempt (browser-ie.rules) * 1:38083 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GreCreateDisplayDC surface object use after free attempt (os-windows.rules) * 1:38084 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GreCreateDisplayDC surface object use after free attempt (os-windows.rules) * 1:38085 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTravelEntry use after free attempt (browser-ie.rules) * 1:38086 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTravelEntry use after free attempt (browser-ie.rules) * 1:38088 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer string type confusion remote code execution attempt (browser-ie.rules) * 1:38089 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer string type confusion remote code execution attempt (browser-ie.rules) * 1:38090 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGHelpers use-after-free attempt (browser-ie.rules) * 1:38091 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGHelpers use-after-free attempt (browser-ie.rules) * 1:38092 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ObReferenceObjectByHandle function privilege escalation attempt (os-windows.rules) * 1:38093 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ObReferenceObjectByHandle function privilege escalation attempt (os-windows.rules) * 1:38094 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos remote code execution attempt (browser-ie.rules) * 1:38095 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos remote code execution attempt (browser-ie.rules) * 1:38096 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules) * 1:38097 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bound write access attempt (browser-ie.rules) * 1:38098 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableCellLayoutArray use-after-free attempt (browser-ie.rules) * 1:38099 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TableCellLayoutArray use-after-free attempt (browser-ie.rules) * 1:381 <-> DISABLED <-> PROTOCOL-ICMP PING Oracle Solaris (protocol-icmp.rules) * 1:38100 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38102 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CEditEventSink navigate use after free attempt (browser-ie.rules) * 1:38103 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CEditEventSink navigate use after free attempt (browser-ie.rules) * 1:38104 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation double unescape (indicator-obfuscation.rules) * 1:38105 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation double unescape (indicator-obfuscation.rules) * 1:38106 <-> DISABLED <-> BROWSER-IE Microsoft Edge LineBoxBuilder out-of-bound memory access attempt (browser-ie.rules) * 1:38107 <-> DISABLED <-> BROWSER-IE Microsoft Edge LineBoxBuilder out-of-bound memory access attempt (browser-ie.rules) * 1:38108 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use-after-free (browser-ie.rules) * 1:38109 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode use-after-free (browser-ie.rules) * 1:38110 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bitmap stream parsing remote code execution attempt (file-office.rules) * 1:38111 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word bitmap stream parsing remote code execution attempt (file-office.rules) * 1:38112 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer addRow out-of-bounds read attempt (browser-ie.rules) * 1:38113 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer addRow out-of-bounds read attempt (browser-ie.rules) * 1:38114 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (os-windows.rules) * 1:38115 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV mini redirector driver privilege escalation attempt (os-windows.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mshtml InsertRange out of bounds write access (browser-ie.rules) * 1:38118 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mshtml InsertRange out of bounds write access (browser-ie.rules) * 1:38119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows EPOINTQF privilege escalation attempt (os-windows.rules) * 1:38120 <-> DISABLED <-> OS-WINDOWS Microsoft Windows EPOINTQF privilege escalation attempt (os-windows.rules) * 1:38121 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit search uri request attempt (exploit-kit.rules) * 1:38122 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CInput sliderdata object use after free attempt (browser-ie.rules) * 1:38123 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CInput sliderdata object use after free attempt (browser-ie.rules) * 1:38124 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap Overflow attempt (file-multimedia.rules) * 1:38125 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Transport Stream Program Map Table Heap Overflow attempt (file-multimedia.rules) * 1:38126 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ipdesign.dll ActiveX object access attempt (file-office.rules) * 1:38127 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ipdesign.dll ActiveX object access attempt (file-office.rules) * 1:38128 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ipdesign.dll ActiveX object access attempt (file-office.rules) * 1:38129 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word ipdesign.dll ActiveX object access attempt (file-office.rules) * 1:3813 <-> DISABLED <-> SERVER-WEBAPP awstats.pl configdir command injection attempt (server-webapp.rules) * 1:38130 <-> DISABLED <-> POLICY-OTHER HTTP Request missing user-agent (policy-other.rules) * 1:38131 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS image.do directory traversal attempt (server-webapp.rules) * 1:38132 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSafe NMS image.do directory traversal attempt (server-webapp.rules) * 1:38133 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit gate redirector (exploit-kit.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:38135 <-> DISABLED <-> BROWSER-OTHER Apple iOS CoreGraphics library PDF embedded image handling information leak attempt (browser-other.rules) * 1:38136 <-> DISABLED <-> SERVER-MAIL excessive email recipients - potential spam attempt (server-mail.rules) * 1:3814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javaprxy.dll COM access (browser-ie.rules) * 1:38140 <-> DISABLED <-> SERVER-WEBAPP ATutor connections.php SQL injection attempt (server-webapp.rules) * 1:38141 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknown compression algorithm use after free attempt (browser-plugins.rules) * 1:38142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknown compression algorithm use after free attempt (browser-plugins.rules) * 1:38143 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknown compression algorithm use after free attempt (browser-plugins.rules) * 1:38144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknown compression algorithm use after free attempt (browser-plugins.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38146 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Server Monitor ActiveX clsid access attempt (browser-plugins.rules) * 1:38147 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Server Monitor ActiveX clsid access attempt (browser-plugins.rules) * 1:38148 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Server Monitor ActiveX clsid access attempt (browser-plugins.rules) * 1:38149 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Server Monitor ActiveX clsid access attempt (browser-plugins.rules) * 1:3815 <-> DISABLED <-> SERVER-MAIL Kinesphere eXchange POP3 mail server overflow attempt (server-mail.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38151 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altiris Deployment Solution ActiveX clsid access attempt (browser-plugins.rules) * 1:38152 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPDiscovery ActiveX clsid access attempt (browser-plugins.rules) * 1:38153 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPDiscovery ActiveX clsid access attempt (browser-plugins.rules) * 1:38154 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPDiscovery ActiveX clsid access attempt (browser-plugins.rules) * 1:38155 <-> DISABLED <-> BROWSER-PLUGINS WebGate WESPDiscovery ActiveX clsid access attempt (browser-plugins.rules) * 1:38156 <-> DISABLED <-> SERVER-WEBAPP 29o3 CMS LibDir parameter multiple remote file include attempt (server-webapp.rules) * 1:38157 <-> DISABLED <-> SERVER-WEBAPP 29o3 CMS LibDir parameter multiple remote file include attempt (server-webapp.rules) * 1:38158 <-> DISABLED <-> SERVER-WEBAPP 29o3 CMS LibDir parameter multiple remote file include attempt (server-webapp.rules) * 1:38159 <-> DISABLED <-> SERVER-WEBAPP 29o3 CMS LibDir parameter multiple remote file include attempt (server-webapp.rules) * 1:3816 <-> DISABLED <-> SERVER-WEBAPP BadBlue ext.dll buffer overflow attempt (server-webapp.rules) * 1:38160 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit gate detected (exploit-kit.rules) * 1:38161 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit index uri request attempt (exploit-kit.rules) * 1:38162 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit viewthread uri request attempt (exploit-kit.rules) * 1:38163 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit view uri request attempt (exploit-kit.rules) * 1:38164 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite UploadFileAction servlet directory traversal attempt (server-webapp.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:3817 <-> DISABLED <-> PROTOCOL-TFTP GET transfer mode overflow attempt (protocol-tftp.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38171 <-> ENABLED <-> FILE-OTHER Adobe Acrobat request for updaternotifications.dll over SMB attempt (file-other.rules) * 1:38172 <-> DISABLED <-> FILE-OTHER Adobe Acrobat updaternotifications.dll dll-load exploit attempt (file-other.rules) * 1:38173 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38174 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38176 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38177 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38178 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules) * 1:38180 <-> ENABLED <-> FILE-FLASH Microsoft Standalone Flash Player asNative object use after free attempt (file-flash.rules) * 1:38181 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38183 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38185 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules) * 1:38186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules) * 1:38187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules) * 1:38188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setInterval use after free attempt (file-flash.rules) * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:3819 <-> ENABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules) * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules) * 1:38194 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setInterval use-after-free memory corruption attempt (file-flash.rules) * 1:38195 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules) * 1:38196 <-> ENABLED <-> FILE-FLASH Adobe Flash Player htmlText method use-after-free memory corruption attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules) * 1:382 <-> DISABLED <-> PROTOCOL-ICMP PING Windows (protocol-icmp.rules) * 1:3820 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules) * 1:38200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.copyChannel access violation attempt (file-flash.rules) * 1:38201 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules) * 1:38202 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 length tag out of bounds read attempt (file-multimedia.rules) * 1:38203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules) * 1:38204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.applyFilter access violation attempt (file-flash.rules) * 1:38205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38209 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules) * 1:38210 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 out of bounds write attempt (file-multimedia.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38213 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38217 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed mp4 atom use-after-free attempt (file-multimedia.rules) * 1:38218 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed MP4 atom use-after-free attempt (file-multimedia.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:3822 <-> DISABLED <-> SERVER-WEBAPP RealNetworks RealPlayer realtext long URI request attempt (server-webapp.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38222 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38224 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38227 <-> DISABLED <-> FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt (file-flash.rules) * 1:38229 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager sam-ajax-admin.php directory traversal attempt (server-webapp.rules) * 1:3823 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer realtext file bad version buffer overflow attempt (file-multimedia.rules) * 1:38230 <-> DISABLED <-> BROWSER-PLUGINS WebGate Control Center WESPPlayback ActiveX clsid access attempt (browser-plugins.rules) * 1:38231 <-> DISABLED <-> BROWSER-PLUGINS WebGate Control Center WESPPlayback ActiveX clsid access attempt (browser-plugins.rules) * 1:38232 <-> DISABLED <-> BROWSER-PLUGINS WebGate Control Center WESPPlayback ActiveX clsid access attempt (browser-plugins.rules) * 1:38233 <-> DISABLED <-> BROWSER-PLUGINS WebGate Control Center WESPPlayback ActiveX clsid access attempt (browser-plugins.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:38236 <-> DISABLED <-> SERVER-WEBAPP Wordpress MM Forms community plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:38237 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption attempt (file-office.rules) * 1:38238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules) * 1:38240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38242 <-> DISABLED <-> SERVER-WEBAPP VmWare Tools command injection attempt (server-webapp.rules) * 1:38243 <-> DISABLED <-> SERVER-WEBAPP VmWare Tools command injection attempt (server-webapp.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38248 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1329 buffer overflow attempt (server-other.rules) * 1:38249 <-> DISABLED <-> SERVER-WEBAPP Samsung Data Manager default password login attempt (server-webapp.rules) * 1:38250 <-> DISABLED <-> INDICATOR-OBFUSCATION HTML entity encoded ActiveX object instantiation detected (indicator-obfuscation.rules) * 1:38251 <-> DISABLED <-> INDICATOR-OBFUSCATION HTML entity encoded script language declaration detected (indicator-obfuscation.rules) * 1:38252 <-> DISABLED <-> SERVER-WEBAPP AWStats awstats.cgi remote file include attempt (server-webapp.rules) * 1:38253 <-> DISABLED <-> SERVER-WEBAPP AWStats awstats.cgi remote file include attempt (server-webapp.rules) * 1:38254 <-> ENABLED <-> EXPLOIT-KIT Known malicious redirection attempt (exploit-kit.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38262 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules) * 1:38263 <-> DISABLED <-> SERVER-OTHER CUPS Filters command injection attempt (server-other.rules) * 1:38264 <-> DISABLED <-> OS-WINDOWS DCERPC Direct detection of malicious DCE RPC request in suspicious pcap (os-windows.rules) * 1:38265 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules) * 1:38266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:38267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:38268 <-> DISABLED <-> SERVER-APACHE 404 OK response (server-apache.rules) * 1:38269 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_system command injection attempt (server-webapp.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:38272 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:38273 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:38274 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:38275 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit redirection attempt (exploit-kit.rules) * 1:38276 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer text transform use after free attempt (browser-ie.rules) * 1:38277 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer text transform use after free attempt (browser-ie.rules) * 1:38278 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer text transform use after free attempt (browser-ie.rules) * 1:38279 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38280 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38281 <-> DISABLED <-> PROTOCOL-DNS ISC BIND totext_in_apl denial of service attempt (protocol-dns.rules) * 1:38282 <-> DISABLED <-> PROTOCOL-DNS ISC BIND totext_in_apl denial of service attempt (protocol-dns.rules) * 1:38283 <-> DISABLED <-> PROTOCOL-DNS ISC BIND totext_in_apl denial of service attempt (protocol-dns.rules) * 1:38284 <-> DISABLED <-> PROTOCOL-DNS ISC BIND totext_in_apl denial of service attempt (protocol-dns.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules) * 1:38291 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38292 <-> ENABLED <-> FILE-IDENTIFY UDF file magic detected (file-identify.rules) * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules) * 1:38303 <-> DISABLED <-> SERVER-WEBAPP Bonita BPM themeResource directory traversal attempt (server-webapp.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38306 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38307 <-> ENABLED <-> FILE-IDENTIFY DMG com.apple.decmpfs file magic detected (file-identify.rules) * 1:38308 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:38309 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine use after free attempt (browser-ie.rules) * 1:38310 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:38311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:38312 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules) * 1:38313 <-> ENABLED <-> SERVER-OTHER Redis lua script integer overflow attempt (server-other.rules) * 1:38314 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38315 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38316 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev Reprise License Server directory traversal attempt (server-webapp.rules) * 1:38317 <-> ENABLED <-> FILE-OTHER Microsoft Edge Chakra JavaScript engine out of bounds read attempt (file-other.rules) * 1:38318 <-> ENABLED <-> FILE-OTHER Microsoft Edge Chakra JavaScript engine out of bounds read attempt (file-other.rules) * 1:38319 <-> DISABLED <-> NETBIOS SMB winreg named pipe creation attempt (netbios.rules) * 1:38320 <-> DISABLED <-> NETBIOS SMB srvsvc named pipe creation attempt (netbios.rules) * 1:38321 <-> DISABLED <-> NETBIOS SMB svcctl named pipe creation attempt (netbios.rules) * 1:38322 <-> DISABLED <-> NETBIOS SMB samr named pipe creation attempt (netbios.rules) * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38328 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy connection attempt (malware-backdoor.rules) * 1:38329 <-> ENABLED <-> MALWARE-BACKDOOR ReGeorg socks proxy initial connection attempt (malware-backdoor.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38332 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header dual colon evasion attempt (indicator-obfuscation.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38334 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:38335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules) * 1:38337 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header illegal character prior to encoding type evasion attempt (indicator-obfuscation.rules) * 1:38338 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:38339 <-> DISABLED <-> FILE-JAVA Oracle Java Class Loader namespace sandbox bypass attempt (file-java.rules) * 1:38340 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP multiple encodings per line attempt (indicator-obfuscation.rules) * 1:38341 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Encodings header evasion attempt (indicator-obfuscation.rules) * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules) * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules) * 1:38348 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:38349 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:38350 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:38351 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38360 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38361 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Samas variant download attempt (malware-other.rules) * 1:38363 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:38364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:38365 <-> DISABLED <-> SERVER-OTHER TCPDUMP ISAKMP payload handling denial of service attempt (server-other.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38368 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP illegal chars after encoding type evasion attempt (indicator-obfuscation.rules) * 1:38369 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header whitespace evasion attempt (indicator-obfuscation.rules) * 1:38370 <-> DISABLED <-> SERVER-WEBAPP IPESOFT D2000 directory traversal attempt (server-webapp.rules) * 1:38371 <-> DISABLED <-> SERVER-WEBAPP Bharat Mediratta Gallery PHP file inclusion attempt (server-webapp.rules) * 1:38372 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38373 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38374 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38375 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38376 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38377 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38381 <-> DISABLED <-> BROWSER-OTHER HTTP characters prior to header evasion attempt (browser-other.rules) * 1:38382 <-> DISABLED <-> BROWSER-OTHER ICY HTTP version evasion attempt (browser-other.rules) * 1:38383 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules) * 1:38384 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38389 <-> DISABLED <-> SERVER-WEBAPP HID door command injection attempt (server-webapp.rules) * 1:38390 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:38391 <-> DISABLED <-> SERVER-OTHER HP JetDirect PJL path traversal attempt (server-other.rules) * 1:38392 <-> DISABLED <-> SERVER-WEBAPP Apache Jetspeed Portal Site Manager directory traversal attempt (server-webapp.rules) * 1:38393 <-> DISABLED <-> SERVER-WEBAPP Apache Jetspeed Portal Site Manager directory traversal attempt (server-webapp.rules) * 1:38394 <-> DISABLED <-> INDICATOR-OBFUSCATION Gzip invalid extra field evasion attempt (indicator-obfuscation.rules) * 1:38395 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite Grid Control directory traversal attempt (server-webapp.rules) * 1:38396 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite Grid Control directory traversal attempt (server-webapp.rules) * 1:38398 <-> DISABLED <-> SERVER-WEBAPP DotCMS UserAjax.getUsersList.dwr SQL injection attempt (server-webapp.rules) * 1:384 <-> DISABLED <-> PROTOCOL-ICMP PING (protocol-icmp.rules) * 1:38401 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple scripts display rendering use-after-free attempt (file-flash.rules) * 1:38402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple scripts display rendering use-after-free attempt (file-flash.rules) * 1:38403 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38407 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player duplicateMovieClip use after free attempt (file-flash.rules) * 1:38412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player duplicateMovieClip use after free attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38414 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38416 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38417 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ClbCatQ.dll dll-load exploit attempt (file-flash.rules) * 1:38418 <-> DISABLED <-> FILE-FLASH Adobe Flash Player HNetCfg.dll dll-load exploit attempt (file-flash.rules) * 1:38419 <-> DISABLED <-> FILE-FLASH Adobe Flash Player RASMan.dll dll-load exploit attempt (file-flash.rules) * 1:38420 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setupapi.dll dll-load exploit attempt (file-flash.rules) * 1:38421 <-> DISABLED <-> FILE-FLASH Adobe Flash Player request for ClbCatQ.dll over SMB attempt (file-flash.rules) * 1:38422 <-> DISABLED <-> FILE-FLASH Adobe Flash Player request for HNetCfg.dll over SMB attempt (file-flash.rules) * 1:38423 <-> DISABLED <-> FILE-FLASH Adobe Flash Player request for RASMan.dll over SMB attempt (file-flash.rules) * 1:38424 <-> DISABLED <-> FILE-FLASH Adobe Flash Player request for setupapi.dll over SMB attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38426 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38427 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38428 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38432 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38434 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38435 <-> DISABLED <-> BROWSER-PLUGINS Schneider F1 Bookview ActiveX clsid access attempt (browser-plugins.rules) * 1:38436 <-> DISABLED <-> BROWSER-PLUGINS Schneider F1 Bookview ActiveX clsid access attempt (browser-plugins.rules) * 1:38437 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound uri structure (exploit-kit.rules) * 1:38438 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit questions uri request attempt (exploit-kit.rules) * 1:38439 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit news uri structure (exploit-kit.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38446 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38447 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38452 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38455 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38456 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38457 <-> DISABLED <-> POLICY-OTHER Suspicious typo squatting DNS query to .om TLD attempt (policy-other.rules) * 1:38458 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSARPC LsapLookupSids denial of service attempt (os-windows.rules) * 1:38459 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DrawMenuBarTemp memory corruption attempt (os-windows.rules) * 1:38460 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DrawMenuBarTemp memory corruption attempt (os-windows.rules) * 1:38461 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy connection detected (os-windows.rules) * 1:38462 <-> ENABLED <-> OS-WINDOWS DCERPC Bind auth level packet privacy downgrade attempt (os-windows.rules) * 1:38463 <-> ENABLED <-> BROWSER-PLUGINS Microsoft XML Core Services ActiveX control use after free attempt (browser-plugins.rules) * 1:38464 <-> ENABLED <-> BROWSER-PLUGINS Microsoft XML Core Services ActiveX control use after free attempt (browser-plugins.rules) * 1:38465 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer InsertSanitizedTextEx use after free attempt (browser-ie.rules) * 1:38466 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer InsertSanitizedTextEx use after free attempt (browser-ie.rules) * 1:38467 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 frameset use after free attempt (browser-ie.rules) * 1:38468 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 frameset use after free attempt (browser-ie.rules) * 1:38469 <-> ENABLED <-> OS-WINDOWS Microsoft Windows api-ms-win-appmodel-runtime dll-load exploit attempt (os-windows.rules) * 1:38470 <-> ENABLED <-> OS-WINDOWS Microsoft Windows api-ms-win-appmodel-runtime dll-load exploit attempt (os-windows.rules) * 1:38471 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel sheet object use after free attempt (file-office.rules) * 1:38472 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel sheet object use after free attempt (file-office.rules) * 1:38473 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe cross-site scripting attempt (browser-ie.rules) * 1:38474 <-> ENABLED <-> BROWSER-IE Microsoft Edge iframe cross-site scripting attempt (browser-ie.rules) * 1:38475 <-> ENABLED <-> OS-WINDOWS Microsoft Windows anonymous user token impersonation attempt (os-windows.rules) * 1:38476 <-> ENABLED <-> OS-WINDOWS Microsoft Windows anonymous user token impersonation attempt (os-windows.rules) * 1:38477 <-> DISABLED <-> BROWSER-IE Microsoft Edge webnote exit event css arbitrary file read attempt (browser-ie.rules) * 1:38478 <-> DISABLED <-> BROWSER-IE Microsoft Edge webnote exit event css arbitrary file read attempt (browser-ie.rules) * 1:38479 <-> ENABLED <-> BROWSER-IE Microsoft Edge remove range out of bounds read attempt (browser-ie.rules) * 1:38480 <-> ENABLED <-> BROWSER-IE Microsoft Edge remove range out of bounds read attempt (browser-ie.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38483 <-> ENABLED <-> BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attempt (browser-ie.rules) * 1:38484 <-> ENABLED <-> BROWSER-IE Microsoft Edge CStyleSheet keyframes out of bounds read attempt (browser-ie.rules) * 1:38485 <-> ENABLED <-> BROWSER-IE Microsoft Edge TextDataSlice type confusion attempt (browser-ie.rules) * 1:38486 <-> ENABLED <-> BROWSER-IE Microsoft Edge TextDataSlice type confusion attempt (browser-ie.rules) * 1:38487 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys PathToRegion buffer overflow attempt (os-windows.rules) * 1:38488 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys PathToRegion buffer overflow attempt (os-windows.rules) * 1:38489 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules) * 1:38490 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word OleRegEnumVerbs object icon memory corruption attempt (file-office.rules) * 1:38491 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreatePopupMenu win32k.sys use after free attempt (os-windows.rules) * 1:38492 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CreatePopupMenu win32k.sys use after free attempt (os-windows.rules) * 1:38493 <-> ENABLED <-> FILE-OTHER Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory access attempt (file-other.rules) * 1:38494 <-> ENABLED <-> FILE-OTHER Microsoft Windows win32k.sys glyph bitmap boundary out of bounds memory access attempt (file-other.rules) * 1:38495 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bound read exception attempt (file-office.rules) * 1:38496 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bound read exception attempt (file-office.rules) * 1:38497 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:38498 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:38499 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:385 <-> DISABLED <-> PROTOCOL-ICMP traceroute (protocol-icmp.rules) * 1:38500 <-> DISABLED <-> MALWARE-OTHER samsam delfiletype.exe file load attempt (malware-other.rules) * 1:38501 <-> DISABLED <-> MALWARE-OTHER samsam samsam.exe file load attempt (malware-other.rules) * 1:38502 <-> DISABLED <-> MALWARE-OTHER samsam sqlsrvtmg1.exe file load attempt (malware-other.rules) * 1:38503 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CChildIterator media object use-after-free attempt (browser-ie.rules) * 1:38504 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CChildIterator media object use-after-free attempt (browser-ie.rules) * 1:38505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CChildIterator media object use-after-free attempt (browser-ie.rules) * 1:38506 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CChildIterator media object use-after-free attempt (browser-ie.rules) * 1:38507 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ConvertStringFromUnicodeEx out of bounds write attempt (browser-ie.rules) * 1:38508 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ConvertStringFromUnicodeEx out of bounds write attempt (browser-ie.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38511 <-> DISABLED <-> SERVER-WEBAPP Novell Service Desk directory traversal attempt (server-webapp.rules) * 1:38512 <-> DISABLED <-> SERVER-WEBAPP ATutor question_import.php directory traversal attempt (server-webapp.rules) * 1:38513 <-> DISABLED <-> SERVER-WEBAPP ATutor question_import.php directory traversal attempt (server-webapp.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38518 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38519 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38520 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38521 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirect page detected (exploit-kit.rules) * 1:38522 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38523 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38524 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38531 <-> DISABLED <-> SERVER-WEBAPP WSN Live SQL injection attempt SQL injection attempt (server-webapp.rules) * 1:38532 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38533 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38534 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38535 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38536 <-> DISABLED <-> SERVER-WEBAPP Wordpress Scoreme cross site scripting attempt (server-webapp.rules) * 1:38537 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:38538 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:38539 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:38540 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:38541 <-> DISABLED <-> INDICATOR-OBFUSCATION newline only separator evasion (indicator-obfuscation.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules) * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules) * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules) * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules) * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules) * 1:38552 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38553 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38556 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:38568 <-> DISABLED <-> SERVER-OTHER Smart Software Solutions Codesys Gateway Server projectName heap buffer overflow attempt (server-other.rules) * 1:38569 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38570 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38571 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38572 <-> DISABLED <-> FILE-OTHER ABC file instruction field parsing exploitation attempt (file-other.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:38575 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS change cipher spec protocol denial of service attempt (server-other.rules) * 1:38576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules) * 1:38579 <-> DISABLED <-> SERVER-WEBAPP Atvise denial of service attempt (server-webapp.rules) * 1:38580 <-> ENABLED <-> FILE-OFFICE RFT document malformed header (file-office.rules) * 1:38581 <-> ENABLED <-> FILE-OFFICE RFT document malformed header (file-office.rules) * 1:38582 <-> DISABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38589 <-> DISABLED <-> EXPLOIT-KIT vbscript downloading executable attempt (exploit-kit.rules) * 1:38592 <-> ENABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38594 <-> DISABLED <-> APP-DETECT Bloomberg web crawler outbound connection (app-detect.rules) * 1:38595 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid HTTP version evasion attempt (indicator-obfuscation.rules) * 1:38596 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header null byte evasion attempt (indicator-obfuscation.rules) * 1:38597 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header null byte evasion attempt (indicator-obfuscation.rules) * 1:38598 <-> DISABLED <-> INDICATOR-OBFUSCATION invalid HTTP header evasion attempt (indicator-obfuscation.rules) * 1:38599 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid HTTP 100 response followed by 200 evasion attempt (indicator-obfuscation.rules) * 1:386 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Reply (protocol-icmp.rules) * 1:38600 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid HTTP response code evasion attempt (indicator-obfuscation.rules) * 1:38601 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid HTTP header format evasion attempt (indicator-obfuscation.rules) * 1:38602 <-> DISABLED <-> INDICATOR-OBFUSCATION mixed case HTTP header evasion attempt (indicator-obfuscation.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:38607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:38609 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection attempt (server-webapp.rules) * 1:38610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla downloader successful base64 binary download (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:38614 <-> DISABLED <-> INDICATOR-OBFUSCATION carriage return only separator evasion (indicator-obfuscation.rules) * 1:38615 <-> DISABLED <-> INDICATOR-OBFUSCATION newline only separator evasion (indicator-obfuscation.rules) * 1:38616 <-> DISABLED <-> INDICATOR-OBFUSCATION carriage return only separator evasion (indicator-obfuscation.rules) * 1:38617 <-> DISABLED <-> INDICATOR-OBFUSCATION carriage return only separator evasion (indicator-obfuscation.rules) * 1:38618 <-> DISABLED <-> INDICATOR-OBFUSCATION newline only separator evasion (indicator-obfuscation.rules) * 1:38619 <-> DISABLED <-> INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (indicator-compromise.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38622 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules) * 1:38623 <-> ENABLED <-> FILE-OTHER GDCM DICOM image integer overflow attempt (file-other.rules) * 1:38624 <-> ENABLED <-> FILE-OTHER GDCM DICOM image integer overflow attempt (file-other.rules) * 1:38625 <-> DISABLED <-> SERVER-WEBAPP Gemtek CPE7000 sysconf.cgi command injection attempt (server-webapp.rules) * 1:38626 <-> DISABLED <-> SERVER-WEBAPP Gemtek CPE7000 sysconf.cgi command injection attempt (server-webapp.rules) * 1:38627 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules) * 1:38628 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules) * 1:38629 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38630 <-> ENABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38633 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38634 <-> ENABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38637 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid HTTP response code evasion attempt (indicator-obfuscation.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38639 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules) * 1:38640 <-> ENABLED <-> FILE-OFFICE Microsoft Office document with auto-start VBA macro detected (file-office.rules) * 1:38641 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid header line evasion attempt (indicator-obfuscation.rules) * 1:38642 <-> DISABLED <-> INDICATOR-OBFUSCATION Invalid HTTP 301 response evasion attempt (indicator-obfuscation.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38648 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules) * 1:38649 <-> DISABLED <-> SERVER-OTHER Trend Micro remote debugging URL handling remote code execution attempt (server-other.rules) * 1:38650 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38651 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38652 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38653 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38654 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38655 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38656 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38657 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38658 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38659 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38660 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38661 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38662 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38663 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38664 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38665 <-> ENABLED <-> MALWARE-OTHER PWOBot variant download attempt (malware-other.rules) * 1:38666 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header invalid entry evasion attempt (indicator-obfuscation.rules) * 1:38667 <-> DISABLED <-> INDICATOR-OBFUSCATION Mixed case encoding type evasion attempt (indicator-obfuscation.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:38669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:38670 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onpropertychange use-after-free attempt (browser-ie.rules) * 1:38673 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38674 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koohipa outbound beacon attempt (malware-cnc.rules) * 1:38675 <-> DISABLED <-> SERVER-WEBAPP Sefrengo CMS main.php SQL injection attempt (server-webapp.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:38677 <-> DISABLED <-> INDICATOR-OBFUSCATION UTF-8 evasion attempt (indicator-obfuscation.rules) * 1:38678 <-> DISABLED <-> INDICATOR-OBFUSCATION UTF-8 evasion attempt (indicator-obfuscation.rules) * 1:38679 <-> DISABLED <-> INDICATOR-OBFUSCATION non HTTP 1.1 version with 1.1 headers evasion attempt (indicator-obfuscation.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:38681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka POST attempt (malware-cnc.rules) * 1:38682 <-> ENABLED <-> EXPLOIT-KIT Angler Exploit Kit email gate (exploit-kit.rules) * 1:38683 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38684 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38685 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38686 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38687 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38688 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38689 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38690 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38691 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38692 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38693 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38694 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38695 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38696 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38697 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38698 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38699 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:387 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Reply undefined code (protocol-icmp.rules) * 1:38700 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38701 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38702 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38703 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38704 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38705 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38706 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38707 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38708 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38709 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38710 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38711 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38712 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38713 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38714 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38715 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38716 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38717 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38718 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38719 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:38720 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager SQL injection attempt (server-webapp.rules) * 1:38721 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager SQL injection attempt (server-webapp.rules) * 1:38722 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager SQL injection attempt (server-webapp.rules) * 1:38723 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager SQL injection attempt (server-webapp.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38730 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit Flash exploit download attempt (exploit-kit.rules) * 1:38731 <-> DISABLED <-> SERVER-OTHER Squid Proxy range header denial of service attempt (server-other.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:38734 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP header value without key evasion attempt (indicator-obfuscation.rules) * 1:38742 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:38743 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38744 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38759 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k window handle use after free attempt (os-windows.rules) * 1:38760 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k window handle use after free attempt (os-windows.rules) * 1:38761 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys font object use after free attempt (os-windows.rules) * 1:38762 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys font object use after free attempt (os-windows.rules) * 1:38763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mshtml.dll null pointer dereference attempt (browser-ie.rules) * 1:38764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer mshtml.dll null pointer dereference attempt (browser-ie.rules) * 1:38765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Dxgkrnl.sys RtlMemoryCopy buffer overflow attempt (os-windows.rules) * 1:38766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Dxgkrnl.sys RtlMemoryCopy buffer overflow attempt (os-windows.rules) * 1:38767 <-> DISABLED <-> INDICATOR-COMPROMISE potential abuse of originating page privileges by new tab (indicator-compromise.rules) * 1:38768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CreateColorSpace vulnerability attempt (browser-ie.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38773 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38774 <-> ENABLED <-> OS-WINDOWS Microsoft Windows device content surface bitmap use after free attempt (os-windows.rules) * 1:38775 <-> ENABLED <-> OS-WINDOWS Microsoft Windows device content surface bitmap use after free attempt (os-windows.rules) * 1:38776 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules) * 1:38777 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules) * 1:38778 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:38779 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media Center link file code execution attempt (file-other.rules) * 1:38780 <-> ENABLED <-> OS-WINDOWS Microsoft Internet Explorer VerifyFile information disclosure attempt (os-windows.rules) * 1:38781 <-> ENABLED <-> OS-WINDOWS Microsoft Internet Explorer VerifyFile information disclosure attempt (os-windows.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:38785 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules) * 1:38786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules) * 1:38787 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Context bitmap use after free attempt (os-windows.rules) * 1:38788 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Context bitmap use after free attempt (os-windows.rules) * 1:38789 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38790 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38791 <-> ENABLED <-> SERVER-WEBAPP Oracle application testing suite DownloadServlet directory traversal attempt (server-webapp.rules) * 1:38792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASSetNativeAccessor use after free attempt (file-flash.rules) * 1:38793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASSetNativeAccessor use after free attempt (file-flash.rules) * 1:38794 <-> ENABLED <-> FILE-PDF Adobe Reader XFA javascript use after free attempt (file-pdf.rules) * 1:38795 <-> ENABLED <-> FILE-PDF Adobe Reader XFA javascript use after free attempt (file-pdf.rules) * 1:38796 <-> DISABLED <-> SERVER-OTHER Adroit denial of service attempt (server-other.rules) * 1:38797 <-> ENABLED <-> BROWSER-IE Microsoft Edge graphics subcomponent use after free attempt (browser-ie.rules) * 1:38798 <-> ENABLED <-> BROWSER-IE Microsoft Edge graphics subcomponent use after free attempt (browser-ie.rules) * 1:38799 <-> ENABLED <-> FILE-PDF Adobe Acrobat FileAttachment use-after-free attempt (file-pdf.rules) * 1:388 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Request (protocol-icmp.rules) * 1:38800 <-> ENABLED <-> FILE-PDF Adobe Acrobat FileAttachment use-after-free attempt (file-pdf.rules) * 1:38801 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetEmbUFI kernel information disclosure attempt (os-windows.rules) * 1:38802 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtGdiGetEmbUFI kernel information disclosure attempt (os-windows.rules) * 1:38803 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel Configuration Manager failure attempt (os-windows.rules) * 1:38804 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel Configuration Manager failure attempt (os-windows.rules) * 1:38805 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.prototype.fill out of bounds write attempt (browser-ie.rules) * 1:38806 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.prototype.fill out of bounds write attempt (browser-ie.rules) * 1:38807 <-> DISABLED <-> SERVER-WEBAPP PHP-Address remote file include attempt (server-webapp.rules) * 1:38808 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys device context use after free attempt (os-windows.rules) * 1:38809 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32kfull.sys device context use after free attempt (os-windows.rules) * 1:38810 <-> DISABLED <-> FILE-OFFICE Microsoft Office wwlib out of bounds memory access attempt (file-office.rules) * 1:38811 <-> DISABLED <-> FILE-OFFICE Microsoft Office wwlib out of bounds memory access attempt (file-office.rules) * 1:38812 <-> DISABLED <-> FILE-OFFICE Microsoft Office wwlib out of bounds memory access attempt (file-office.rules) * 1:38813 <-> DISABLED <-> FILE-OFFICE Microsoft Office wwlib out of bounds memory access attempt (file-office.rules) * 1:38814 <-> DISABLED <-> FILE-OFFICE Microsoft Office wwlib out of bounds memory access attempt (file-office.rules) * 1:38815 <-> DISABLED <-> FILE-OFFICE Microsoft Office wwlib out of bounds memory access attempt (file-office.rules) * 1:38816 <-> DISABLED <-> FILE-OTHER Microsoft Windows gdi32 malformed EMF file ExtEscape buffer overflow attempt (file-other.rules) * 1:38817 <-> DISABLED <-> FILE-OTHER Microsoft Windows gdi32 malformed EMF file ExtEscape buffer overflow attempt (file-other.rules) * 1:38818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA engine memory leak - possible code instrumentation detected (file-pdf.rules) * 1:38819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA engine memory leak ASLR bypass attempt (file-pdf.rules) * 1:38820 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA engine memory leak - possible code instrumentation detected (file-pdf.rules) * 1:38821 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA engine memory leak ASLR bypass attempt (file-pdf.rules) * 1:38822 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38823 <-> DISABLED <-> POLICY-OTHER PDF containing XDP structure download detected (policy-other.rules) * 1:38824 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip callback use after free attempt (file-flash.rules) * 1:38825 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip callback use after free attempt (file-flash.rules) * 1:38826 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip callback use after free attempt (file-flash.rules) * 1:38827 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip callback use after free attempt (file-flash.rules) * 1:38828 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer BooleanProtoObj objects JSONStringifyArray use-after-free attempt (browser-ie.rules) * 1:38829 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer BooleanProtoObj objects JSONStringifyArray use-after-free attempt (browser-ie.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38831 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:38837 <-> ENABLED <-> FILE-FLASH Adobe Flash Player faulty x64 support out of bounds read attempt (file-flash.rules) * 1:38838 <-> ENABLED <-> FILE-FLASH Adobe Flash Player faulty x64 support out of bounds read attempt (file-flash.rules) * 1:38839 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RPC NDR64 denial of service attempt (os-windows.rules) * 1:38840 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RPC NDR64 denial of service attempt (os-windows.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38842 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38843 <-> DISABLED <-> FILE-PDF Adobe Reader javascript replace integer overflow attempt (file-pdf.rules) * 1:38844 <-> DISABLED <-> FILE-PDF Adobe Reader javascript replace integer overflow attempt (file-pdf.rules) * 1:38845 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:38846 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:38847 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound method use-after-free memory corruption attempt (file-flash.rules) * 1:38848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player loadSound method use-after-free memory corruption attempt (file-flash.rules) * 1:38849 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:38850 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:38851 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file download request (file-identify.rules) * 1:38852 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38853 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file attachment detected (file-identify.rules) * 1:38854 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38855 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul HCell file magic detected (file-identify.rules) * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules) * 1:38860 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules) * 1:38861 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules) * 1:38862 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file download request (file-identify.rules) * 1:38863 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38864 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file attachment detected (file-identify.rules) * 1:38865 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38866 <-> ENABLED <-> FILE-IDENTIFY Hancom Hangul Office Document file magic detected (file-identify.rules) * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules) * 1:38868 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules) * 1:38869 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules) * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules) * 1:38871 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38872 <-> ENABLED <-> FILE-FLASH Adobe Flash Player request for MSIMG32.dll over SMB attempt (file-flash.rules) * 1:38873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MSIMG32.dll dll-load exploit attempt (file-flash.rules) * 1:38874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules) * 1:38875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DeleteRangeTimelineOperation type confusion attempt (file-flash.rules) * 1:38876 <-> DISABLED <-> EXPLOIT-KIT Obfuscated exploit download attempt (exploit-kit.rules) * 1:38877 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38878 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38879 <-> ENABLED <-> SERVER-WEBAPP HP Enterprise Vertica validateAdminConfig command injection attempt (server-webapp.rules) * 1:38880 <-> ENABLED <-> SERVER-WEBAPP HP Enterprise Vertica validateAdminConfig command injection attempt (server-webapp.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38882 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38884 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38889 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:38892 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38893 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Maktub variant download attempt (malware-other.rules) * 1:38894 <-> ENABLED <-> SERVER-WEBAPP Jenkins CI Server insecure deserialization command execution attempt (server-webapp.rules) * 1:38895 <-> ENABLED <-> FILE-PDF Adobe Reader XFA prePrint use after free attempt (file-pdf.rules) * 1:38896 <-> ENABLED <-> FILE-PDF Adobe Reader XFA prePrint use after free attempt (file-pdf.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 request for aires.dll over SMB attempt (file-other.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:38899 <-> ENABLED <-> FILE-PDF Adobe Reader PDF defineGetter execMenuItem use after free attempt (file-pdf.rules) * 1:389 <-> DISABLED <-> PROTOCOL-ICMP Address Mask Request undefined code (protocol-icmp.rules) * 1:38900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF onEvent execMenuItem use after free attempt (file-pdf.rules) * 1:38901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF setAction execMenuItem use after free attempt (file-pdf.rules) * 1:38902 <-> ENABLED <-> FILE-PDF Adobe Reader PDF setPageAction execMenuItem use after free attempt (file-pdf.rules) * 1:38903 <-> ENABLED <-> FILE-PDF Adobe Reader PDF defineGetter execMenuItem use after free attempt (file-pdf.rules) * 1:38904 <-> ENABLED <-> FILE-PDF Adobe Reader PDF onEvent execMenuItem use after free attempt (file-pdf.rules) * 1:38905 <-> ENABLED <-> FILE-PDF Adobe Reader PDF setAction execMenuItem use after free attempt (file-pdf.rules) * 1:38906 <-> ENABLED <-> FILE-PDF Adobe Reader PDF setPageAction execMenuItem use after free attempt (file-pdf.rules) * 1:38907 <-> ENABLED <-> FILE-PDF Adobe Reader PDF execMenuItem use after free attempt (file-pdf.rules) * 1:38908 <-> ENABLED <-> FILE-PDF Adobe Reader PDF execMenuItem use after free attempt (file-pdf.rules) * 1:38909 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38910 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38911 <-> ENABLED <-> FILE-PDF Adobe Reader DisablePermEnforcement JavaScript function use-after-free attempt (file-pdf.rules) * 1:38912 <-> ENABLED <-> FILE-PDF Adobe Reader DisablePermEnforcement JavaScript function use-after-free attempt (file-pdf.rules) * 1:38913 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38914 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38915 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:38918 <-> ENABLED <-> FILE-PDF Adobe Reader createAVView JavaScript use-after-free attempt (file-pdf.rules) * 1:38919 <-> ENABLED <-> FILE-PDF Adobe Reader createAVView JavaScript use-after-free attempt (file-pdf.rules) * 1:38920 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38921 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38922 <-> DISABLED <-> INDICATOR-OBFUSCATION Brotli encoding evasion attempt (indicator-obfuscation.rules) * 1:38923 <-> ENABLED <-> FILE-PDF Adobe Reader compareDocuments JavaScript function use-after-free attempt (file-pdf.rules) * 1:38924 <-> ENABLED <-> FILE-PDF Adobe Reader compareDocuments JavaScript function use-after-free attempt (file-pdf.rules) * 1:38925 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer deleteTab SQL injection attempt (server-webapp.rules) * 1:38926 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer deleteTab SQL injection attempt (server-webapp.rules) * 1:38927 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer setSkin SQL injection attempt (server-webapp.rules) * 1:38928 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer setSkin SQL injection attempt (server-webapp.rules) * 1:38929 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer user_id SQL injection attempt (server-webapp.rules) * 1:38930 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer user_id SQL injection attempt (server-webapp.rules) * 1:38931 <-> ENABLED <-> FILE-PDF Adobe Reader submitForm read out of bounds attempt (file-pdf.rules) * 1:38932 <-> ENABLED <-> FILE-PDF Adobe Reader submitForm read out of bounds attempt (file-pdf.rules) * 1:38933 <-> DISABLED <-> INDICATOR-COMPROMISE IRC nick change on non-standard port (indicator-compromise.rules) * 1:38934 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite actionservlet directory traversal attempt (server-webapp.rules) * 1:38935 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38936 <-> ENABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38937 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38938 <-> DISABLED <-> FILE-PDF Adobe Reader trusted JavaScript function security bypass attempt (file-pdf.rules) * 1:38939 <-> DISABLED <-> SERVER-WEBAPP ORACLE-SERVER Oracle Application Testing Suite filename directory traversal attempt (server-webapp.rules) * 1:38940 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38941 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38942 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite DownloadServlet servlet directory traversal attempt (server-webapp.rules) * 1:38943 <-> ENABLED <-> FILE-PDF Adobe Reader XFA javascript out of bound memory corruption attempt (file-pdf.rules) * 1:38944 <-> ENABLED <-> FILE-PDF Adobe Reader XFA javascript out of bound memory corruption attempt (file-pdf.rules) * 1:38945 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38946 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38947 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38948 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:38951 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38952 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38953 <-> ENABLED <-> PUA-ADWARE Win.Adware.OpenSoftwareUpdater variant outbound connection attempt (pua-adware.rules) * 1:38954 <-> ENABLED <-> FILE-OTHER Adobe Acrobat DC invalid TIFF tagtype out of bounds read attempt (file-other.rules) * 1:38955 <-> ENABLED <-> FILE-OTHER Adobe Acrobat DC invalid TIFF tagtype out of bounds read attempt (file-other.rules) * 1:38956 <-> ENABLED <-> FILE-OTHER Adobe Acrobat DC invalid TIFF tagtype out of bounds read attempt (file-other.rules) * 1:38957 <-> ENABLED <-> FILE-OTHER Adobe Acrobat DC invalid TIFF tagtype out of bounds read attempt (file-other.rules) * 1:38959 <-> ENABLED <-> FILE-PDF Adobe Reader malformed Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:38960 <-> ENABLED <-> FILE-PDF Adobe Reader malformed Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:38965 <-> DISABLED <-> SERVER-WEBAPP VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:38966 <-> ENABLED <-> FILE-PDF Adobe Reader malformed JPEG2000 image invalid NumberComponents out of bounds read attempt (file-pdf.rules) * 1:38967 <-> ENABLED <-> FILE-PDF Adobe Reader malformed JPEG2000 image invalid NumberComponents out of bounds read attempt (file-pdf.rules) * 1:38968 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38969 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38970 <-> ENABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38971 <-> ENABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38975 <-> DISABLED <-> FILE-PDF Adobe Reader clearGlobalSecurityStore information leak attempt (file-pdf.rules) * 1:38976 <-> DISABLED <-> FILE-PDF Adobe Reader clearGlobalSecurityStore information leak attempt (file-pdf.rules) * 1:38977 <-> DISABLED <-> FILE-PDF Adobe Acrobat memory corruption vulnerability attempt (file-pdf.rules) * 1:38978 <-> DISABLED <-> FILE-PDF Adobe Acrobat memory corruption vulnerability attempt (file-pdf.rules) * 1:38979 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall Scrutinizer methodDetail SQL injection attempt (server-webapp.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38982 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:38983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:38986 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt (server-webapp.rules) * 1:38987 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt (server-webapp.rules) * 1:38988 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt (server-webapp.rules) * 1:38989 <-> DISABLED <-> MALWARE-TOOLS TorStresser http DoS tool (malware-tools.rules) * 1:38990 <-> DISABLED <-> SERVER-WEBAPP Apache Struts I18NInterceptor locale object cross site scripting attempt (server-webapp.rules) * 1:38991 <-> ENABLED <-> FILE-PDF Adobe Reader execAVDialog JavaScript function use-after-free attempt (file-pdf.rules) * 1:38992 <-> ENABLED <-> FILE-PDF Adobe Reader execAVDialog JavaScript function use-after-free attempt (file-pdf.rules) * 1:38993 <-> ENABLED <-> SQL use of sleep function in HTTP header - likely SQL injection attempt (sql.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38997 <-> ENABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38999 <-> ENABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:390 <-> DISABLED <-> PROTOCOL-ICMP Alternate Host Address (protocol-icmp.rules) * 1:39000 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39001 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39002 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39003 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39004 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39005 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39006 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39007 <-> ENABLED <-> FILE-PDF Adobe Reader XFA form use-after-free attempt (file-pdf.rules) * 1:39008 <-> ENABLED <-> FILE-PDF Adobe Reader XFA form use-after-free attempt (file-pdf.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39011 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39012 <-> ENABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39016 <-> ENABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39017 <-> ENABLED <-> FILE-PDF Adobe Reader XFA FormInstanceManager use after free attempt (file-pdf.rules) * 1:39018 <-> ENABLED <-> FILE-PDF Adobe Reader XFA FormInstanceManager use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39021 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39023 <-> ENABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39026 <-> ENABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39027 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager downTimeScheduler.do SQL injection attempt (server-webapp.rules) * 1:39028 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 memory corruption attempt (file-pdf.rules) * 1:39029 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG 2000 memory corruption attempt (file-pdf.rules) * 1:39030 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39031 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules) * 1:39036 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object itself embedding a Flash file (file-office.rules) * 1:39037 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object itself embedding a Flash file (file-office.rules) * 1:39038 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules) * 1:39039 <-> DISABLED <-> BROWSER-PLUGINS Emerson ROCLINK800 ActiveX clsid access attempt (browser-plugins.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39041 <-> DISABLED <-> BROWSER-PLUGINS National Instruments ActiveX clsid access attempt (browser-plugins.rules) * 1:39042 <-> DISABLED <-> BROWSER-PLUGINS National Instruments ActiveX clsid access attempt (browser-plugins.rules) * 1:39043 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules) * 1:39044 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MX ActiveX clsid access attempt (browser-plugins.rules) * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules) * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules) * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:39054 <-> DISABLED <-> BROWSER-PLUGINS Siemens Automation License Manager ActiveX clsid access attempt (browser-plugins.rules) * 1:39055 <-> DISABLED <-> BROWSER-PLUGINS Siemens Automation License Manager ActiveX clsid access attempt (browser-plugins.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:39058 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39059 <-> ENABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:39060 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver UDDISecurityImplBean SQL injection attempt (server-webapp.rules) * 1:39061 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39062 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:39066 <-> ENABLED <-> SERVER-OTHER Magento unauthenticated arbitrary file write attempt (server-other.rules) * 1:39067 <-> DISABLED <-> SERVER-WEBAPP SAP Netweaver Java Proxy Runtime ProxyServer register cross site scripting attempt (server-webapp.rules) * 1:39068 <-> DISABLED <-> SERVER-WEBAPP SAP Netweaver Java Proxy Runtime ProxyServer unregister cross site scripting attempt (server-webapp.rules) * 1:39069 <-> DISABLED <-> SERVER-WEBAPP SAP Netweaver Java Proxy Runtime ProxyServer list cross site scripting attempt (server-webapp.rules) * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:39072 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP insecure disclosure of environment variables attempt (server-webapp.rules) * 1:39073 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39074 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39075 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi raddb config injection attempt (server-webapp.rules) * 1:39076 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39077 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39078 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:39079 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules) * 1:39080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:39081 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit Flash exploit download attempt (exploit-kit.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39087 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39088 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39089 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39090 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39091 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39092 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39093 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39094 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39095 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39096 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39097 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39098 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39099 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:391 <-> DISABLED <-> PROTOCOL-ICMP Alternate Host Address undefined code (protocol-icmp.rules) * 1:39100 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39101 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39104 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39105 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules) * 1:41027 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:41028 <-> DISABLED <-> OS-LINUX Linux net af_packet.c tpacket version race condition use after free attempt (os-linux.rules) * 1:41029 <-> DISABLED <-> SERVER-WEBAPP Nagios Core Configuration Manager SQL injection attempt (server-webapp.rules) * 1:41030 <-> DISABLED <-> SERVER-WEBAPP Nagios Core Configuration Manager command injection attempt (server-webapp.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41032 <-> DISABLED <-> SERVER-WEBAPP Trend Micro hotfix_upload.cgi command injection attempt (server-webapp.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41035 <-> ENABLED <-> EXPLOIT-KIT Sundown Exploit Kit redirection attempt (exploit-kit.rules) * 1:41036 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:41037 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA domains command injection attempt (server-webapp.rules) * 1:41038 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA testConfiguration command injection attempt (server-webapp.rules) * 1:41039 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA wmi_domain_controllers command injection attempt (server-webapp.rules) * 1:41040 <-> ENABLED <-> OS-LINUX Ubuntu Apport CrashDB crash report code injection attempt (os-linux.rules) * 1:41041 <-> ENABLED <-> OS-LINUX Ubuntu Apport CrashDB crash report code injection attempt (os-linux.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41080 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:41082 <-> DISABLED <-> SERVER-OTHER Tarantool Msgpuck mp_check denial of service vulnerability attempt (server-other.rules) * 1:41083 <-> ENABLED <-> MALWARE-CNC DNS suspicious .bit dns query (malware-cnc.rules) * 1:41084 <-> DISABLED <-> EXPLOIT-KIT Sundown Exploit kit landing page obfuscation detected (exploit-kit.rules) * 1:41085 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A webSetPingTrace command injection attempt (server-webapp.rules) * 1:41086 <-> ENABLED <-> SERVER-WEBAPP Oracle Opera Property Management System ProcessInfo command injection attempt (server-webapp.rules) * 1:41087 <-> ENABLED <-> SERVER-WEBAPP Oracle Opera Property Management System ProcessInfo command injection attempt (server-webapp.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 1:41090 <-> DISABLED <-> SERVER-OTHER Rockwell Factorytalk RNADiagReceiver denial of service attempt (server-other.rules) * 1:41091 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash Ethernet attempt (protocol-scada.rules) * 1:41092 <-> ENABLED <-> EXPLOIT-KIT Rig Exploit Kit landing page obfuscation detected (exploit-kit.rules) * 1:41094 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules) * 1:41096 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 hidden_lang_avi stack buffer overflow attempt (server-webapp.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules) * 1:411 <-> DISABLED <-> PROTOCOL-ICMP IPV6 I-Am-Here (protocol-icmp.rules) * 1:41102 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41103 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41104 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41105 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41106 <-> ENABLED <-> SERVER-WEBAPP PHPMailer command injection remote code execution attempt (server-webapp.rules) * 1:41107 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer layout object use after free attempt (browser-ie.rules) * 1:41108 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules) * 1:41109 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules) * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41112 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules) * 1:41113 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS Logs.class SQL injection attempt (server-webapp.rules) * 1:41114 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules) * 1:41115 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS TaskViewServlet.class SQL injection attempt (server-webapp.rules) * 1:41116 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules) * 1:41117 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWall GMS WorkFlowServlet.class SQL injection attempt (server-webapp.rules) * 1:41118 <-> DISABLED <-> SERVER-OTHER OpenSSL ChaCha20 Poly1305 heap-buffer overflow attempt (server-other.rules) * 1:41119 <-> DISABLED <-> SERVER-WEBAPP SourceBans advsearch banlist cross site scripting attempt (server-webapp.rules) * 1:41120 <-> ENABLED <-> FILE-IMAGE ImageMagick PostScript decode delegate command injection attempt (file-image.rules) * 1:41121 <-> ENABLED <-> FILE-IMAGE ImageMagick PostScript decode delegate command injection attempt (file-image.rules) * 1:41132 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41138 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41139 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41140 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41142 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41143 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41150 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41160 <-> ENABLED <-> FILE-FLASH Acrobat Flash FileReference class use-after-free memory corruption attempt (file-flash.rules) * 1:41161 <-> ENABLED <-> FILE-FLASH Acrobat Flash FileReference class use-after-free memory corruption attempt (file-flash.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41164 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41165 <-> ENABLED <-> FILE-FLASH Acrobat Flash FileReference class use-after-free memory corruption attempt (file-flash.rules) * 1:41166 <-> ENABLED <-> FILE-FLASH Acrobat Flash FileReference class use-after-free memory corruption attempt (file-flash.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41181 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41182 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41183 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41184 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41185 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41186 <-> DISABLED <-> POLICY-OTHER SunRPC Portmap GETPORT request detected (policy-other.rules) * 1:41187 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino BOX mailbox information disclosure attempt (server-webapp.rules) * 1:41188 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino NSF database information disclosure attempt (server-webapp.rules) * 1:41189 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino srvnam.htm information disclosure attempt (server-webapp.rules) * 1:41190 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41191 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41192 <-> DISABLED <-> POLICY-OTHER Adobe Flash SMTP MIME attachment detected (policy-other.rules) * 1:41193 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41194 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41196 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules) * 1:41197 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules) * 1:41198 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41199 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:412 <-> DISABLED <-> PROTOCOL-ICMP IPV6 I-Am-Here undefined code (protocol-icmp.rules) * 1:41200 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41201 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:41207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:41208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed PlaceObject3 memory corruption attempt (file-flash.rules) * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules) * 1:41210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:41211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:41212 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server digest_ripe message field out of bounds read attempt (server-other.rules) * 1:41213 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server client batch request exploit attempt (server-other.rules) * 1:41214 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movieclip use after free attempt (file-flash.rules) * 1:41215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movie clip use after free attempt (file-flash.rules) * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:41217 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules) * 1:41218 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules) * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules) * 1:41220 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules) * 1:41221 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules) * 1:41222 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application web_runScript access attempt (server-webapp.rules) * 1:41223 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A plaintext password leak attempt (server-webapp.rules) * 1:41224 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules) * 1:41225 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules) * 1:41226 <-> DISABLED <-> INDICATOR-SHELLCODE AIX /bin/sh (indicator-shellcode.rules) * 1:41227 <-> DISABLED <-> INDICATOR-SHELLCODE BSDi x86 bind stage (indicator-shellcode.rules) * 1:41228 <-> DISABLED <-> INDICATOR-SHELLCODE BSDi x86 reverse connect stage (indicator-shellcode.rules) * 1:41229 <-> DISABLED <-> INDICATOR-SHELLCODE BSDi x86 shell (indicator-shellcode.rules) * 1:41230 <-> DISABLED <-> INDICATOR-SHELLCODE BSDi x86 shell toupper (indicator-shellcode.rules) * 1:41231 <-> DISABLED <-> INDICATOR-SHELLCODE BSD PPC shell (indicator-shellcode.rules) * 1:41232 <-> DISABLED <-> INDICATOR-SHELLCODE BSD SPARC bind shell (indicator-shellcode.rules) * 1:41233 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 bind stage (indicator-shellcode.rules) * 1:41234 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 chroot (indicator-shellcode.rules) * 1:41235 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 execute (indicator-shellcode.rules) * 1:41236 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 FindRecv stage (indicator-shellcode.rules) * 1:41237 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 FindSock shell (indicator-shellcode.rules) * 1:41238 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 mail passwd (indicator-shellcode.rules) * 1:41239 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 reverse connect shell (indicator-shellcode.rules) * 1:41240 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 reverse connect shell (indicator-shellcode.rules) * 1:41241 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 reverse stage (indicator-shellcode.rules) * 1:41242 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 setuid shell (indicator-shellcode.rules) * 1:41243 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 shell (indicator-shellcode.rules) * 1:41244 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 shell - evade (indicator-shellcode.rules) * 1:41245 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 shell - evade (indicator-shellcode.rules) * 1:41246 <-> DISABLED <-> INDICATOR-SHELLCODE freeBSD x86 kldload (indicator-shellcode.rules) * 1:41247 <-> DISABLED <-> INDICATOR-SHELLCODE freeBSD x86 shell - chown/chmod/exec (indicator-shellcode.rules) * 1:41248 <-> DISABLED <-> INDICATOR-SHELLCODE freeBSD x86 shell (indicator-shellcode.rules) * 1:41249 <-> DISABLED <-> INDICATOR-SHELLCODE freeBSD x86 shell (indicator-shellcode.rules) * 1:41250 <-> DISABLED <-> INDICATOR-SHELLCODE HP-UX PA-RISC shell (indicator-shellcode.rules) * 1:41251 <-> DISABLED <-> INDICATOR-SHELLCODE IRIX MIPS shell (indicator-shellcode.rules) * 1:41252 <-> DISABLED <-> INDICATOR-SHELLCODE Linux MIPS shell (indicator-shellcode.rules) * 1:41253 <-> DISABLED <-> INDICATOR-SHELLCODE Linux PPC read execute (indicator-shellcode.rules) * 1:41254 <-> DISABLED <-> INDICATOR-SHELLCODE Linux PPC reverse connect shell (indicator-shellcode.rules) * 1:41255 <-> DISABLED <-> INDICATOR-SHELLCODE Linux PPC shell (indicator-shellcode.rules) * 1:41256 <-> DISABLED <-> INDICATOR-SHELLCODE Linux PPC shell (indicator-shellcode.rules) * 1:41257 <-> DISABLED <-> INDICATOR-SHELLCODE Linux SPARC bind shell (indicator-shellcode.rules) * 1:41258 <-> DISABLED <-> INDICATOR-SHELLCODE Linux SPARC bind shell (indicator-shellcode.rules) * 1:41259 <-> DISABLED <-> INDICATOR-SHELLCODE Linux SPARC FindSock shell (indicator-shellcode.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:41260 <-> DISABLED <-> INDICATOR-SHELLCODE Linux SPARC reverse connect shell (indicator-shellcode.rules) * 1:41261 <-> DISABLED <-> INDICATOR-SHELLCODE Linux SPARC reverse connect shell (indicator-shellcode.rules) * 1:41262 <-> DISABLED <-> INDICATOR-SHELLCODE Linux x86 execute (indicator-shellcode.rules) * 1:41263 <-> DISABLED <-> INDICATOR-SHELLCODE Linux x86 FindSock shell (indicator-shellcode.rules) * 1:41264 <-> DISABLED <-> INDICATOR-SHELLCODE Linux x86 reverse connect UDP shell (indicator-shellcode.rules) * 1:41265 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC add user (indicator-shellcode.rules) * 1:41266 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC create setuid (indicator-shellcode.rules) * 1:41267 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC INETD backdoor (indicator-shellcode.rules) * 1:41268 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC reboot (indicator-shellcode.rules) * 1:41269 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC reverse shell (indicator-shellcode.rules) * 1:4127 <-> DISABLED <-> SERVER-OTHER Novell eDirectory Server iMonitor overflow attempt (server-other.rules) * 1:41270 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC reverse stage (indicator-shellcode.rules) * 1:41271 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC reverse stage null free (indicator-shellcode.rules) * 1:41272 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC shell (indicator-shellcode.rules) * 1:41273 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC shell setuid (indicator-shellcode.rules) * 1:41274 <-> DISABLED <-> INDICATOR-SHELLCODE Mac OS X PPC Xterm execution (indicator-shellcode.rules) * 1:41275 <-> DISABLED <-> INDICATOR-SHELLCODE Multi-OS shell - linux x86/ppc (indicator-shellcode.rules) * 1:41276 <-> DISABLED <-> INDICATOR-SHELLCODE Multi-OS shell - osx x86/ppc (indicator-shellcode.rules) * 1:41277 <-> DISABLED <-> INDICATOR-SHELLCODE Multi-OS shell - solaris/linux (indicator-shellcode.rules) * 1:41278 <-> DISABLED <-> INDICATOR-SHELLCODE Multi-OS shell - solaris/linux/irix (indicator-shellcode.rules) * 1:41279 <-> DISABLED <-> INDICATOR-SHELLCODE NetBSD x86 reverse connect shell (indicator-shellcode.rules) * 1:4128 <-> DISABLED <-> SERVER-WEBAPP 4DWebstar ShellExample.cgi information disclosure (server-webapp.rules) * 1:41280 <-> DISABLED <-> INDICATOR-SHELLCODE NetBSD x86 shell (indicator-shellcode.rules) * 1:41281 <-> DISABLED <-> INDICATOR-SHELLCODE NetBSD x86 shell (indicator-shellcode.rules) * 1:41282 <-> DISABLED <-> INDICATOR-SHELLCODE NetBSD x86 shell (indicator-shellcode.rules) * 1:41283 <-> DISABLED <-> INDICATOR-SHELLCODE OpenBSD x86 add user (indicator-shellcode.rules) * 1:41284 <-> DISABLED <-> INDICATOR-SHELLCODE OpenBSD x86 bind shell (indicator-shellcode.rules) * 1:41285 <-> DISABLED <-> INDICATOR-SHELLCODE SCO OpenServer x86 shell (indicator-shellcode.rules) * 1:41286 <-> DISABLED <-> INDICATOR-SHELLCODE Solaris x86 bind shell (indicator-shellcode.rules) * 1:41287 <-> DISABLED <-> INDICATOR-SHELLCODE Solaris x86 FindSock shell (indicator-shellcode.rules) * 1:41288 <-> DISABLED <-> INDICATOR-SHELLCODE Solaris x86 reverse connect shell (indicator-shellcode.rules) * 1:41289 <-> DISABLED <-> INDICATOR-SHELLCODE Windows x86 add user (indicator-shellcode.rules) * 1:4129 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent large login packet DoS attempt (server-other.rules) * 1:41290 <-> DISABLED <-> INDICATOR-SHELLCODE Windows x86 download execute (indicator-shellcode.rules) * 1:41291 <-> DISABLED <-> INDICATOR-SHELLCODE Windows x86 EMET disable (indicator-shellcode.rules) * 1:41292 <-> DISABLED <-> INDICATOR-SHELLCODE Windows x86 PassiveX stage (indicator-shellcode.rules) * 1:41293 <-> DISABLED <-> INDICATOR-SHELLCODE x86 decoder (indicator-shellcode.rules) * 1:41294 <-> DISABLED <-> INDICATOR-SHELLCODE x86 decoder (indicator-shellcode.rules) * 1:41295 <-> DISABLED <-> INDICATOR-SHELLCODE x86 decoder (indicator-shellcode.rules) * 1:41296 <-> DISABLED <-> INDICATOR-SHELLCODE x86 decoder (indicator-shellcode.rules) * 1:41297 <-> DISABLED <-> INDICATOR-SHELLCODE x86 decoder (indicator-shellcode.rules) * 1:41298 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41299 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:413 <-> DISABLED <-> PROTOCOL-ICMP IPV6 Where-Are-You (protocol-icmp.rules) * 1:4130 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent buffer overflow Attempt (server-other.rules) * 1:41300 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41301 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41302 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41303 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41304 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41305 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jpeg decoding heap buffer overflow attempt (file-image.rules) * 1:41306 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules) * 1:41307 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41311 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41312 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules) * 1:41313 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules) * 1:41314 <-> DISABLED <-> EXPLOIT-KIT Rig exploit kit landing page detected (exploit-kit.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41319 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader cross reference table memory corruption attempt (file-pdf.rules) * 1:4132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer msdds clsid access attempt (browser-ie.rules) * 1:41320 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader cross reference table memory corruption attempt (file-pdf.rules) * 1:41321 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro zoom caching use after free attempt (file-pdf.rules) * 1:41322 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro zoom caching use after free attempt (file-pdf.rules) * 1:41323 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 COD marker use after free attempt (file-pdf.rules) * 1:41324 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 COD marker use after free attempt (file-pdf.rules) * 1:41325 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41326 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41329 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules) * 1:4133 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer devenum clsid access attempt (browser-ie.rules) * 1:41330 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:41332 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules) * 1:41333 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:4134 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer blnmgr clsid access attempt (browser-ie.rules) * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41345 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:4135 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41352 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A Series cross-site request forgery attempt (server-webapp.rules) * 1:41353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules) * 1:41354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules) * 1:41355 <-> DISABLED <-> SERVER-WEBAPP WordPress Admin API ajax-actions.php directory traversal attempt (server-webapp.rules) * 1:41356 <-> ENABLED <-> SERVER-WEBAPP Cisco Firepower Management Console 6.0 local file include attempt (server-webapp.rules) * 1:41357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41359 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt (server-webapp.rules) * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules) * 1:41365 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RtlQueryRegistryValues buffer overflow attempt (os-windows.rules) * 1:41366 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack server denial of service attempt (server-other.rules) * 1:41367 <-> ENABLED <-> SERVER-OTHER NTPD zero origin timestamp denial of service attempt (server-other.rules) * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41377 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41379 <-> DISABLED <-> SERVER-OTHER Squid HTTP Vary response header denial of service attempt (server-other.rules) * 1:41380 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41381 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41382 <-> DISABLED <-> SERVER-OTHER OpenLDAP BER Message denial of service attempt (server-other.rules) * 1:41383 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules) * 1:41384 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules) * 1:41385 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:41386 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:41387 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router logset.asp command injection attempt (server-webapp.rules) * 1:41388 <-> DISABLED <-> SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt (server-webapp.rules) * 1:41389 <-> DISABLED <-> POLICY-OTHER Cisco Firepower Management Console rule import access detected (policy-other.rules) * 1:41390 <-> ENABLED <-> SERVER-WEBAPP Apache Commons Library FileUpload unauthorized Java object upload attempt (server-webapp.rules) * 1:41391 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41392 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41393 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41394 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41395 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41396 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41397 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41398 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41399 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:414 <-> DISABLED <-> PROTOCOL-ICMP IPV6 Where-Are-You undefined code (protocol-icmp.rules) * 1:4140 <-> DISABLED <-> SERVER-OTHER tcpdump tcp LDP print zero length message denial of service attempt (server-other.rules) * 1:41400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41401 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router adv_remotelog.asp command injection attempt (server-webapp.rules) * 1:41402 <-> DISABLED <-> SERVER-WEBAPP Billion 5200W ADSL Router tools_time.asp command injection attempt (server-webapp.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41404 <-> DISABLED <-> SERVER-WEBAPP Joomla JCE multiple plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:41405 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object property change use after free attempt (browser-ie.rules) * 1:41406 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object property change use after free attempt (browser-ie.rules) * 1:41407 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41408 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41409 <-> DISABLED <-> POLICY-OTHER Cisco Webex explicit use of web plugin detected (policy-other.rules) * 1:4141 <-> DISABLED <-> SERVER-OTHER tcpdump udp LDP print zero length message denial of service attempt (server-other.rules) * 1:41410 <-> DISABLED <-> SERVER-WEBAPP McAfee ePolicy Orchestrator data channel SQL injection attempt (server-webapp.rules) * 1:41411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41413 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (file-office.rules) * 1:41414 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed msofbtTextbox exploit attempt (file-office.rules) * 1:41416 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:41417 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader image cache use after free attempt (file-pdf.rules) * 1:41418 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection type confusion attempt (file-flash.rules) * 1:41419 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection type confusion attempt (file-flash.rules) * 1:4142 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41420 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules) * 1:41421 <-> ENABLED <-> SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (server-webapp.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:4143 <-> ENABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:41430 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function use after free memory corruption vulnerability attempt (server-webapp.rules) * 1:41431 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function use after free memory corruption vulnerability attempt (server-webapp.rules) * 1:41432 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function use after free memory corruption vulnerability attempt (server-webapp.rules) * 1:41433 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function use after free memory corruption vulnerability attempt (server-webapp.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:4144 <-> ENABLED <-> OS-SOLARIS Oracle Solaris lpd control file upload attempt (os-solaris.rules) * 1:41440 <-> DISABLED <-> MALWARE-OTHER Dos.Tool.LOIC TCP default U dun goofed attack (malware-other.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41445 <-> DISABLED <-> SERVER-OTHER QNAP remote buffer overflow attempt (server-other.rules) * 1:41446 <-> ENABLED <-> SERVER-WEBAPP Cisco Meraki default admin credentials attempt (server-webapp.rules) * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41449 <-> DISABLED <-> SQL use of sleep function with and - likely SQL injection (sql.rules) * 1:4145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Trouble Shooter ActiveX object access (browser-plugins.rules) * 1:41450 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules) * 1:41451 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CElement object use after free attempt (browser-ie.rules) * 1:41452 <-> DISABLED <-> MALWARE-CNC Swf.Tool.Agent flash file in a word document uploading system capabilities (malware-cnc.rules) * 1:41453 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter field length invalid chunk size buffer overflow attempt (file-office.rules) * 1:41454 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41455 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41457 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:4146 <-> DISABLED <-> BROWSER-PLUGINS Share Point Portal Services Log Sink ActiveX object access (browser-plugins.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41462 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41463 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41464 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41465 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32 Divide Error Exception Denial of Service attempt (file-executable.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules) * 1:4147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ActiveLabel ActiveX object access (browser-plugins.rules) * 1:41470 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules) * 1:41471 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules) * 1:41472 <-> ENABLED <-> FILE-FLASH Adobe Flash Player broker arbitrary file write attempt (file-flash.rules) * 1:41473 <-> ENABLED <-> FILE-FLASH Adobe Flash Player broker arbitrary file write attempt (file-flash.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:4148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:41480 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:41481 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:41482 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:41483 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:41484 <-> DISABLED <-> FILE-OTHER LexMark Perceptive Document Filters BZIP2 convert out of bounds write attempt (file-other.rules) * 1:41485 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField antiAliasType use after free attempt (file-flash.rules) * 1:41486 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField antiAliasType use after free attempt (file-flash.rules) * 1:41488 <-> DISABLED <-> SERVER-WEBAPP GitHub Enterprise pre-receive-hooks SQL injection attempt (server-webapp.rules) * 1:41489 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules) * 1:41490 <-> DISABLED <-> SERVER-WEBAPP Sophos Web Security Appliance command injection attempt (server-webapp.rules) * 1:41491 <-> DISABLED <-> BROWSER-PLUGINS NTR Check buffer overflow attempt (browser-plugins.rules) * 1:41492 <-> DISABLED <-> BROWSER-PLUGINS NTR Check buffer overflow attempt (browser-plugins.rules) * 1:41493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested SPAN tag memory corruption attempt (browser-ie.rules) * 1:41494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:41495 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules) * 1:41496 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules) * 1:41497 <-> ENABLED <-> SERVER-WEBAPP WordPress get_post authentication bypass attempt (server-webapp.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:41499 <-> ENABLED <-> SERVER-SAMBA Microsoft Windows SMBv2/SMBv3 Buffer Overflow attempt (server-samba.rules) * 1:415 <-> DISABLED <-> PROTOCOL-ICMP Information Reply (protocol-icmp.rules) * 1:4150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Outlook View OVCtl ActiveX function call access (browser-plugins.rules) * 1:41500 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:41501 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:41502 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:41503 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules) * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules) * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:4151 <-> DISABLED <-> BROWSER-PLUGINS System Monitor Source Properties ActiveX object access (browser-plugins.rules) * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41513 <-> DISABLED <-> FILE-PDF Adobe Reader setPersistent use after free attempt (file-pdf.rules) * 1:41514 <-> ENABLED <-> FILE-PDF Adobe Reader setPersistent use after free attempt (file-pdf.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41517 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux replace tag file poisoning attempt (server-webapp.rules) * 1:41518 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux bracket tag file poisoning attempt (server-webapp.rules) * 1:41519 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux url encoded bracket tag file poisoning attempt (server-webapp.rules) * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules) * 1:41523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:4153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Eyedog ActiveX object access (browser-plugins.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41535 <-> DISABLED <-> SERVER-WEBAPP Broadwin WebAccess DOS attempt (server-webapp.rules) * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:4154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Active Setup ActiveX object access (browser-plugins.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41541 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41542 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:4155 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules) * 1:41553 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41554 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41555 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use asm memory corruption attempt (browser-ie.rules) * 1:41556 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use asm memory corruption attempt (browser-ie.rules) * 1:41557 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41558 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41559 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:4156 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player 7+ ActiveX object access (browser-plugins.rules) * 1:41560 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41561 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array proto chain manipulation memory corruption attempt (browser-ie.rules) * 1:41562 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array proto chain manipulation memory corruption attempt (browser-ie.rules) * 1:41563 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for imjp12k.dll over SMB attempt (file-office.rules) * 1:41564 <-> DISABLED <-> FILE-OFFICE Microsoft Office imjp12k.dll dll-load exploit attempt (file-office.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41567 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41568 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41569 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:4157 <-> DISABLED <-> BROWSER-PLUGINS MSN Setup BBS 4.71.0.10 ActiveX object access (browser-plugins.rules) * 1:41570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41571 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41572 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41573 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41574 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41575 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml and res protocol information disclosure attempt (browser-ie.rules) * 1:41576 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml and res protocol information disclosure attempt (browser-ie.rules) * 1:41577 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41578 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41579 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:4158 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player Active Movie ActiveX object access (browser-plugins.rules) * 1:41580 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41581 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41582 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41586 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41587 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41588 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41589 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:4159 <-> DISABLED <-> BROWSER-PLUGINS Multimedia File Property Sheet ActiveX object access (browser-plugins.rules) * 1:41590 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41591 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41592 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41593 <-> DISABLED <-> BROWSER-IE Microsoft Edge Data URI same origin policy bypass attempt (browser-ie.rules) * 1:41594 <-> DISABLED <-> BROWSER-IE Microsoft Edge Data URI same origin policy bypass attempt (browser-ie.rules) * 1:41595 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41597 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41598 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41599 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPeerHolder use after free attempt (browser-ie.rules) * 1:416 <-> DISABLED <-> PROTOCOL-ICMP Information Reply undefined code (protocol-icmp.rules) * 1:4160 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Reporting Tool ActiveX object access (browser-plugins.rules) * 1:41600 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPeerHolder use after free attempt (browser-ie.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41605 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41606 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41607 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41608 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41609 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:4161 <-> DISABLED <-> BROWSER-PLUGINS DigWebX MSN ActiveX object access (browser-plugins.rules) * 1:41610 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:4162 <-> DISABLED <-> BROWSER-PLUGINS DigWebX MSN ActiveX object access (browser-plugins.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41625 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41626 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:4163 <-> DISABLED <-> BROWSER-PLUGINS DigWebX MSN ActiveX object access (browser-plugins.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41633 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 Windows Media Player information disclosure attempt (browser-ie.rules) * 1:41634 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 Windows Media Player information disclosure attempt (browser-ie.rules) * 1:41635 <-> ENABLED <-> FILE-OTHER Adobe AcrobatDC EMF buffer underflow attempt (file-other.rules) * 1:41636 <-> ENABLED <-> FILE-OTHER Adobe AcrobatDC EMF buffer underflow attempt (file-other.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:41638 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN gallery directory traversal attempt (server-webapp.rules) * 1:41639 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN gallery directory traversal attempt (server-webapp.rules) * 1:4164 <-> DISABLED <-> BROWSER-PLUGINS DigWebX MSN ActiveX object access (browser-plugins.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41642 <-> DISABLED <-> SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (server-webapp.rules) * 1:41643 <-> DISABLED <-> SERVER-WEBAPP Wordpress xmlrpc.php multiple failed authentication response (server-webapp.rules) * 1:41644 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSprite tag memory corruption attempt (file-flash.rules) * 1:41645 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSprite tag memory corruption attempt (file-flash.rules) * 1:41646 <-> DISABLED <-> PROTOCOL-SCADA BB-Elec ethernet gateway DOS attempt (protocol-scada.rules) * 1:41647 <-> DISABLED <-> POLICY-OTHER Piwik Analytics Platform PHP plugin installation detected (policy-other.rules) * 1:41648 <-> DISABLED <-> PROTOCOL-SCADA SCADA Trace Mode DoS attempt (protocol-scada.rules) * 1:41649 <-> DISABLED <-> POLICY-OTHER Wordpress Press-This page access detected (policy-other.rules) * 1:4165 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Image Control 1.0 ActiveX object access (browser-plugins.rules) * 1:41650 <-> DISABLED <-> SERVER-WEBAPP Wordpress Excerpt cross site scripting attempt (server-webapp.rules) * 1:41651 <-> DISABLED <-> SERVER-OTHER Schneider Electric ETY Telnet DOS attempt (server-other.rules) * 1:41652 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41653 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41654 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41658 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:41659 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.MagicHound dropper document file detected (malware-other.rules) * 1:41660 <-> DISABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:41666 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules) * 1:41667 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules) * 1:41668 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules) * 1:41669 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules) * 1:4167 <-> DISABLED <-> BROWSER-PLUGINS MSN Heartbeat ActiveX clsid access (browser-plugins.rules) * 1:41670 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules) * 1:41671 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules) * 1:41672 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules) * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41677 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Appliance insecure configuration export attempt (server-webapp.rules) * 1:41678 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Appliance insecure configuration import attempt (server-webapp.rules) * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:4168 <-> DISABLED <-> BROWSER-PLUGINS Shell Automation Service ActiveX object access (browser-plugins.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules) * 1:41689 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules) * 1:4169 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Active Setup ActiveX object access (browser-plugins.rules) * 1:41690 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules) * 1:41691 <-> DISABLED <-> SERVER-WEBAPP Siemens WinCC DoS attempt (server-webapp.rules) * 1:41692 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux unauthorized authentication token usage attempt (server-webapp.rules) * 1:41693 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera adcommand.cgi command execution attempt (server-webapp.rules) * 1:41694 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules) * 1:41695 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera pwdgrp.cgi command injection attempt (server-webapp.rules) * 1:41696 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera cloudsetup.cgi command execution attempt (server-webapp.rules) * 1:41697 <-> DISABLED <-> SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (server-webapp.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:417 <-> DISABLED <-> PROTOCOL-ICMP Information Request (protocol-icmp.rules) * 1:4170 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (browser-plugins.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41701 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DSGetNCChanges attempt (policy-other.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41705 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid package script information use after free attempt (file-flash.rules) * 1:41706 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid package script information use after free attempt (file-flash.rules) * 1:41707 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux http response splitting attempt (server-webapp.rules) * 1:41708 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom valueOf function attempt (file-flash.rules) * 1:41709 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom valueOf function attempt (file-flash.rules) * 1:4171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Registration Wizard ActiveX object access (browser-plugins.rules) * 1:41710 <-> DISABLED <-> INDICATOR-COMPROMISE Binary file download request from internationalized domain name using Microsoft BITS (indicator-compromise.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:41713 <-> DISABLED <-> SERVER-WEBAPP DotNetNuke installation attempt detected (server-webapp.rules) * 1:41714 <-> DISABLED <-> INDICATOR-OBFUSCATION rfc822 HTTP transfer encoding attempt attempt (indicator-obfuscation.rules) * 1:41715 <-> DISABLED <-> BROWSER-IE Microsoft Health and Support Center iframe injection attempt (browser-ie.rules) * 1:41716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:4172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent v1.5 ActiveX clsid access (browser-plugins.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41721 <-> DISABLED <-> SERVER-WEBAPP Mikrotik Syslog Server DoS attempt (server-webapp.rules) * 1:41722 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol backup config command attempt (server-other.rules) * 1:41723 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download config command attempt (server-other.rules) * 1:41724 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol download image command attempt (server-other.rules) * 1:41725 <-> ENABLED <-> SERVER-OTHER Cisco IOS Smart Install protocol version command attempt (server-other.rules) * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41728 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41729 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:4173 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MsnPUpld ActiveX object access (browser-plugins.rules) * 1:41730 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41731 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:41732 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules) * 1:41733 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules) * 1:41734 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules) * 1:41735 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Messaging Security Appliance command injection attempt (server-webapp.rules) * 1:41736 <-> DISABLED <-> SERVER-OTHER Beck IPC CHIP DoS attempt (server-other.rules) * 1:41737 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:41738 <-> DISABLED <-> PROTOCOL-SCADA Sunway DOS attempt (protocol-scada.rules) * 1:41739 <-> DISABLED <-> PROTOCOL-SCADA Moxa Mass Config Tool DOS attempt (protocol-scada.rules) * 1:4174 <-> DISABLED <-> BROWSER-PLUGINS Symantec RuFSI registry Information Class ActiveX object access (browser-plugins.rules) * 1:41740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString and valueOf function attempt (file-flash.rules) * 1:41741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString and valueOf function attempt (file-flash.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41743 <-> DISABLED <-> PROTOCOL-SCADA TwinCAT PLC DOS attempt (protocol-scada.rules) * 1:41744 <-> DISABLED <-> POLICY-OTHER Cisco IOS configuration transfer via TFTP detected (policy-other.rules) * 1:41745 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41746 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41747 <-> DISABLED <-> PROTOCOL-SCADA Moxa SoftCMS webserver DOS attempt (protocol-scada.rules) * 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:4175 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000/2002 Web Components PivotTable ActiveX object access (browser-plugins.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41752 <-> DISABLED <-> PROTOCOL-SCADA PowerNet Twin Client DOS attempt (protocol-scada.rules) * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41755 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41756 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41757 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41758 <-> DISABLED <-> INDICATOR-COMPROMISE d-link sharecenter dns-320 denial of service attempt (indicator-compromise.rules) * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:4176 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000 and 2002 Web Components Chart ActiveX object access (browser-plugins.rules) * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41761 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41762 <-> DISABLED <-> POLICY-OTHER Microsoft Word document with large docProps/core.xml file (policy-other.rules) * 1:41763 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41764 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41767 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41768 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41769 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:4177 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:41770 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN Gallery SQL injection attempt (server-webapp.rules) * 1:41771 <-> ENABLED <-> MALWARE-TOOLS slowhttptest DoS tool (malware-tools.rules) * 1:41772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41773 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41774 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41775 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41776 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41777 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer runtimeStyle use-after-free attempt (browser-ie.rules) * 1:41778 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CS3000 BKFSim_vhfd buffer overflow attempt (protocol-scada.rules) * 1:4178 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000 and 2002 Web Components Record Navigation Control ActiveX object access (browser-plugins.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:41781 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules) * 1:41782 <-> ENABLED <-> SERVER-WEBAPP carel plantvisorpro3 directory traversal attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41784 <-> DISABLED <-> INDICATOR-COMPROMISE clorius controls information gathering attempt (indicator-compromise.rules) * 1:41785 <-> DISABLED <-> SERVER-WEBAPP carel plantvisor directory traversal exploitation attempt (server-webapp.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:4179 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows DirectX Files Viewer ActiveX object access (browser-plugins.rules) * 1:41790 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:41791 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:41792 <-> ENABLED <-> FILE-OTHER Microsoft Office RTF out-of-bounds memory access attempt (file-other.rules) * 1:41793 <-> ENABLED <-> INDICATOR-SCAN Cisco Smart Install Protocol scan TFTP response (indicator-scan.rules) * 1:41794 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41795 <-> DISABLED <-> POLICY-OTHER Cisco IOS SMI imagelist download via TFTP detected (policy-other.rules) * 1:41796 <-> DISABLED <-> POLICY-OTHER Cisco IOS privileged user configuration transfer via TFTP detected (policy-other.rules) * 1:41797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41798 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41799 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:418 <-> DISABLED <-> PROTOCOL-ICMP Information Request undefined code (protocol-icmp.rules) * 1:4180 <-> DISABLED <-> BROWSER-PLUGINS Kodak Image Scan Control ActiveX object access (browser-plugins.rules) * 1:41800 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:41801 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:41802 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Fastback buffer overflow attempt (server-other.rules) * 1:41803 <-> DISABLED <-> BROWSER-PLUGINS Elipse E3 ActiveReports ActiveX clsid access attempt (browser-plugins.rules) * 1:41804 <-> DISABLED <-> BROWSER-PLUGINS Elipse E3 ActiveReports ActiveX clsid access attempt (browser-plugins.rules) * 1:41805 <-> DISABLED <-> BROWSER-PLUGINS Elipse E3 ActiveReports ActiveX clsid access attempt (browser-plugins.rules) * 1:41806 <-> DISABLED <-> BROWSER-PLUGINS Elipse E3 ActiveReports ActiveX clsid access attempt (browser-plugins.rules) * 1:41807 <-> DISABLED <-> POLICY-OTHER SSLv3 Client Hello attempt (policy-other.rules) * 1:41808 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules) * 1:41809 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules) * 1:4181 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Smartcard Enrollment ActiveX object access (browser-plugins.rules) * 1:41810 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file upload attempt (server-other.rules) * 1:41811 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file delete attempt (server-other.rules) * 1:41812 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file move attempt (server-other.rules) * 1:41813 <-> ENABLED <-> SERVER-WEBAPP PHPMailer command injection remote code execution attempt (server-webapp.rules) * 1:41814 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules) * 1:41815 <-> DISABLED <-> SERVER-WEBAPP NetGain Enterprise Manager arbitrary command execution attempt (server-webapp.rules) * 1:41816 <-> DISABLED <-> POLICY-OTHER ElasticSearch cluster health access detected (policy-other.rules) * 1:41817 <-> DISABLED <-> SERVER-WEBAPP generic SQL select statement possible sql injection (server-webapp.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:4182 <-> DISABLED <-> BROWSER-PLUGINS Microsoft MSN Chat v4.5, 4.6 ActiveX object access (browser-plugins.rules) * 1:41820 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:41823 <-> DISABLED <-> SERVER-OTHER Nagios Core privilege escalation attempt (server-other.rules) * 1:41824 <-> DISABLED <-> SERVER-OTHER Nagios Core privilege escalation attempt (server-other.rules) * 1:41825 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugins Simple Ads Manager information disclosure attempt (server-webapp.rules) * 1:41826 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugins Simple Ads Manager information disclosure attempt (server-webapp.rules) * 1:41827 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPPlayback access attempt (browser-plugins.rules) * 1:41828 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPPlayback access attempt (browser-plugins.rules) * 1:41829 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPPlayback access attempt (browser-plugins.rules) * 1:4183 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows HTML Help ActiveX object access (browser-plugins.rules) * 1:41830 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPPlayback access attempt (browser-plugins.rules) * 1:41831 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPPTZ access attempt (browser-plugins.rules) * 1:41832 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPPTZ access attempt (browser-plugins.rules) * 1:41833 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPPTZ access attempt (browser-plugins.rules) * 1:41834 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPPTZ access attempt (browser-plugins.rules) * 1:41835 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPEvent access attempt (browser-plugins.rules) * 1:41836 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPEvent access attempt (browser-plugins.rules) * 1:41837 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPEvent access attempt (browser-plugins.rules) * 1:41838 <-> DISABLED <-> BROWSER-PLUGINS WebGate eDVR Manager WESPEvent access attempt (browser-plugins.rules) * 1:41839 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules) * 1:4184 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Certificate Enrollment ActiveX object access (browser-plugins.rules) * 1:41840 <-> ENABLED <-> BROWSER-IE Microsoft Edge object mutation memory corruption attempt (browser-ie.rules) * 1:41841 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41842 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41843 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41844 <-> DISABLED <-> SERVER-WEBAPP phpFileManager cmd parameter command injection attempt (server-webapp.rules) * 1:41845 <-> DISABLED <-> SERVER-WEBAPP pfSense status_rrd_graph_img.php command injection via CSRF attempt (server-webapp.rules) * 1:41846 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41847 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41848 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:41849 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC stack buffer overflow attempt (server-other.rules) * 1:4185 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Terminal Services Advanced Client ActiveX object access (browser-plugins.rules) * 1:41850 <-> DISABLED <-> SERVER-WEBAPP Apache Struts URL validator denial of service attempt (server-webapp.rules) * 1:41851 <-> DISABLED <-> SERVER-OTHER Valhala Honeypot ABOR command buffer overflow attempt (server-other.rules) * 1:41852 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules) * 1:41854 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules) * 1:41855 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari FTP URL cross-domain restriction bypass attempt (browser-webkit.rules) * 1:41856 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41857 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41858 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41859 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:4186 <-> DISABLED <-> BROWSER-PLUGINS Kodak Image Editing ActiveX object access (browser-plugins.rules) * 1:41860 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41861 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41862 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41863 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41864 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41865 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41866 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41867 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41868 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41869 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:4187 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Terminal Services Advanced Client ActiveX object access (browser-plugins.rules) * 1:41870 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41871 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41872 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41873 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41874 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41875 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41876 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41877 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41878 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41879 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:4188 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer RAV Online Scanner ActiveX object access (browser-plugins.rules) * 1:41880 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41881 <-> DISABLED <-> SERVER-WEBAPP WECON LeviStudio multiple xml parameter overflows attempt (server-webapp.rules) * 1:41882 <-> ENABLED <-> SERVER-OTHER Advantech WebAccess DCERPC heap buffer overflow attempt (server-other.rules) * 1:41883 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41884 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41885 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41886 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41887 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41888 <-> DISABLED <-> SERVER-OTHER ImageMagick mvg label arbitrary file read attempt (server-other.rules) * 1:41889 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:4189 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Third-Party Plugin ActiveX object access (browser-plugins.rules) * 1:41890 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41891 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41892 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41893 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41894 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics msl access attempt (policy-other.rules) * 1:41895 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameset null pointer dereference attempt (browser-ie.rules) * 1:41896 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameset null pointer dereference attempt (browser-ie.rules) * 1:41897 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41898 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41899 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:419 <-> DISABLED <-> PROTOCOL-ICMP Mobile Host Redirect (protocol-icmp.rules) * 1:4190 <-> DISABLED <-> BROWSER-PLUGINS Kodak Thumbnail Image ActiveX object access (browser-plugins.rules) * 1:41900 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41901 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41902 <-> DISABLED <-> POLICY-OTHER ImageMagick magick vector graphics ephemeral access attempt (policy-other.rules) * 1:41903 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41904 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41905 <-> DISABLED <-> PROTOCOL-DNS PowerDNS name compression pointer loop denial of service attempt (protocol-dns.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:41908 <-> DISABLED <-> EXPLOIT-KIT Exploit kit Pseudo-Darkleech Gate redirection attempt (exploit-kit.rules) * 1:4191 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MsnPUpld ActiveX object access (browser-plugins.rules) * 1:41911 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt (browser-ie.rules) * 1:41912 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt (browser-ie.rules) * 1:41913 <-> DISABLED <-> SERVER-WEBAPP InterSystem Cache DOS attempt (server-webapp.rules) * 1:41914 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin RevSlider file upload attempt (server-webapp.rules) * 1:41915 <-> DISABLED <-> POLICY-OTHER Carel PlantVisorPRO insecure SQL query transmission (policy-other.rules) * 1:41916 <-> DISABLED <-> SERVER-WEBAPP Carel PlantVisorPRO malicious sql query attempt - DBCommander (server-webapp.rules) * 1:41917 <-> ENABLED <-> SERVER-WEBAPP Carel PlantVisorPRO default login attempt (server-webapp.rules) * 1:41918 <-> DISABLED <-> SERVER-WEBAPP Carel PlantVisorPRO malicious sql query attempt - RCmdComm (server-webapp.rules) * 1:41919 <-> DISABLED <-> SERVER-WEBAPP Carel PlantVisorPRO malicious sql query attempt - RCmdComm2 (server-webapp.rules) * 1:4192 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HHOpen ActiveX object access (browser-plugins.rules) * 1:41920 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux authentication token brute force attempt (server-webapp.rules) * 1:41921 <-> DISABLED <-> SERVER-WEBAPP PAESSLER PRTG DoS attempt (server-webapp.rules) * 1:41922 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41923 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41924 <-> DISABLED <-> FILE-OTHER Notepad++ request for scilexer.dll over SMB attempt (file-other.rules) * 1:41925 <-> DISABLED <-> FILE-OTHER Notepad++ scilexer.dll dll-load exploit attempt (file-other.rules) * 1:41926 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41927 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41928 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41929 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:4193 <-> DISABLED <-> BROWSER-PLUGINS Kodak Image Editing ActiveX object access (browser-plugins.rules) * 1:41930 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41931 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41932 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41933 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41934 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41935 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41936 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41937 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41938 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41939 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41940 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41941 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41942 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules) * 1:41943 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules) * 1:41944 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41945 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41946 <-> DISABLED <-> FILE-IMAGE Microsoft GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:41947 <-> DISABLED <-> FILE-IMAGE GDI+ malformed EMF description out of bounds read attempt (file-image.rules) * 1:41948 <-> DISABLED <-> BROWSER-IE Microsoft Edge fetch API same origin policy bypass attempt (browser-ie.rules) * 1:41949 <-> DISABLED <-> BROWSER-IE Microsoft Edge fetch API same origin policy bypass attempt (browser-ie.rules) * 1:41950 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41951 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41952 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41953 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41958 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41959 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:4196 <-> DISABLED <-> FILE-IDENTIFY CBO CBL CBM file transfer attempt (file-identify.rules) * 1:41960 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41961 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41962 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41963 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41964 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41965 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41966 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41967 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41968 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavascriptProxy SetPropertyTrap type confusion attempt (browser-ie.rules) * 1:41969 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavascriptProxy SetPropertyTrap type confusion attempt (browser-ie.rules) * 1:4197 <-> DISABLED <-> BROWSER-PLUGINS DigWebX MSN ActiveX object access (browser-plugins.rules) * 1:41970 <-> ENABLED <-> FILE-IMAGE GDI+ malformed EMF comment heap access violation attempt (file-image.rules) * 1:41971 <-> ENABLED <-> FILE-IMAGE GDI+ malformed EMF comment heap access violation attempt (file-image.rules) * 1:41972 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41973 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41974 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41975 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41978 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:4198 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Blnmgrps.dll ActiveX object access (browser-plugins.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41982 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41984 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 identical MID and FID type confusion attempt (os-windows.rules) * 1:41985 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41986 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41987 <-> DISABLED <-> BROWSER-IE Microsoft Edge web address spoofing attempt (browser-ie.rules) * 1:41988 <-> DISABLED <-> BROWSER-IE Microsoft Edge web address spoofing attempt (browser-ie.rules) * 1:41989 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:4199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Blnmgrps.dll ActiveX object access (browser-plugins.rules) * 1:41990 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Com Session Moniker pivilege escalation attempt (file-executable.rules) * 1:41991 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41992 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41993 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41994 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41996 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41997 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:41998 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules) * 1:420 <-> DISABLED <-> PROTOCOL-ICMP Mobile Host Redirect undefined code (protocol-icmp.rules) * 1:4200 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Index Server Scope Administration ActiveX object access (browser-plugins.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules) * 1:42005 <-> DISABLED <-> SERVER-WEBAPP Logsign JSON API validate_file command injection attempt (server-webapp.rules) * 1:42006 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Camera use after free attempt (file-flash.rules) * 1:42007 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Camera use after free attempt (file-flash.rules) * 1:4201 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Queued Components Recorder ActiveX object access (browser-plugins.rules) * 1:42010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:42011 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:42012 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42013 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules) * 1:42016 <-> DISABLED <-> PROTOCOL-SCADA Moxa discovery packet information disclosure attempt (protocol-scada.rules) * 1:42017 <-> DISABLED <-> INDICATOR-OBFUSCATION Gzip encoded HTTP response with no Content-Length or chunked Transfer-Encoding header (indicator-obfuscation.rules) * 1:42018 <-> DISABLED <-> EXPLOIT-KIT Exploit Kit EITest Gate redirection attempt detected (exploit-kit.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:4202 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows DirectAnimation ActiveX object access (browser-plugins.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:4203 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Marquee Control ActiveX object access (browser-plugins.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:42033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:42034 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:42035 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:42036 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:42037 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:42038 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:42039 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:4204 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DT PolyLine Control 2 ActiveX object access (browser-plugins.rules) * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42041 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42042 <-> DISABLED <-> SERVER-WEBAPP Wordpress Press-This cross site request forgery attempt (server-webapp.rules) * 1:42043 <-> DISABLED <-> SERVER-WEBAPP WordPress embedded URL video cross site scripting attempt (server-webapp.rules) * 1:42044 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42045 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42046 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42048 <-> ENABLED <-> SERVER-WEBAPP dnaLIMS sysAdmin.cgi arbitrary command execution attempt (server-webapp.rules) * 1:42049 <-> DISABLED <-> SERVER-WEBAPP dnaLIMS viewAppletFsa.cgi directory traversal attempt (server-webapp.rules) * 1:4205 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Visual Database Tools Database Designer v7.0 ActiveX object access (browser-plugins.rules) * 1:42050 <-> DISABLED <-> SERVER-WEBAPP dnaLIMS viewAppletFsa.cgi directory traversal attempt (server-webapp.rules) * 1:42052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42054 <-> DISABLED <-> PROTOCOL-SCADA Moxa get SNMP read string attempt (protocol-scada.rules) * 1:42055 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:42056 <-> DISABLED <-> PROTOCOL-SCADA Moxa password retrieval attempt (protocol-scada.rules) * 1:42057 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42058 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:4206 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MPEG-4 Video Decompressor Property Page ActiveX object access (browser-plugins.rules) * 1:42062 <-> DISABLED <-> SERVER-WEBAPP xArrow heap corruption exploitation attempt (server-webapp.rules) * 1:42063 <-> DISABLED <-> SERVER-WEBAPP xArrow null pointer denial of service exploitation attempt (server-webapp.rules) * 1:42064 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:42065 <-> DISABLED <-> SERVER-OTHER kaskad SCADA daserver heap overflow exploitation attempt (server-other.rules) * 1:42066 <-> DISABLED <-> SERVER-WEBAPP Wordpress plugin arbitrary file deletion attempt (server-webapp.rules) * 1:42067 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 management.asp information disclosure (policy-other.rules) * 1:42068 <-> DISABLED <-> POLICY-OTHER Aviosys IP Power 9258 W2 default login attempt (policy-other.rules) * 1:4207 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Audio Decompressor Control Property Page ActiveX object access (browser-plugins.rules) * 1:42072 <-> DISABLED <-> SERVER-WEBAPP Aultware pwStore denial of service attempt (server-webapp.rules) * 1:42073 <-> DISABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules) * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:4208 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefStEsObject Class ActiveX object access (browser-plugins.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:4209 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefStFrObject Class ActiveX object access (browser-plugins.rules) * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules) * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules) * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules) * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules) * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:421 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Reply (protocol-icmp.rules) * 1:4210 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Msb1geen.dll ActiveX object access (browser-plugins.rules) * 1:42100 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:42101 <-> DISABLED <-> FILE-EXECUTABLE AnC MMU side channel ASLR bypass attack (file-executable.rules) * 1:42102 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync command injection attempt (server-webapp.rules) * 1:42103 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync command injection attempt (server-webapp.rules) * 1:42104 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SafeSync command injection attempt (server-webapp.rules) * 1:42105 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42106 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42107 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42108 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42109 <-> DISABLED <-> PROTOCOL-SCADA invalid modbus protocol identifier (protocol-scada.rules) * 1:4211 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DDS Library Shape Control ActiveX object access (browser-plugins.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:42111 <-> DISABLED <-> INDICATOR-OBFUSCATION Base64 encoded String.fromCharCode (indicator-obfuscation.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:42117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:42118 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:42119 <-> DISABLED <-> SERVER-WEBAPP pfSense openvpn_wizard PHP code injection attempt (server-webapp.rules) * 1:4212 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DDS Generic Class ActiveX object access (browser-plugins.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:42122 <-> DISABLED <-> BROWSER-PLUGINS Invensys Wonderware Archestra ActiveX clsid access attempt (browser-plugins.rules) * 1:42123 <-> DISABLED <-> BROWSER-PLUGINS Invensys Wonderware Archestra ActiveX clsid access attempt (browser-plugins.rules) * 1:42124 <-> DISABLED <-> BROWSER-PLUGINS Invensys Wonderware Archestra ActiveX clsid access attempt (browser-plugins.rules) * 1:42125 <-> DISABLED <-> BROWSER-PLUGINS Invensys Wonderware Archestra ActiveX clsid access attempt (browser-plugins.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:42127 <-> DISABLED <-> PROTOCOL-SCADA Eaton Network Pi3Web DOS attempt (protocol-scada.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:4213 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DDS Picture Shape Control ActiveX object access (browser-plugins.rules) * 1:42131 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules) * 1:42132 <-> DISABLED <-> SERVER-WEBAPP Cambium Networks ePMP 1000 command injection attempt (server-webapp.rules) * 1:42133 <-> DISABLED <-> SERVER-APACHE Apache mod_session_crypto padding oracle brute force attempt (server-apache.rules) * 1:42134 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CimWeb substitute.bcl arbitrary file access attempt (server-webapp.rules) * 1:42135 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CimWeb substitute.bcl arbitrary file access attempt (server-webapp.rules) * 1:42136 <-> DISABLED <-> SERVER-WEBAPP Infinite Automation Mango Automation info leak attempt (server-webapp.rules) * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:4214 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer TipGW Init ActiveX object access (browser-plugins.rules) * 1:42140 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules) * 1:42141 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules) * 1:42148 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42149 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:4215 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Popup Window ActiveX object access (browser-plugins.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42152 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42153 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42154 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42155 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42158 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42159 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:4216 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_CComAcctImport ActiveX object access (browser-plugins.rules) * 1:42160 <-> ENABLED <-> SERVER-OTHER Microsoft LDAP MaxBuffSize buffer overflow attempt (server-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42163 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:42164 <-> DISABLED <-> FILE-OTHER Microsoft Office OneNote 2007 dll-load exploit attempt (file-other.rules) * 1:42165 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42166 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42167 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42168 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:4217 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Services on the Web Free/Busy ActiveX object access (browser-plugins.rules) * 1:42170 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42173 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42174 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42175 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42176 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:4218 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Microsoft Windows Visual Basic WebClass ActiveX object access (browser-plugins.rules) * 1:42183 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42184 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42185 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42186 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42187 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42188 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42189 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:4219 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Network Connections Tray ActiveX object access (browser-plugins.rules) * 1:42190 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42197 <-> DISABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:42198 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:42199 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:422 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Reply undefined code (protocol-icmp.rules) * 1:4220 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Network and Dial-Up Connections ActiveX object access (browser-plugins.rules) * 1:42200 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:42202 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42203 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42208 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42209 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:4221 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ProxyStub Dispatch ActiveX object access (browser-plugins.rules) * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42216 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42217 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42218 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed GIF memory corruption attempt (file-image.rules) * 1:42219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF memory corruption attempt (file-image.rules) * 1:4222 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Outllib.dll ActiveX object access (browser-plugins.rules) * 1:42220 <-> DISABLED <-> SERVER-WEBAPP BlueCoat CAS report-email command injection attempt (server-webapp.rules) * 1:42221 <-> ENABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42223 <-> ENABLED <-> FILE-IDENTIFY AOP file download request (file-identify.rules) * 1:42224 <-> DISABLED <-> SERVER-OTHER Moxa MX-AOPC XML external entity injection attempt (server-other.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:42227 <-> DISABLED <-> SERVER-OTHER NTP Config Unpeer denial of service attempt (server-other.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42229 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:4223 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer OpenCable Class ActiveX object access (browser-plugins.rules) * 1:42230 <-> DISABLED <-> INDICATOR-COMPROMISE RTF url moniker COM file download attempt (indicator-compromise.rules) * 1:42231 <-> DISABLED <-> FILE-OFFICE RTF url moniker COM file download attempt (file-office.rules) * 1:42232 <-> ENABLED <-> SERVER-OTHER TopSec Firewall cookie header command injection attempt (server-other.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42234 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS authLogin.cgi command injection attempt (server-webapp.rules) * 1:42235 <-> DISABLED <-> SERVER-OTHER NTP malformed config request denial of service attempt (server-other.rules) * 1:42236 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42237 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42238 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42239 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:4224 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VideoPort ActiveX object access (browser-plugins.rules) * 1:42240 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42241 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42248 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise eventsAjax SQL injection attempt (server-webapp.rules) * 1:42249 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise proxy SQL injection attempt (server-webapp.rules) * 1:4225 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository ActiveX object access (browser-plugins.rules) * 1:42250 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise translationsAjax.php SQL injection attempt (server-webapp.rules) * 1:42251 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise genericAjax SQL injection attempt (server-webapp.rules) * 1:42252 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise PHP object injection attempt (server-webapp.rules) * 1:42253 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules) * 1:42254 <-> ENABLED <-> OS-SOLARIS Solaris dtappgather local privilege escalation attempt (os-solaris.rules) * 1:42255 <-> DISABLED <-> OS-WINDOWS Microsoft Windows empty RDP cookie negotiation attempt (os-windows.rules) * 1:42256 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous user session setup request detected (os-windows.rules) * 1:42257 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42258 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42259 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:4226 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DocHost User Interface Handler ActiveX object access (browser-plugins.rules) * 1:42260 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42261 <-> ENABLED <-> FILE-IDENTIFY ISO file magic detected (file-identify.rules) * 1:42262 <-> ENABLED <-> FILE-IDENTIFY ISO file download request (file-identify.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:4227 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Network Connections ActiveX object access (browser-plugins.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42275 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42276 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat request for RARfsClientNP.dll over SMB attempt (file-other.rules) * 1:4228 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Start Menu ActiveX object access (browser-plugins.rules) * 1:42280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat RARfsClientNP.dll dll-load exploit attempt (file-other.rules) * 1:42281 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42282 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42283 <-> DISABLED <-> OS-SOLARIS Solaris catflap telnet remote code execution attempt (os-solaris.rules) * 1:42284 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server DOS attempt (protocol-scada.rules) * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42289 <-> DISABLED <-> INDICATOR-SCAN PHP info leak attempt (indicator-scan.rules) * 1:4229 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSAPP Export Support for Office Access ActiveX object access (browser-plugins.rules) * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules) * 1:42291 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM API get_host_fqdn host_ip command injection attempt (server-webapp.rules) * 1:42292 <-> DISABLED <-> INDICATOR-COMPROMISE malicious javascript obfuscation detected (indicator-compromise.rules) * 1:42294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 WriteAndX and TransSecondaryRequest TotalDataCount out of bounds write attempt (os-windows.rules) * 1:42295 <-> DISABLED <-> SERVER-WEBAPP Events HMI information disclosure attempt (server-webapp.rules) * 1:42296 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42297 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:423 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Request (protocol-icmp.rules) * 1:4230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Search Assistant UI ActiveX object access (browser-plugins.rules) * 1:42300 <-> DISABLED <-> SERVER-WEBAPP SensorIP2 default credentials enumeration attempt (server-webapp.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42304 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:42305 <-> DISABLED <-> FILE-OTHER fwpuclnt dll-load exploit attempt (file-other.rules) * 1:42306 <-> DISABLED <-> SERVER-WEBAPP xArrow webserver denial of service attempt (server-webapp.rules) * 1:42307 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF out of bounds memory access attempt (file-pdf.rules) * 1:42309 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:4231 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer SysTray ActiveX object access (browser-plugins.rules) * 1:42310 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42315 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:42316 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream tile height out of bounds read attempt (file-pdf.rules) * 1:42317 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42318 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed JPEG 2000 codestream width out of bounds read attempt (file-pdf.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:4232 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer SysTray Invoker ActiveX object access (browser-plugins.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42323 <-> DISABLED <-> SERVER-WEBAPP IOServer OPC Server directory traversal exploitation attempt (server-webapp.rules) * 1:42324 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42325 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42326 <-> ENABLED <-> SERVER-OTHER Zabbix Server Trapper code execution attempt (server-other.rules) * 1:42327 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42328 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:4233 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Visual Database Tools Query Designer v7.0 ActiveX object access (browser-plugins.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant process injection command (malware-cnc.rules) * 1:42332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant ping command (malware-cnc.rules) * 1:42333 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance admin_sys_time.cgi command injection attempt (server-webapp.rules) * 1:42334 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance admin_sys_time.cgi command injection attempt (server-webapp.rules) * 1:42335 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance admin_sys_time.cgi command injection attempt (server-webapp.rules) * 1:42336 <-> ENABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance logoff.cgi directory traversal attempt (server-webapp.rules) * 1:42337 <-> DISABLED <-> INDICATOR-COMPROMISE Zabbix Proxy configuration containing script detected (indicator-compromise.rules) * 1:42338 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB large NT RENAME transaction request memory leak attempt (os-windows.rules) * 1:42339 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB possible leak of kernel heap memory (os-windows.rules) * 1:4234 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSVTDGridCtrl7 ActiveX object access (browser-plugins.rules) * 1:42340 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB anonymous session IPC share access attempt (os-windows.rules) * 1:42341 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42342 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42343 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42344 <-> DISABLED <-> FILE-PDF Adobe PDF CFF font parsing memory corruption vulnerability attempt (file-pdf.rules) * 1:42345 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42346 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42347 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42349 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:4235 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Helper Object for Java ActiveX object access (browser-plugins.rules) * 1:42350 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42351 <-> DISABLED <-> PROTOCOL-SCADA InduSoft Web Studio CEServer buffer overflow attempt (protocol-scada.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42354 <-> DISABLED <-> SERVER-WEBAPP Squirrelmail sendmail delivery parameter injection attempt (server-webapp.rules) * 1:42355 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42356 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42357 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42358 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42359 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:4236 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMI ASDI Extension ActiveX object access (browser-plugins.rules) * 1:42360 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42361 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42362 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42363 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42364 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42365 <-> ENABLED <-> FILE-IDENTIFY bzip2 compressed file detected (file-identify.rules) * 1:42366 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42367 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42368 <-> ENABLED <-> FILE-IDENTIFY XZ compressed file detected (file-identify.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader dll injection sandbox escape (file-pdf.rules) * 1:42378 <-> DISABLED <-> SERVER-OTHER Yealink VoIP phone remote code execution attempt (server-other.rules) * 1:42379 <-> DISABLED <-> SERVER-WEBAPP OpenCart directory traversal attempt (server-webapp.rules) * 1:42380 <-> DISABLED <-> SERVER-WEBAPP OpenCart directory traversal attempt (server-webapp.rules) * 1:42381 <-> DISABLED <-> SERVER-WEBAPP OpenCart directory traversal attempt (server-webapp.rules) * 1:42382 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance detected_potential_files.cgi command injection attempt (server-webapp.rules) * 1:42383 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance detected_potential_files.cgi command injection attempt (server-webapp.rules) * 1:42384 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance detected_potential_files.cgi command injection attempt (server-webapp.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42387 <-> DISABLED <-> SERVER-WEBAPP DataRate SCADA directory traversal attempt (server-webapp.rules) * 1:42388 <-> DISABLED <-> SERVER-WEBAPP DataRate SCADA directory traversal attempt (server-webapp.rules) * 1:42389 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized or deleted object access attempt (browser-ie.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42392 <-> DISABLED <-> SERVER-WEBAPP Yealink VoIP phone directory traversal attempt (server-webapp.rules) * 1:42393 <-> DISABLED <-> SERVER-WEBAPP Yealink VoIP phone directory traversal attempt (server-webapp.rules) * 1:42394 <-> DISABLED <-> SERVER-WEBAPP Yealink VoIP phone directory traversal attempt (server-webapp.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:42396 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:42397 <-> DISABLED <-> EXPLOIT-KIT Blacole inbound malformed pdf download attempt (exploit-kit.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:424 <-> DISABLED <-> PROTOCOL-ICMP Mobile Registration Request undefined code (protocol-icmp.rules) * 1:42401 <-> DISABLED <-> SERVER-WEBAPP multiple product version scan attempt (server-webapp.rules) * 1:42402 <-> DISABLED <-> SERVER-WEBAPP multiple product command injection attempt (server-webapp.rules) * 1:42403 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42404 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42405 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance cache_id command injection attempt (server-webapp.rules) * 1:42406 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG admin backdoor login attempt (server-webapp.rules) * 1:42407 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42408 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42409 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdfs.cgi command injection attempt (server-webapp.rules) * 1:42410 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG rdtool backdoor login attempt (server-webapp.rules) * 1:42411 <-> DISABLED <-> SERVER-WEBAPP WePresent WiPG session id check bypass attempt (server-webapp.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules) * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:42418 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42419 <-> DISABLED <-> FILE-EXECUTABLE Win.Trojan.DoubleAgent download attempt (file-executable.rules) * 1:42420 <-> DISABLED <-> SERVER-OTHER HP Operations Agent for NonStop server HEALTH packet parsing stack buffer overflow attempt (server-other.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42424 <-> DISABLED <-> POLICY-OTHER MSSQL CLR permission set to unsafe attempt (policy-other.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42426 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42427 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42428 <-> DISABLED <-> SERVER-WEBAPP Phpcms attachment upload SQL injection attempt (server-webapp.rules) * 1:42429 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules) * 1:42430 <-> DISABLED <-> SERVER-WEBAPP Phpcms user registration remote file include attempt (server-webapp.rules) * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules) * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:42449 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:4245 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW overflow attempt (os-windows.rules) * 1:42450 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:42451 <-> DISABLED <-> SERVER-WEBAPP MCA Sistemas ScadaBR index.php brute force login attempt (server-webapp.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules) * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:4246 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW overflow attempt (os-windows.rules) * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules) * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules) * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules) * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules) * 1:42465 <-> DISABLED <-> SERVER-WEBAPP triple dot directory traversal attempt (server-webapp.rules) * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:42467 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42468 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42469 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42470 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42471 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42472 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42473 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42474 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42477 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42478 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42479 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42480 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42481 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42482 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42483 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42484 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42485 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42486 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42487 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42488 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules) * 1:42492 <-> DISABLED <-> APP-DETECT Intel AMT DHCP boot request detected (app-detect.rules) * 1:42494 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x01 encrypted portable executable file download attempt (file-executable.rules) * 1:42495 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x02 encrypted portable executable file download attempt (file-executable.rules) * 1:42496 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x03 encrypted portable executable file download attempt (file-executable.rules) * 1:42497 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x04 encrypted portable executable file download attempt (file-executable.rules) * 1:42498 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x05 encrypted portable executable file download attempt (file-executable.rules) * 1:42499 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x06 encrypted portable executable file download attempt (file-executable.rules) * 1:425 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Bad Length (protocol-icmp.rules) * 1:42500 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x07 encrypted portable executable file download attempt (file-executable.rules) * 1:42501 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x08 encrypted portable executable file download attempt (file-executable.rules) * 1:42502 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x09 encrypted portable executable file download attempt (file-executable.rules) * 1:42503 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0a encrypted portable executable file download attempt (file-executable.rules) * 1:42504 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0b encrypted portable executable file download attempt (file-executable.rules) * 1:42505 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0c encrypted portable executable file download attempt (file-executable.rules) * 1:42506 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0d encrypted portable executable file download attempt (file-executable.rules) * 1:42507 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0e encrypted portable executable file download attempt (file-executable.rules) * 1:42508 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0f encrypted portable executable file download attempt (file-executable.rules) * 1:42509 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x10 encrypted portable executable file download attempt (file-executable.rules) * 1:42510 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x11 encrypted portable executable file download attempt (file-executable.rules) * 1:42511 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x12 encrypted portable executable file download attempt (file-executable.rules) * 1:42512 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x13 encrypted portable executable file download attempt (file-executable.rules) * 1:42513 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x14 encrypted portable executable file download attempt (file-executable.rules) * 1:42514 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x15 encrypted portable executable file download attempt (file-executable.rules) * 1:42515 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x16 encrypted portable executable file download attempt (file-executable.rules) * 1:42516 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x17 encrypted portable executable file download attempt (file-executable.rules) * 1:42517 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x18 encrypted portable executable file download attempt (file-executable.rules) * 1:42518 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x19 encrypted portable executable file download attempt (file-executable.rules) * 1:42519 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1a encrypted portable executable file download attempt (file-executable.rules) * 1:42520 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1b encrypted portable executable file download attempt (file-executable.rules) * 1:42521 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1c encrypted portable executable file download attempt (file-executable.rules) * 1:42522 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1d encrypted portable executable file download attempt (file-executable.rules) * 1:42523 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1e encrypted portable executable file download attempt (file-executable.rules) * 1:42524 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1f encrypted portable executable file download attempt (file-executable.rules) * 1:42525 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x20 encrypted portable executable file download attempt (file-executable.rules) * 1:42526 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x21 encrypted portable executable file download attempt (file-executable.rules) * 1:42527 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x22 encrypted portable executable file download attempt (file-executable.rules) * 1:42528 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x23 encrypted portable executable file download attempt (file-executable.rules) * 1:42529 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x24 encrypted portable executable file download attempt (file-executable.rules) * 1:42530 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x25 encrypted portable executable file download attempt (file-executable.rules) * 1:42531 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x26 encrypted portable executable file download attempt (file-executable.rules) * 1:42532 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x27 encrypted portable executable file download attempt (file-executable.rules) * 1:42533 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x28 encrypted portable executable file download attempt (file-executable.rules) * 1:42534 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x29 encrypted portable executable file download attempt (file-executable.rules) * 1:42535 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2a encrypted portable executable file download attempt (file-executable.rules) * 1:42536 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2b encrypted portable executable file download attempt (file-executable.rules) * 1:42537 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2c encrypted portable executable file download attempt (file-executable.rules) * 1:42538 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2d encrypted portable executable file download attempt (file-executable.rules) * 1:42539 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2e encrypted portable executable file download attempt (file-executable.rules) * 1:42540 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2f encrypted portable executable file download attempt (file-executable.rules) * 1:42541 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x30 encrypted portable executable file download attempt (file-executable.rules) * 1:42542 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x31 encrypted portable executable file download attempt (file-executable.rules) * 1:42543 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x32 encrypted portable executable file download attempt (file-executable.rules) * 1:42544 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x33 encrypted portable executable file download attempt (file-executable.rules) * 1:42545 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x34 encrypted portable executable file download attempt (file-executable.rules) * 1:42546 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x35 encrypted portable executable file download attempt (file-executable.rules) * 1:42547 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x36 encrypted portable executable file download attempt (file-executable.rules) * 1:42548 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x37 encrypted portable executable file download attempt (file-executable.rules) * 1:42549 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x38 encrypted portable executable file download attempt (file-executable.rules) * 1:42550 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x39 encrypted portable executable file download attempt (file-executable.rules) * 1:42551 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3a encrypted portable executable file download attempt (file-executable.rules) * 1:42552 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3b encrypted portable executable file download attempt (file-executable.rules) * 1:42553 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3c encrypted portable executable file download attempt (file-executable.rules) * 1:42554 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3d encrypted portable executable file download attempt (file-executable.rules) * 1:42555 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3e encrypted portable executable file download attempt (file-executable.rules) * 1:42556 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3f encrypted portable executable file download attempt (file-executable.rules) * 1:42557 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x40 encrypted portable executable file download attempt (file-executable.rules) * 1:42558 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x41 encrypted portable executable file download attempt (file-executable.rules) * 1:42559 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x42 encrypted portable executable file download attempt (file-executable.rules) * 1:42560 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x43 encrypted portable executable file download attempt (file-executable.rules) * 1:42561 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x44 encrypted portable executable file download attempt (file-executable.rules) * 1:42562 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x45 encrypted portable executable file download attempt (file-executable.rules) * 1:42563 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x46 encrypted portable executable file download attempt (file-executable.rules) * 1:42564 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x47 encrypted portable executable file download attempt (file-executable.rules) * 1:42565 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x48 encrypted portable executable file download attempt (file-executable.rules) * 1:42566 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x49 encrypted portable executable file download attempt (file-executable.rules) * 1:42567 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4a encrypted portable executable file download attempt (file-executable.rules) * 1:42568 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4b encrypted portable executable file download attempt (file-executable.rules) * 1:42569 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4c encrypted portable executable file download attempt (file-executable.rules) * 1:42570 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4d encrypted portable executable file download attempt (file-executable.rules) * 1:42571 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4e encrypted portable executable file download attempt (file-executable.rules) * 1:42572 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4f encrypted portable executable file download attempt (file-executable.rules) * 1:42573 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x50 encrypted portable executable file download attempt (file-executable.rules) * 1:42574 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x51 encrypted portable executable file download attempt (file-executable.rules) * 1:42575 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x52 encrypted portable executable file download attempt (file-executable.rules) * 1:42576 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x53 encrypted portable executable file download attempt (file-executable.rules) * 1:42577 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x54 encrypted portable executable file download attempt (file-executable.rules) * 1:42578 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x55 encrypted portable executable file download attempt (file-executable.rules) * 1:42579 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x56 encrypted portable executable file download attempt (file-executable.rules) * 1:42580 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x57 encrypted portable executable file download attempt (file-executable.rules) * 1:42581 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x58 encrypted portable executable file download attempt (file-executable.rules) * 1:42582 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x59 encrypted portable executable file download attempt (file-executable.rules) * 1:42583 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5a encrypted portable executable file download attempt (file-executable.rules) * 1:42584 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5b encrypted portable executable file download attempt (file-executable.rules) * 1:42585 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5c encrypted portable executable file download attempt (file-executable.rules) * 1:42586 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5d encrypted portable executable file download attempt (file-executable.rules) * 1:42587 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5e encrypted portable executable file download attempt (file-executable.rules) * 1:42588 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5f encrypted portable executable file download attempt (file-executable.rules) * 1:42589 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x60 encrypted portable executable file download attempt (file-executable.rules) * 1:42590 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x61 encrypted portable executable file download attempt (file-executable.rules) * 1:42591 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x62 encrypted portable executable file download attempt (file-executable.rules) * 1:42592 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x63 encrypted portable executable file download attempt (file-executable.rules) * 1:42593 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x64 encrypted portable executable file download attempt (file-executable.rules) * 1:42594 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x65 encrypted portable executable file download attempt (file-executable.rules) * 1:42595 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x66 encrypted portable executable file download attempt (file-executable.rules) * 1:42596 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x67 encrypted portable executable file download attempt (file-executable.rules) * 1:42597 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x68 encrypted portable executable file download attempt (file-executable.rules) * 1:42598 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x69 encrypted portable executable file download attempt (file-executable.rules) * 1:42599 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6a encrypted portable executable file download attempt (file-executable.rules) * 1:426 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Missing a Required Option (protocol-icmp.rules) * 1:42600 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6b encrypted portable executable file download attempt (file-executable.rules) * 1:42601 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6c encrypted portable executable file download attempt (file-executable.rules) * 1:42602 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6d encrypted portable executable file download attempt (file-executable.rules) * 1:42603 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6e encrypted portable executable file download attempt (file-executable.rules) * 1:42604 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6f encrypted portable executable file download attempt (file-executable.rules) * 1:42605 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x70 encrypted portable executable file download attempt (file-executable.rules) * 1:42606 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x71 encrypted portable executable file download attempt (file-executable.rules) * 1:42607 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x72 encrypted portable executable file download attempt (file-executable.rules) * 1:42608 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x73 encrypted portable executable file download attempt (file-executable.rules) * 1:42609 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x74 encrypted portable executable file download attempt (file-executable.rules) * 1:42610 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x75 encrypted portable executable file download attempt (file-executable.rules) * 1:42611 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x76 encrypted portable executable file download attempt (file-executable.rules) * 1:42612 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x77 encrypted portable executable file download attempt (file-executable.rules) * 1:42613 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x78 encrypted portable executable file download attempt (file-executable.rules) * 1:42614 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x79 encrypted portable executable file download attempt (file-executable.rules) * 1:42615 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7a encrypted portable executable file download attempt (file-executable.rules) * 1:42616 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7b encrypted portable executable file download attempt (file-executable.rules) * 1:42617 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7c encrypted portable executable file download attempt (file-executable.rules) * 1:42618 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7d encrypted portable executable file download attempt (file-executable.rules) * 1:42619 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7e encrypted portable executable file download attempt (file-executable.rules) * 1:42620 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7f encrypted portable executable file download attempt (file-executable.rules) * 1:42621 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x80 encrypted portable executable file download attempt (file-executable.rules) * 1:42622 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x81 encrypted portable executable file download attempt (file-executable.rules) * 1:42623 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x82 encrypted portable executable file download attempt (file-executable.rules) * 1:42624 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x83 encrypted portable executable file download attempt (file-executable.rules) * 1:42625 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x84 encrypted portable executable file download attempt (file-executable.rules) * 1:42626 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x85 encrypted portable executable file download attempt (file-executable.rules) * 1:42627 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x86 encrypted portable executable file download attempt (file-executable.rules) * 1:42628 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x87 encrypted portable executable file download attempt (file-executable.rules) * 1:42629 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x88 encrypted portable executable file download attempt (file-executable.rules) * 1:42630 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x89 encrypted portable executable file download attempt (file-executable.rules) * 1:42631 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8a encrypted portable executable file download attempt (file-executable.rules) * 1:42632 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8b encrypted portable executable file download attempt (file-executable.rules) * 1:42633 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8c encrypted portable executable file download attempt (file-executable.rules) * 1:42634 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8d encrypted portable executable file download attempt (file-executable.rules) * 1:42635 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8e encrypted portable executable file download attempt (file-executable.rules) * 1:42636 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8f encrypted portable executable file download attempt (file-executable.rules) * 1:42637 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x90 encrypted portable executable file download attempt (file-executable.rules) * 1:42638 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x91 encrypted portable executable file download attempt (file-executable.rules) * 1:42639 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x92 encrypted portable executable file download attempt (file-executable.rules) * 1:42640 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x93 encrypted portable executable file download attempt (file-executable.rules) * 1:42641 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x94 encrypted portable executable file download attempt (file-executable.rules) * 1:42642 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x95 encrypted portable executable file download attempt (file-executable.rules) * 1:42643 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x96 encrypted portable executable file download attempt (file-executable.rules) * 1:42644 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x97 encrypted portable executable file download attempt (file-executable.rules) * 1:42645 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x98 encrypted portable executable file download attempt (file-executable.rules) * 1:42646 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x99 encrypted portable executable file download attempt (file-executable.rules) * 1:42647 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9a encrypted portable executable file download attempt (file-executable.rules) * 1:42648 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9b encrypted portable executable file download attempt (file-executable.rules) * 1:42649 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9c encrypted portable executable file download attempt (file-executable.rules) * 1:42650 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9d encrypted portable executable file download attempt (file-executable.rules) * 1:42651 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9e encrypted portable executable file download attempt (file-executable.rules) * 1:42652 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9f encrypted portable executable file download attempt (file-executable.rules) * 1:42653 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa0 encrypted portable executable file download attempt (file-executable.rules) * 1:42654 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa1 encrypted portable executable file download attempt (file-executable.rules) * 1:42655 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa2 encrypted portable executable file download attempt (file-executable.rules) * 1:42656 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa3 encrypted portable executable file download attempt (file-executable.rules) * 1:42657 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa4 encrypted portable executable file download attempt (file-executable.rules) * 1:42658 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa5 encrypted portable executable file download attempt (file-executable.rules) * 1:42659 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa6 encrypted portable executable file download attempt (file-executable.rules) * 1:42660 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa7 encrypted portable executable file download attempt (file-executable.rules) * 1:42661 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa8 encrypted portable executable file download attempt (file-executable.rules) * 1:42662 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa9 encrypted portable executable file download attempt (file-executable.rules) * 1:42663 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaa encrypted portable executable file download attempt (file-executable.rules) * 1:42664 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xab encrypted portable executable file download attempt (file-executable.rules) * 1:42665 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xac encrypted portable executable file download attempt (file-executable.rules) * 1:42666 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xad encrypted portable executable file download attempt (file-executable.rules) * 1:42667 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xae encrypted portable executable file download attempt (file-executable.rules) * 1:42668 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaf encrypted portable executable file download attempt (file-executable.rules) * 1:42669 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb0 encrypted portable executable file download attempt (file-executable.rules) * 1:42670 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb1 encrypted portable executable file download attempt (file-executable.rules) * 1:42671 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb2 encrypted portable executable file download attempt (file-executable.rules) * 1:42672 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb3 encrypted portable executable file download attempt (file-executable.rules) * 1:42673 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb4 encrypted portable executable file download attempt (file-executable.rules) * 1:42674 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb5 encrypted portable executable file download attempt (file-executable.rules) * 1:42675 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb6 encrypted portable executable file download attempt (file-executable.rules) * 1:42676 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb7 encrypted portable executable file download attempt (file-executable.rules) * 1:42677 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb8 encrypted portable executable file download attempt (file-executable.rules) * 1:42678 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb9 encrypted portable executable file download attempt (file-executable.rules) * 1:42679 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xba encrypted portable executable file download attempt (file-executable.rules) * 1:42680 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbb encrypted portable executable file download attempt (file-executable.rules) * 1:42681 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbc encrypted portable executable file download attempt (file-executable.rules) * 1:42682 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbd encrypted portable executable file download attempt (file-executable.rules) * 1:42683 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbe encrypted portable executable file download attempt (file-executable.rules) * 1:42684 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbf encrypted portable executable file download attempt (file-executable.rules) * 1:42685 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc0 encrypted portable executable file download attempt (file-executable.rules) * 1:42686 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc1 encrypted portable executable file download attempt (file-executable.rules) * 1:42687 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc2 encrypted portable executable file download attempt (file-executable.rules) * 1:42688 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc3 encrypted portable executable file download attempt (file-executable.rules) * 1:42689 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc4 encrypted portable executable file download attempt (file-executable.rules) * 1:42690 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc5 encrypted portable executable file download attempt (file-executable.rules) * 1:42691 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc6 encrypted portable executable file download attempt (file-executable.rules) * 1:42692 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc7 encrypted portable executable file download attempt (file-executable.rules) * 1:42693 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc8 encrypted portable executable file download attempt (file-executable.rules) * 1:42694 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc9 encrypted portable executable file download attempt (file-executable.rules) * 1:42695 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xca encrypted portable executable file download attempt (file-executable.rules) * 1:42696 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcb encrypted portable executable file download attempt (file-executable.rules) * 1:42697 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcc encrypted portable executable file download attempt (file-executable.rules) * 1:42698 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcd encrypted portable executable file download attempt (file-executable.rules) * 1:42699 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xce encrypted portable executable file download attempt (file-executable.rules) * 1:427 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem Unspecified Error (protocol-icmp.rules) * 1:42700 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcf encrypted portable executable file download attempt (file-executable.rules) * 1:42701 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd0 encrypted portable executable file download attempt (file-executable.rules) * 1:42702 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd1 encrypted portable executable file download attempt (file-executable.rules) * 1:42703 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd2 encrypted portable executable file download attempt (file-executable.rules) * 1:42704 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd3 encrypted portable executable file download attempt (file-executable.rules) * 1:42705 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd4 encrypted portable executable file download attempt (file-executable.rules) * 1:42706 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd5 encrypted portable executable file download attempt (file-executable.rules) * 1:42707 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd6 encrypted portable executable file download attempt (file-executable.rules) * 1:42708 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd7 encrypted portable executable file download attempt (file-executable.rules) * 1:42709 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd8 encrypted portable executable file download attempt (file-executable.rules) * 1:42710 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd9 encrypted portable executable file download attempt (file-executable.rules) * 1:42711 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xda encrypted portable executable file download attempt (file-executable.rules) * 1:42712 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdb encrypted portable executable file download attempt (file-executable.rules) * 1:42713 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdc encrypted portable executable file download attempt (file-executable.rules) * 1:42714 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdd encrypted portable executable file download attempt (file-executable.rules) * 1:42715 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xde encrypted portable executable file download attempt (file-executable.rules) * 1:42716 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdf encrypted portable executable file download attempt (file-executable.rules) * 1:42717 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe0 encrypted portable executable file download attempt (file-executable.rules) * 1:42718 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe1 encrypted portable executable file download attempt (file-executable.rules) * 1:42719 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe2 encrypted portable executable file download attempt (file-executable.rules) * 1:42720 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe3 encrypted portable executable file download attempt (file-executable.rules) * 1:42721 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe4 encrypted portable executable file download attempt (file-executable.rules) * 1:42722 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe5 encrypted portable executable file download attempt (file-executable.rules) * 1:42723 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe6 encrypted portable executable file download attempt (file-executable.rules) * 1:42724 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe7 encrypted portable executable file download attempt (file-executable.rules) * 1:42725 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe8 encrypted portable executable file download attempt (file-executable.rules) * 1:42726 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe9 encrypted portable executable file download attempt (file-executable.rules) * 1:42727 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xea encrypted portable executable file download attempt (file-executable.rules) * 1:42728 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xeb encrypted portable executable file download attempt (file-executable.rules) * 1:42729 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xec encrypted portable executable file download attempt (file-executable.rules) * 1:42730 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xed encrypted portable executable file download attempt (file-executable.rules) * 1:42731 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xee encrypted portable executable file download attempt (file-executable.rules) * 1:42732 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xef encrypted portable executable file download attempt (file-executable.rules) * 1:42733 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf0 encrypted portable executable file download attempt (file-executable.rules) * 1:42734 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf1 encrypted portable executable file download attempt (file-executable.rules) * 1:42735 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf2 encrypted portable executable file download attempt (file-executable.rules) * 1:42736 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf3 encrypted portable executable file download attempt (file-executable.rules) * 1:42737 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf4 encrypted portable executable file download attempt (file-executable.rules) * 1:42738 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf5 encrypted portable executable file download attempt (file-executable.rules) * 1:42739 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf6 encrypted portable executable file download attempt (file-executable.rules) * 1:42740 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf7 encrypted portable executable file download attempt (file-executable.rules) * 1:42741 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf8 encrypted portable executable file download attempt (file-executable.rules) * 1:42742 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf9 encrypted portable executable file download attempt (file-executable.rules) * 1:42743 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfa encrypted portable executable file download attempt (file-executable.rules) * 1:42744 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfb encrypted portable executable file download attempt (file-executable.rules) * 1:42745 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfc encrypted portable executable file download attempt (file-executable.rules) * 1:42746 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfd encrypted portable executable file download attempt (file-executable.rules) * 1:42747 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfe encrypted portable executable file download attempt (file-executable.rules) * 1:42748 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xff encrypted portable executable file download attempt (file-executable.rules) * 1:42749 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42750 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42751 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42752 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42753 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42754 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42756 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42757 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42758 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42760 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42761 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42762 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42763 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42764 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42765 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42766 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42767 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules) * 1:42768 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DeviceIoControl double fetch race condition attempt (os-windows.rules) * 1:42769 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42770 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42772 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42773 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42774 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42775 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42776 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42777 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42778 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42779 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42780 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42781 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42782 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42785 <-> DISABLED <-> INDICATOR-SCAN DNS version.bind string information disclosure attempt (indicator-scan.rules) * 1:42786 <-> DISABLED <-> PROTOCOL-SCADA Moxa unlock function code attempt (protocol-scada.rules) * 1:42787 <-> DISABLED <-> POLICY-OTHER Schneider Electric hardcoded FTP login attempt (policy-other.rules) * 1:42788 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42789 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42790 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42791 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42798 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42799 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:428 <-> DISABLED <-> PROTOCOL-ICMP Parameter Problem undefined Code (protocol-icmp.rules) * 1:42800 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42801 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42802 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42803 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42804 <-> DISABLED <-> SERVER-WEBAPP IntegraXor directory traversal attempt (server-webapp.rules) * 1:42805 <-> DISABLED <-> SERVER-WEBAPP Intel AMT remote administration tool authentication bypass attempt (server-webapp.rules) * 1:42806 <-> ENABLED <-> EXPLOIT-KIT Rig Exploit Kit URL outbound communication (exploit-kit.rules) * 1:42807 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42808 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42819 <-> DISABLED <-> SERVER-WEBAPP WordPress admin password reset attempt (server-webapp.rules) * 1:42820 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42821 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42822 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42823 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42824 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42825 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Carp variant download attempt (malware-other.rules) * 1:42826 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42827 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42828 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42829 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:42839 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog login.php SQL injection attempt (server-webapp.rules) * 1:42840 <-> DISABLED <-> SERVER-WEBAPP Crypttech CryptoLog logshares_ajax.php command injection attempt (server-webapp.rules) * 1:42841 <-> ENABLED <-> MALWARE-CNC DNS suspicious .bit tcp dns query (malware-cnc.rules) * 1:42842 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager edit_lf_get_data directory traversal attempt (server-webapp.rules) * 1:42843 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance download-files command injection attempt (server-webapp.rules) * 1:42844 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42845 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42846 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42847 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42848 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager SQL injection attempt (server-webapp.rules) * 1:42849 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager SQL injection attempt (server-webapp.rules) * 1:42850 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules) * 1:42851 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules) * 1:42852 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL Global Management System SQL injection attempt (server-webapp.rules) * 1:42853 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules) * 1:42854 <-> DISABLED <-> SERVER-WEBAPP Serviio Media Server checkStreamUrl command injection attempt (server-webapp.rules) * 1:42855 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules) * 1:42856 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules) * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:42858 <-> DISABLED <-> SERVER-WEBAPP CVS password disclosure attempt (server-webapp.rules) * 1:42859 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42860 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42861 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon TM221CE16R password retrieval attempt (protocol-scada.rules) * 1:42862 <-> DISABLED <-> PROTOCOL-FTP Easy File Sharing FTP server directory traversal attempt (protocol-ftp.rules) * 1:42863 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:42864 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:42865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS MIBEntryGet buffer overflow attempt (os-windows.rules) * 1:42866 <-> DISABLED <-> SERVER-WEBAPP GE Proficy RT Portal information disclosure attempt (server-webapp.rules) * 1:42867 <-> DISABLED <-> SERVER-WEBAPP GE Proficy RT Portal information disclosure attempt (server-webapp.rules) * 1:42868 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42870 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42871 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42872 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42873 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42874 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42875 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42876 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42877 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document XSLT engine information disclosure exploitation attempt (file-pdf.rules) * 1:42878 <-> DISABLED <-> SERVER-WEBAPP Apache TomEE java deserialization attempt (server-webapp.rules) * 1:42879 <-> DISABLED <-> SERVER-WEBAPP Apache TomEE java deserialization attempt (server-webapp.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:42887 <-> ENABLED <-> SERVER-OTHER ntpq flagstr buffer overflow attempt (server-other.rules) * 1:42888 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42889 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42890 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool aftermidnight.dll dll-load exploit attempt (file-other.rules) * 1:42891 <-> ENABLED <-> FILE-OTHER AfterMidnight post exploitation tool request for aftermidnight.dll over SMB attempt (file-other.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42893 <-> DISABLED <-> SERVER-WEBAPP Eaton VURemote denial of service attempt (server-webapp.rules) * 1:42894 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:42896 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42897 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42898 <-> DISABLED <-> SERVER-WEBAPP Eaton Network Shutdown Module remote code execution attempt (server-webapp.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:429 <-> DISABLED <-> PROTOCOL-ICMP Photuris Reserved (protocol-icmp.rules) * 1:42900 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42901 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42903 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42905 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS file containing embedded PE (file-office.rules) * 1:42906 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules) * 1:42907 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules) * 1:42908 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules) * 1:42909 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules) * 1:42910 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42912 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42914 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42918 <-> ENABLED <-> FILE-IDENTIFY ISO file attachment detected (file-identify.rules) * 1:42919 <-> DISABLED <-> FILE-IDENTIFY ISO file attachment with executable detected (file-identify.rules) * 1:42920 <-> DISABLED <-> SERVER-WEBAPP LogRhythm Network Monitor JSON configuration API command injection attempt (server-webapp.rules) * 1:42921 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric SoMachine HVAC ActiveX information disclosure clsid access attempt (browser-plugins.rules) * 1:42922 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric SoMachine HVAC ActiveX information disclosure clsid access attempt (browser-plugins.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42927 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:42928 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office with embedded EPS download attempt (indicator-compromise.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:42930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineBitsJPEG2 invalid length memory corruption attempt (file-flash.rules) * 1:42931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineBitsJPEG2 invalid length memory corruption attempt (file-flash.rules) * 1:42932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42934 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Historian buffer overflow attempt (protocol-scada.rules) * 1:42935 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:42936 <-> DISABLED <-> FILE-OTHER Everest Software PeakHMI malicious .bsu file buffer overflow attempt (file-other.rules) * 1:42937 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42938 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SampleFormat heap overflow attempt (file-image.rules) * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules) * 1:42942 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42943 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42944 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:42946 <-> DISABLED <-> INDICATOR-OBFUSCATION Hex escaped valueOf function name obfuscation attempt (indicator-obfuscation.rules) * 1:42947 <-> ENABLED <-> INDICATOR-OBFUSCATION Dridex String.prototype function definition obfuscation attempt (indicator-obfuscation.rules) * 1:42948 <-> DISABLED <-> INDICATOR-OBFUSCATION Hex escaped split function name obfuscation attempt (indicator-obfuscation.rules) * 1:42949 <-> DISABLED <-> INDICATOR-OBFUSCATION URL encoded document class name obfuscation attempt (indicator-obfuscation.rules) * 1:42950 <-> DISABLED <-> INDICATOR-OBFUSCATION URL encoded vbscript tag obfuscation attempt (indicator-obfuscation.rules) * 1:42951 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer arbitrary JSP file upload attempt (server-webapp.rules) * 1:42952 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42953 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42954 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42955 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance upload.cgi directory traversal attempt (server-webapp.rules) * 1:42956 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:42957 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42960 <-> DISABLED <-> SERVER-WEBAPP Java BeanShell Library unauthorized serialized object attempt (server-webapp.rules) * 1:42961 <-> DISABLED <-> SERVER-WEBAPP Java Groovy Library unauthorized serialized object attempt (server-webapp.rules) * 1:42962 <-> DISABLED <-> SERVER-WEBAPP Java Hibernate Library unauthorized serialized object attempt (server-webapp.rules) * 1:42963 <-> DISABLED <-> SERVER-WEBAPP Java Mozilla Library unauthorized serialized object attempt (server-webapp.rules) * 1:42964 <-> DISABLED <-> SERVER-WEBAPP Java MyFaces Library unauthorized serialized object attempt (server-webapp.rules) * 1:42965 <-> DISABLED <-> SERVER-WEBAPP Java RMI Library unauthorized serialized object attempt (server-webapp.rules) * 1:42966 <-> DISABLED <-> SERVER-WEBAPP Java URLDNS Library unauthorized serialized object attempt (server-webapp.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42971 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42972 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript engine stack overflow attempt (file-pdf.rules) * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules) * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules) * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules) * 1:42976 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42977 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42978 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42979 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42980 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42981 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42982 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42983 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42984 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42985 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42986 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42987 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42988 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42989 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42990 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42991 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42992 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42993 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk arbitrary file upload attempt (server-webapp.rules) * 1:42994 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk arbitrary file upload attempt (server-webapp.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules) * 1:42999 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor directory traversal attempt (server-webapp.rules) * 1:430 <-> DISABLED <-> PROTOCOL-ICMP Photuris Unknown Security Parameters Index (protocol-icmp.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules) * 1:43006 <-> DISABLED <-> SERVER-WEBAPP MailStore Server cross site scripting attempt (server-webapp.rules) * 1:43007 <-> DISABLED <-> SERVER-OTHER HP Operations Orchestration unauthorized serialized object attempt (server-other.rules) * 1:43008 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43009 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43010 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43011 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43012 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43013 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43014 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43015 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43016 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43017 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43018 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43019 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43020 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43021 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43022 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43023 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43024 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43025 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43026 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43027 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43028 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43029 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43030 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43031 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43032 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43033 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43034 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43035 <-> DISABLED <-> BROWSER-PLUGINS Micro Focus Rumba+ ActiveX clsid access attempt (browser-plugins.rules) * 1:43036 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager OPM_BVNAME SQL injection attempt (server-webapp.rules) * 1:43037 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager OPM_BVNAME SQL injection attempt (server-webapp.rules) * 1:43038 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager Search query SQL injection attempt (server-webapp.rules) * 1:43039 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager Search query SQL injection attempt (server-webapp.rules) * 1:43040 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager probeName SQL injection attempt (server-webapp.rules) * 1:43041 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager probeName SQL injection attempt (server-webapp.rules) * 1:43042 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON strigify double free attempt (browser-ie.rules) * 1:43043 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JSON strigify double free attempt (browser-ie.rules) * 1:43044 <-> DISABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules) * 1:43045 <-> ENABLED <-> SERVER-OTHER RaySharp DVR administrative interface access attempt (server-other.rules) * 1:43046 <-> DISABLED <-> BROWSER-PLUGINS ICONICS SCADA WebHMI ActiveX clsid access attempt (browser-plugins.rules) * 1:43047 <-> DISABLED <-> BROWSER-PLUGINS ICONICS SCADA WebHMI ActiveX clsid access attempt (browser-plugins.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43050 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric ClearSCADA information disclosure attempt (server-webapp.rules) * 1:43051 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:43052 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:43053 <-> DISABLED <-> SERVER-SAMBA Samba LDAP modify dnsRecord buffer overflow attempt (server-samba.rules) * 1:43054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows IIS buffer overflow attempt (os-windows.rules) * 1:43055 <-> DISABLED <-> SERVER-OTHER Veritas Netbackup bprd remote code execution attempt (server-other.rules) * 1:43056 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43058 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43059 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules) * 1:43062 <-> DISABLED <-> SERVER-WEBAPP Cogent Datahub EvalExpresssion remote code execution attempt (server-webapp.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:43064 <-> ENABLED <-> SERVER-OTHER NetBackup bprd remote file write attempt (server-other.rules) * 1:43065 <-> DISABLED <-> INDICATOR-COMPROMISE Trend Micro Control Manager WFINFOR cookie authentication bypass attempt (indicator-compromise.rules) * 1:43066 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager importFile.php directory traversal attempt (server-webapp.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:43069 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript regular expression information disclosure attempt (browser-ie.rules) * 1:43070 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript regular expression information disclosure attempt (browser-ie.rules) * 1:43071 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript regular expression information disclosure attempt (browser-ie.rules) * 1:43072 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript regular expression information disclosure attempt (browser-ie.rules) * 1:43073 <-> DISABLED <-> SQL SysAid potential default credential login attempt (sql.rules) * 1:43074 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious new user creation attempt (indicator-compromise.rules) * 1:43075 <-> DISABLED <-> INDICATOR-COMPROMISE SysAid mssql potentially malicious user permissions creation (indicator-compromise.rules) * 1:43077 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:43078 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:43079 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:43080 <-> ENABLED <-> BROWSER-OTHER Foscam IP Camera User-Agent string detected (browser-other.rules) * 1:43083 <-> ENABLED <-> FILE-IDENTIFY Rhinoceros 3D 3dm file download request (file-identify.rules) * 1:43084 <-> ENABLED <-> FILE-IDENTIFY Rhinoceros 3D 3dm file attachment detected (file-identify.rules) * 1:43085 <-> ENABLED <-> FILE-IDENTIFY Rhinoceros 3D 3dm file attachment detected (file-identify.rules) * 1:43086 <-> ENABLED <-> FILE-IDENTIFY Rhinoceros 3D 3dm file attachment detected (file-identify.rules) * 1:43087 <-> ENABLED <-> FILE-IDENTIFY FLIC animation file download request (file-identify.rules) * 1:43088 <-> ENABLED <-> FILE-IDENTIFY FLIC animation file attachment detected (file-identify.rules) * 1:43089 <-> ENABLED <-> FILE-IDENTIFY FLIC animation file attachment detected (file-identify.rules) * 1:43090 <-> ENABLED <-> FILE-IDENTIFY FLIC animation file attachment detected (file-identify.rules) * 1:43091 <-> DISABLED <-> SERVER-WEBAPP AggreGate SCADA HMI web form upload xml external entity attack attempt (server-webapp.rules) * 1:43092 <-> DISABLED <-> INDICATOR-COMPROMISE OLE attachment with embedded PICT attempt (indicator-compromise.rules) * 1:43093 <-> DISABLED <-> SERVER-WEBAPP CA Unified Infrastructure Management download_lar servelet directory traversal attempt (server-webapp.rules) * 1:43094 <-> DISABLED <-> SERVER-OTHER Ecava IntegraXor SCADA information leak attempt (server-other.rules) * 1:43095 <-> ENABLED <-> FILE-IMAGE ImageMagick SyncExifProfile out-of-bounds memory read attempt (file-image.rules) * 1:43096 <-> ENABLED <-> FILE-IMAGE ImageMagick SyncExifProfile out-of-bounds memory read attempt (file-image.rules) * 1:43097 <-> ENABLED <-> FILE-IMAGE ImageMagick SyncExifProfile out-of-bounds memory read attempt (file-image.rules) * 1:43098 <-> ENABLED <-> FILE-IMAGE ImageMagick SyncExifProfile out-of-bounds memory read attempt (file-image.rules) * 1:43099 <-> ENABLED <-> SERVER-WEBAPP Simple SCADA web-socket connection initialization attempt (server-webapp.rules) * 1:431 <-> DISABLED <-> PROTOCOL-ICMP Photuris Valid Security Parameters, But Authentication Failed (protocol-icmp.rules) * 1:43100 <-> DISABLED <-> SERVER-WEBAPP Simple SCADA web-socket remote command execution attempt (server-webapp.rules) * 1:43101 <-> DISABLED <-> SERVER-WEBAPP Beckhoff CX9020 remote configuration modification attempt (server-webapp.rules) * 1:43102 <-> DISABLED <-> SERVER-WEBAPP Mango Automation arbitrary JSP code upload attempt (server-webapp.rules) * 1:43103 <-> DISABLED <-> PROTOCOL-SCADA Weintek EasyBuilder Pro denial of service attempt (protocol-scada.rules) * 1:43104 <-> DISABLED <-> PROTOCOL-SCADA OPC Systems denial of service attempt (protocol-scada.rules) * 1:43105 <-> DISABLED <-> SERVER-OTHER Novus WS10 Data Server buffer overflow attempt (server-other.rules) * 1:43106 <-> DISABLED <-> PROTOCOL-SCADA Optima PLC APIFTP denial of service attempt (protocol-scada.rules) * 1:43107 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:43108 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:43109 <-> ENABLED <-> SERVER-OTHER Magento unauthenticated arbitrary file write attempt (server-other.rules) * 1:43110 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:43111 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:43112 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric IGSS dashboard overwrite attempt (server-webapp.rules) * 1:43113 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric IGSS dashboard deletion attempt (server-webapp.rules) * 1:43114 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:43115 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:43116 <-> DISABLED <-> SERVER-OTHER Moore Industries NCS denial of service attempt (server-other.rules) * 1:43117 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:43118 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:43119 <-> DISABLED <-> SERVER-WEBAPP CyberPower Systems PowerPanel XXE out of band data retrieval attempt (server-webapp.rules) * 1:43122 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess webvrpcs denial of service attempt (protocol-scada.rules) * 1:43123 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:43124 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:43125 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Password read or write attempt (indicator-compromise.rules) * 1:43126 <-> DISABLED <-> INDICATOR-COMPROMISE OptoMMP FTP Username read or write attempt (indicator-compromise.rules) * 1:43127 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration enumeration attempt (policy-other.rules) * 1:43128 <-> DISABLED <-> POLICY-OTHER Beck IPC network configuration overwrite attempt (policy-other.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43130 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43131 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43132 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43133 <-> DISABLED <-> FILE-OTHER Adobe malicious IFF memory corruption attempt (file-other.rules) * 1:43134 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (browser-ie.rules) * 1:43136 <-> DISABLED <-> SERVER-MAIL SysGauge SMTP response buffer overflow (server-mail.rules) * 1:43137 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43138 <-> DISABLED <-> FILE-OTHER INSAT MasterSCADA malicious project command execution attempt (file-other.rules) * 1:43139 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43140 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:43141 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large data allocation denial of service attempt (protocol-scada.rules) * 1:43142 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX large size value denial of service attempt (protocol-scada.rules) * 1:43143 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:43144 <-> DISABLED <-> PROTOCOL-SCADA Pro-Face Pro-ServerEX arbitrary memory disclosure attempt (protocol-scada.rules) * 1:43145 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43146 <-> DISABLED <-> POLICY-OTHER Pro-Face Pro-ServerEX find node invalid memory access attempt (policy-other.rules) * 1:43147 <-> ENABLED <-> SERVER-WEBAPP IBM OpenAdmin Tool SOAP welcomeService.php PHP code injection attempt (server-webapp.rules) * 1:43151 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA PacFileManagement servlet command injection attempt (server-webapp.rules) * 1:43152 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA PacFileManagement servlet command injection attempt (server-webapp.rules) * 1:43153 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA PacFileManagement servlet command injection attempt (server-webapp.rules) * 1:43154 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA PacFileManagement servlet command injection attempt (server-webapp.rules) * 1:43155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43157 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43158 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43159 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43160 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43161 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43162 <-> DISABLED <-> POLICY-OTHER Microsoft Browser iframe local file load attempt (policy-other.rules) * 1:43163 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43164 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43165 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43166 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43170 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed jpeg remote code execution attempt (file-office.rules) * 1:43172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed jpeg remote code execution attempt (file-office.rules) * 1:43173 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43174 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43175 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43176 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43177 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIPROTEC V4.24 crafted packet denial of service attempt (protocol-scada.rules) * 1:43178 <-> DISABLED <-> SERVER-WEBAPP VICIdial user_authorization command injection attempt (server-webapp.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43180 <-> ENABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43181 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43182 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43185 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules) * 1:43186 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess ActiveX clsid access attempt (browser-plugins.rules) * 1:43187 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URL outbound communication (exploit-kit.rules) * 1:43188 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv2 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:43189 <-> DISABLED <-> PROTOCOL-RPC Linux kernel NFSv3 malformed WRITE arbitrary memory read attempt (protocol-rpc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43191 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway performBackupNow.do command injection attempt (server-webapp.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43195 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupAssociationServlet SQL injection attempt (server-webapp.rules) * 1:43196 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler BackupAssociationServlet SQL injection attempt (server-webapp.rules) * 1:43197 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler FileActionAssignmentServlet SQL injection attempt (server-webapp.rules) * 1:43198 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler FileActionAssignmentServlet SQL injection attempt (server-webapp.rules) * 1:43199 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler HostStorageServlet SQL injection attempt (server-webapp.rules) * 1:432 <-> DISABLED <-> PROTOCOL-ICMP Photuris Valid Security Parameters, But Decryption Failed (protocol-icmp.rules) * 1:43200 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler HostStorageServlet SQL injection attempt (server-webapp.rules) * 1:43201 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler NbuErrorMessageServlet SQL injection attempt (server-webapp.rules) * 1:43202 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler NbuErrorMessageServlet SQL injection attempt (server-webapp.rules) * 1:43203 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ProcessesServlet SQL injection attempt (server-webapp.rules) * 1:43204 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler ProcessesServlet SQL injection attempt (server-webapp.rules) * 1:43205 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler QuantumMonitorServlet SQL injection attempt (server-webapp.rules) * 1:43206 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler QuantumMonitorServlet SQL injection attempt (server-webapp.rules) * 1:43207 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler UserDefinedFieldConfigServlet SQL injection attempt (server-webapp.rules) * 1:43208 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler UserDefinedFieldConfigServlet SQL injection attempt (server-webapp.rules) * 1:43209 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler XiotechMonitorServlet SQL injection attempt (server-webapp.rules) * 1:43210 <-> ENABLED <-> SERVER-WEBAPP SolarWinds SRM Profiler XiotechMonitorServlet SQL injection attempt (server-webapp.rules) * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43216 <-> DISABLED <-> INDICATOR-OBFUSCATION HTTP payload not fully gzip compressed attempt (indicator-obfuscation.rules) * 1:43217 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit redirection attempt (exploit-kit.rules) * 1:43218 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:43219 <-> DISABLED <-> PUA-ADWARE Win.Adware.Hotbar variant outbound connection (pua-adware.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43225 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:43226 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework CLI loader denial of service attempt (os-windows.rules) * 1:43227 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force off denial of service attempt (protocol-scada.rules) * 1:43228 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 force on denial of service attempt (protocol-scada.rules) * 1:43229 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43230 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43231 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43232 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43233 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43234 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43235 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43236 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director Shockwave 3D buffer overflow attempt (file-other.rules) * 1:43237 <-> ENABLED <-> SERVER-WEBAPP SysAid Enterprise auth bypass and remote file upload attempt (server-webapp.rules) * 1:43238 <-> DISABLED <-> SERVER-WEBAPP Imatix Xitami web server head processing denial of service attempt (server-webapp.rules) * 1:43239 <-> DISABLED <-> PROTOCOL-FTP WS-FTP REST command overly large file creation attempt (protocol-ftp.rules) * 1:43240 <-> DISABLED <-> BROWSER-PLUGINS Rising Online Virus Scanner ActiveX clsid access attempt (browser-plugins.rules) * 1:43241 <-> DISABLED <-> BROWSER-PLUGINS Rising Online Virus Scanner ActiveX clsid access attempt (browser-plugins.rules) * 1:43242 <-> DISABLED <-> BROWSER-PLUGINS Rising Online Virus Scanner ActiveX clsid access attempt (browser-plugins.rules) * 1:43243 <-> DISABLED <-> BROWSER-PLUGINS Rising Online Virus Scanner ActiveX clsid access attempt (browser-plugins.rules) * 1:43244 <-> DISABLED <-> SERVER-WEBAPP Active Calendar showcode.php directory traversal attempt (server-webapp.rules) * 1:43245 <-> DISABLED <-> SERVER-WEBAPP Active Calendar showcode.php directory traversal attempt (server-webapp.rules) * 1:43246 <-> DISABLED <-> SERVER-WEBAPP Active Calendar showcode.php directory traversal attempt (server-webapp.rules) * 1:43247 <-> DISABLED <-> SERVER-APACHE Apache Rave information disclosure attempt (server-apache.rules) * 1:43249 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject arbitrary JSP file upload attempt (server-webapp.rules) * 1:43250 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject directory traversal attempt (server-webapp.rules) * 1:43251 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA LogSettingHandler command injection attempt (server-webapp.rules) * 1:43252 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 device connection enumeration attempt (protocol-scada.rules) * 1:43253 <-> DISABLED <-> PROTOCOL-SCADA IEC 61850 virtual manufacturing device domain variable enumeration attempt (protocol-scada.rules) * 1:43254 <-> DISABLED <-> INDICATOR-SHELLCODE KUSER_SHARED_DATA NtMajorVersion and NtMinorVersion offsets (indicator-shellcode.rules) * 1:43255 <-> DISABLED <-> INDICATOR-SHELLCODE single byte x86 xor decryption routine (indicator-shellcode.rules) * 1:43256 <-> ENABLED <-> INDICATOR-OBFUSCATION Rig EK fromCharCode offset 33 obfuscated getElementsByTagName call (indicator-obfuscation.rules) * 1:43257 <-> DISABLED <-> SERVER-WEBAPP CA eHealth command injection command injection attempt (server-webapp.rules) * 1:43258 <-> DISABLED <-> SERVER-WEBAPP CA eHealth command injection command injection attempt (server-webapp.rules) * 1:43259 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43260 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43261 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43262 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43263 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43264 <-> DISABLED <-> FILE-OTHER Hangul Word Processor type confusion attempt (file-other.rules) * 1:43265 <-> DISABLED <-> SERVER-WEBAPP Novell NetIQ Sentinel Server ReportViewServlet directory traversal attempt directory traversal attempt (server-webapp.rules) * 1:43266 <-> DISABLED <-> SERVER-WEBAPP Novell NetIQ Sentinel Server ReportViewServlet directory traversal attempt directory traversal attempt (server-webapp.rules) * 1:43267 <-> DISABLED <-> SERVER-WEBAPP Novell NetIQ Sentinel Server ReportViewServlet directory traversal attempt directory traversal attempt (server-webapp.rules) * 1:43268 <-> DISABLED <-> SERVER-WEBAPP Squid ESI processing buffer overflow attempt (server-webapp.rules) * 1:43269 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:43270 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:43272 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess openWidget directory traversal attempt directory traversal attempt (server-webapp.rules) * 1:43273 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess openWidget directory traversal attempt directory traversal attempt (server-webapp.rules) * 1:43274 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess openWidget directory traversal attempt directory traversal attempt (server-webapp.rules) * 1:43275 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43276 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules) * 1:43280 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules) * 1:43281 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules) * 1:43282 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules) * 1:43283 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules) * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules) * 1:43285 <-> DISABLED <-> SERVER-WEBAPP /.svn/entries file access attempt (server-webapp.rules) * 1:43286 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/sh file access attempt (server-webapp.rules) * 1:43287 <-> DISABLED <-> SERVER-WEBAPP /etc/inetd.conf file access attempt (server-webapp.rules) * 1:43288 <-> DISABLED <-> SERVER-WEBAPP /etc/motd file access attempt (server-webapp.rules) * 1:43289 <-> DISABLED <-> SERVER-WEBAPP /etc/shadow file access attempt (server-webapp.rules) * 1:43290 <-> DISABLED <-> SERVER-WEBAPP /ws_ftp.log file access attempt (server-webapp.rules) * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43294 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules) * 1:43295 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules) * 1:43296 <-> DISABLED <-> SERVER-WEBAPP IP3 Networks NetAccess directory traversal attempt (server-webapp.rules) * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules) * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules) * 1:43299 <-> DISABLED <-> SERVER-WEBAPP Belkin N150 abitrary file read attempt (server-webapp.rules) * 1:433 <-> DISABLED <-> PROTOCOL-ICMP Photuris undefined code! (protocol-icmp.rules) * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:43304 <-> DISABLED <-> SERVER-WEBAPP csChatRBox setup attempt (server-webapp.rules) * 1:43305 <-> DISABLED <-> SERVER-WEBAPP csLiveSupport setup attempt (server-webapp.rules) * 1:43306 <-> DISABLED <-> SERVER-WEBAPP csNewsRemote setup attempt (server-webapp.rules) * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules) * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules) * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules) * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules) * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules) * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43325 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43326 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules) * 1:43327 <-> DISABLED <-> SERVER-WEBAPP HP Laserjet Pro Webadmin password reset attempt (server-webapp.rules) * 1:43328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:43329 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43330 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43331 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules) * 1:43332 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Landing Page Request Attempt (exploit-kit.rules) * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:43334 <-> DISABLED <-> SERVER-WEBAPP OpenFiler NetworkCard command execution attempt (server-webapp.rules) * 1:43335 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:43336 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:43339 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules) * 1:4334 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:43340 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules) * 1:43341 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules) * 1:43342 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43343 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43344 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43345 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules) * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules) * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43352 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43353 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43354 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43355 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43356 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43357 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules) * 1:43358 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:43359 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:43360 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:43361 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:43362 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:43363 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43364 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:43365 <-> DISABLED <-> SERVER-WEBAPP Wordpress Complete Gallery Manager arbitrary PHP file upload attempt (server-webapp.rules) * 1:43366 <-> DISABLED <-> SERVER-WEBAPP Piwigo directory traversal attempt (server-webapp.rules) * 1:43367 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules) * 1:43368 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43369 <-> DISABLED <-> FILE-OTHER Compface xbm long declaration buffer overflow attempt (file-other.rules) * 1:43370 <-> DISABLED <-> NETBIOS DCERPC possible wmi remote process launch (netbios.rules) * 1:43371 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules) * 1:43372 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules) * 1:43373 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules) * 1:43374 <-> DISABLED <-> BROWSER-PLUGINS DivX Player DivXBrowserPlugin ActiveX clsid access attempt (browser-plugins.rules) * 1:43375 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules) * 1:43376 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules) * 1:43377 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules) * 1:43378 <-> DISABLED <-> BROWSER-PLUGINS EB Design Pty Ltd ActiveX clsid access attempt (browser-plugins.rules) * 1:43379 <-> DISABLED <-> SERVER-WEBAPP CA ERwin Web Portal ProfileIconServlet directory traversal attempt (server-webapp.rules) * 1:43380 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43381 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43384 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43385 <-> DISABLED <-> INDICATOR-COMPROMISE Wing FTP Server potentially malicious admin user creation attempt (indicator-compromise.rules) * 1:43386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43387 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MFT denial of service attempt (os-windows.rules) * 1:43388 <-> DISABLED <-> OS-OTHER Apple OSX CFNetwork HTTP response denial of service attempt (os-other.rules) * 1:43389 <-> DISABLED <-> INDICATOR-COMPROMISE Symantec Endpoint Protection potential binary planting RCE attempt (indicator-compromise.rules) * 1:43390 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe startup config information disclosure attempt (server-webapp.rules) * 1:43391 <-> DISABLED <-> SERVER-WEBAPP MySQL Commander remote file include attempt (server-webapp.rules) * 1:43392 <-> DISABLED <-> SERVER-WEBAPP MySQL Commander remote file include attempt (server-webapp.rules) * 1:43393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43395 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43397 <-> DISABLED <-> SERVER-OTHER Proface GP-Pro EX EX-ED BeginPreRead stack buffer overflow attempt (server-other.rules) * 1:43398 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules) * 1:43399 <-> DISABLED <-> FILE-IMAGE multiple products PNG processing buffer overflow attempt (file-image.rules) * 1:43400 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:43401 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:43402 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules) * 1:43403 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules) * 1:43404 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center directory traversal directory traversal attempt (server-webapp.rules) * 1:43405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43407 <-> DISABLED <-> POLICY-OTHER MongoDB insert document attempt (policy-other.rules) * 1:43408 <-> DISABLED <-> POLICY-OTHER MongoDB query attempt (policy-other.rules) * 1:43409 <-> DISABLED <-> POLICY-OTHER MongoDB dropDatabase attempt (policy-other.rules) * 1:43410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43414 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43416 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43417 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43418 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43419 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43420 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43433 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43434 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43435 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server cross site scripting attempt (server-webapp.rules) * 1:43436 <-> DISABLED <-> SERVER-WEBAPP GE Fanuc Real Time Information Portal arbitrary file write attempt (server-webapp.rules) * 1:43437 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial cpanel command injection attempt (server-webapp.rules) * 1:43438 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial cpanel command injection attempt (server-webapp.rules) * 1:43439 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial go_get_user_info SQL injection attempt (server-webapp.rules) * 1:43440 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial validate_credentials SQL injection attempt (server-webapp.rules) * 1:43441 <-> DISABLED <-> SERVER-WEBAPP GoAutoDial validate_credentials SQL injection attempt (server-webapp.rules) * 1:43442 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43443 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Sorebrect download attempt (malware-other.rules) * 1:43444 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules) * 1:43450 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file double free attempt (file-office.rules) * 1:43451 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS arbitrary PHP file upload attempt (server-webapp.rules) * 1:43453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:43458 <-> DISABLED <-> SERVER-WEBAPP WordPress wp_title function cross site scripting attempt (server-webapp.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:43460 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43461 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43462 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43463 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43464 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman RestartDB opcode command injection attempt (server-other.rules) * 1:43465 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43466 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43469 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43470 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43471 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43472 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43473 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43474 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AgentInfo variant outbound connection (malware-cnc.rules) * 1:43479 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43480 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43481 <-> DISABLED <-> FILE-OTHER Vim modelines remote command execution attempt (file-other.rules) * 1:43482 <-> DISABLED <-> FILE-OTHER Vim modelines remote command execution attempt (file-other.rules) * 1:43490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43491 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43492 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43493 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43494 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling appleid (server-webapp.rules) * 1:43495 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling paypal (server-webapp.rules) * 1:43496 <-> DISABLED <-> SERVER-WEBAPP Lets Encrypt SSL certificate issuer detected (server-webapp.rules) * 1:43497 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43499 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure cross site scripting attempt (server-webapp.rules) * 1:43500 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure cross site scripting attempt (server-webapp.rules) * 1:43501 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure cross site scripting attempt (server-webapp.rules) * 1:43502 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure cross site scripting attempt (server-webapp.rules) * 1:43503 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43504 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43505 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43506 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43507 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43508 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43509 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43510 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43511 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43512 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43513 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure SQL injection attempt (server-webapp.rules) * 1:43514 <-> DISABLED <-> SERVER-OTHER Cisco IOS authentication proxy authentication request attempt (server-other.rules) * 1:43515 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain violation via cached object attempt (browser-ie.rules) * 1:43516 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43517 <-> DISABLED <-> BROWSER-OTHER Apple Safari nested xml tag denial of service attempt (browser-other.rules) * 1:43519 <-> DISABLED <-> BROWSER-PLUGINS Pegasus ImagXpress ActiveX clsid access attempt (browser-plugins.rules) * 1:43520 <-> DISABLED <-> BROWSER-PLUGINS Pegasus ImagXpress ActiveX clsid access attempt (browser-plugins.rules) * 1:43521 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43522 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43525 <-> DISABLED <-> SERVER-OTHER Cisco ASA malformed SCCP packet denial of service attempt (server-other.rules) * 1:43526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deltasource variant outbound connection detected (malware-cnc.rules) * 1:43527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deltasource variant outbound connection detected (malware-cnc.rules) * 1:43528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43531 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43532 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43534 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43535 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43536 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43537 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:43538 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:43539 <-> DISABLED <-> SERVER-WEBAPP Koha directory traversal attempt (server-webapp.rules) * 1:43540 <-> DISABLED <-> FILE-OTHER Multiple products media player wma file buffer overflow attempt (file-other.rules) * 1:43541 <-> DISABLED <-> FILE-OTHER Multiple products media player wma file buffer overflow attempt (file-other.rules) * 1:43542 <-> DISABLED <-> SERVER-OTHER CCProxy telnet ping buffer overflow attempt (server-other.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:43544 <-> DISABLED <-> SERVER-WEBAPP CA ArcServe information disclosure attempt (server-webapp.rules) * 1:43545 <-> DISABLED <-> SERVER-WEBAPP HPE System Management Homepage buffer overflow attempt (server-webapp.rules) * 1:43546 <-> DISABLED <-> INDICATOR-COMPROMISE Juniper vSRX Application Firewall IPv6 REJECT buffer overflow attempt (indicator-compromise.rules) * 1:43547 <-> DISABLED <-> SERVER-APACHE httpd mod_mime content-type buffer overflow attempt (server-apache.rules) * 1:43548 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor remote code execution attempt (server-webapp.rules) * 1:43549 <-> DISABLED <-> SERVER-WEBAPP AlienVault Unified Security Manager authentication bypass attempt (server-webapp.rules) * 1:43550 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:43551 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:43552 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43553 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43554 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk upload remote code execution attempt (server-webapp.rules) * 1:43560 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 1:43561 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:43562 <-> DISABLED <-> POLICY-OTHER Teleopti WFM database information request detected (policy-other.rules) * 1:43563 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user credentials request detected (policy-other.rules) * 1:43564 <-> DISABLED <-> POLICY-OTHER Teleopti WFM administrative user creation detected (policy-other.rules) * 1:43565 <-> DISABLED <-> APP-DETECT HTTPTunnel proxy outbound connection detected (app-detect.rules) * 1:43566 <-> DISABLED <-> SERVER-OTHER LAN Messenger initiation request buffer overflow attempt (server-other.rules) * 1:43567 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Framework diagnostic information disclosure attempt (server-webapp.rules) * 1:43568 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Framework diagnostic information disclosure attempt (server-webapp.rules) * 1:43569 <-> DISABLED <-> SERVER-WEBAPP Zavio Cam command injection attempt (server-webapp.rules) * 1:43570 <-> DISABLED <-> SERVER-WEBAPP Zavio Cam command injection attempt (server-webapp.rules) * 1:43571 <-> DISABLED <-> SERVER-WEBAPP Zavio Cam command injection attempt (server-webapp.rules) * 1:43572 <-> DISABLED <-> SERVER-WEBAPP Zavio Cam command injection attempt (server-webapp.rules) * 1:43573 <-> DISABLED <-> SERVER-OTHER Cisco IOS DHCP denial of service attempt (server-other.rules) * 1:43574 <-> DISABLED <-> SERVER-WEBAPP Wing FTP Server command injection attempt (server-webapp.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43576 <-> DISABLED <-> INDICATOR-COMPROMISE possible Samsung DVR authentication bypass attempt (indicator-compromise.rules) * 1:43577 <-> DISABLED <-> SERVER-WEBAPP Oracle BPEL Process Manager directory traversal attempt (server-webapp.rules) * 1:43578 <-> DISABLED <-> MALWARE-CNC Android.Trojan.DroidKungFu outbound connection (malware-cnc.rules) * 1:43579 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion attempt (browser-ie.rules) * 1:4358 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:43580 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion attempt (browser-ie.rules) * 1:43581 <-> DISABLED <-> SERVER-OTHER Oracle DBMS AUTH_ALTER_SESSION SQL injection attempt (server-other.rules) * 1:43582 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .wav file buffer overflow attempt (file-other.rules) * 1:43583 <-> DISABLED <-> SERVER-WEBAPP CA eHealth command injection attempt (server-webapp.rules) * 1:43584 <-> DISABLED <-> SERVER-WEBAPP CA eHealth command injection attempt (server-webapp.rules) * 1:43585 <-> DISABLED <-> SERVER-WEBAPP CA eHealth command injection attempt (server-webapp.rules) * 1:43586 <-> DISABLED <-> SERVER-WEBAPP CA eHealth command injection attempt (server-webapp.rules) * 1:43587 <-> DISABLED <-> SERVER-WEBAPP Apache httpd ap_find_token buffer overread attempt (server-webapp.rules) * 1:43588 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor directory traversal attempt (server-webapp.rules) * 1:43589 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor directory traversal attempt (server-webapp.rules) * 1:43590 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor directory traversal attempt (server-webapp.rules) * 1:43591 <-> DISABLED <-> SERVER-WEBAPP IBM Tealeaf testconn_host command injection attempt (server-webapp.rules) * 1:43592 <-> DISABLED <-> SERVER-WEBAPP IBM Tealeaf testconn_host command injection attempt (server-webapp.rules) * 1:43593 <-> DISABLED <-> SERVER-WEBAPP IBM Tealeaf testconn_host command injection attempt (server-webapp.rules) * 1:43594 <-> DISABLED <-> SERVER-WEBAPP IBM Tealeaf testconn_host command injection attempt (server-webapp.rules) * 1:43595 <-> DISABLED <-> SERVER-WEBAPP Netgear Prosafe filesystem denial of service attempt (server-webapp.rules) * 1:43596 <-> DISABLED <-> SERVER-OTHER Oracle Demantra information disclosure attempt (server-other.rules) * 1:43597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy outbound connection (malware-cnc.rules) * 1:43598 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules) * 1:43599 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules) * 1:436 <-> DISABLED <-> PROTOCOL-ICMP Redirect for TOS and Host (protocol-icmp.rules) * 1:43600 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:43601 <-> DISABLED <-> FILE-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (file-other.rules) * 1:43602 <-> DISABLED <-> SERVER-OTHER Wireshark ENTTEC DMX RLE buffer overflow attempt (server-other.rules) * 1:43603 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:43604 <-> DISABLED <-> FILE-OTHER Schneider Electric ClearSCADA malicious OPF file (file-other.rules) * 1:43605 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:43606 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access attempt (browser-plugins.rules) * 1:43607 <-> DISABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access attempt (browser-plugins.rules) * 1:43608 <-> DISABLED <-> FILE-OTHER Multiple Products SGI ZSIZE handling buffer overflow attempt (file-other.rules) * 1:43609 <-> DISABLED <-> FILE-OTHER Multiple Products SGI ZSIZE handling buffer overflow attempt (file-other.rules) * 1:43610 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43611 <-> DISABLED <-> SERVER-OTHER Piwigo LocalFiles editor cross-site request forgery attempt (server-other.rules) * 1:43615 <-> DISABLED <-> FILE-OTHER Orbital Viewer .orb stack buffer overflow attempt (file-other.rules) * 1:43616 <-> DISABLED <-> SERVER-WEBAPP E-Mail Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:43617 <-> DISABLED <-> SERVER-WEBAPP E-Mail Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:43618 <-> DISABLED <-> SERVER-WEBAPP E-Mail Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:43619 <-> DISABLED <-> SERVER-WEBAPP E-Mail Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:43620 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:43621 <-> DISABLED <-> SERVER-OTHER Real Networks Helix Server RTSP denial of service attempt (server-other.rules) * 1:43622 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GDI VML gradient size heap overflow attempt (browser-ie.rules) * 1:43623 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file HostList processing stack buffer overflow attempt (file-other.rules) * 1:43624 <-> DISABLED <-> FILE-OTHER IBM Informix Client SDK NFX file InformixServerList processing stack buffer overflow attempt (file-other.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:43626 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:43627 <-> DISABLED <-> FILE-OTHER Schneider Electric MaxStream Configuration X-CTU code execution attempt (file-other.rules) * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43633 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules) * 1:43634 <-> DISABLED <-> SERVER-WEBAPP Zenoss call home remote code execution attempt (server-webapp.rules) * 1:43635 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EUC-JP encoding cross site scripting attempt (browser-ie.rules) * 1:43636 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EUC-JP encoding cross site scripting attempt (browser-ie.rules) * 1:43637 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server cross site scripting attempt (server-webapp.rules) * 1:43638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel null pointer dereference attempt (file-office.rules) * 1:43642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox multiple vulnerabilities memory corruption attempt (browser-firefox.rules) * 1:43643 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox design mode deleted style memory corruption attempt (browser-firefox.rules) * 1:43644 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox display moz-deck style memory corruption attempt (browser-firefox.rules) * 1:43645 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules) * 1:43646 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules) * 1:43647 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules) * 1:43648 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules) * 1:43649 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules) * 1:43650 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules) * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules) * 1:43653 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules) * 1:43654 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules) * 1:43655 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules) * 1:43656 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:43657 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:43658 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:43659 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules) * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules) * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules) * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:43665 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:43666 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System remote file include attempt (server-webapp.rules) * 1:43667 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System remote file include attempt (server-webapp.rules) * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules) * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules) * 1:43671 <-> DISABLED <-> SQL Oracle MySQL Pluggable Auth denial of service attempt (sql.rules) * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules) * 1:43678 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:43679 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:43680 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules) * 1:43681 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules) * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules) * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules) * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules) * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules) * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules) * 1:43688 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules) * 1:43689 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules) * 1:43690 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules) * 1:43691 <-> DISABLED <-> SERVER-WEBAPP Ultimate Fun Book function.php remote file include attempt (server-webapp.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43695 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules) * 1:43696 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules) * 1:43697 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules) * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:437 <-> DISABLED <-> PROTOCOL-ICMP Redirect for TOS and Network (protocol-icmp.rules) * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules) * 1:43701 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules) * 1:43702 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules) * 1:43703 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules) * 1:43704 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules) * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules) * 1:43706 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules) * 1:43707 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules) * 1:43708 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules) * 1:43709 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules) * 1:43710 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules) * 1:43711 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access gencsr command injection attempt (server-webapp.rules) * 1:43718 <-> DISABLED <-> SERVER-WEBAPP Site-Assistant menu.php remote file include attempt (server-webapp.rules) * 1:43719 <-> DISABLED <-> SERVER-WEBAPP Site-Assistant menu.php remote file include attempt (server-webapp.rules) * 1:43720 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server directory traversal attempt (server-webapp.rules) * 1:43721 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server directory traversal attempt (server-webapp.rules) * 1:43722 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server directory traversal attempt (server-webapp.rules) * 1:43723 <-> DISABLED <-> SERVER-WEBAPP FCRing sfuss remote file include attempt (server-webapp.rules) * 1:43724 <-> DISABLED <-> SERVER-WEBAPP FCRing sfuss remote file include attempt (server-webapp.rules) * 1:43727 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV integer overflow attempt (file-flash.rules) * 1:43728 <-> DISABLED <-> SERVER-OTHER XChat heap buffer overflow attempt (server-other.rules) * 1:43729 <-> DISABLED <-> EXPLOIT-KIT Rig/Grandsoft Exploit Kit IE exploit attempt (exploit-kit.rules) * 1:43730 <-> DISABLED <-> SERVER-OTHER multiple vulnerabilities malformed mp3 buffer overflow attempt (server-other.rules) * 1:43731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista contacts gadget code execution attempt (os-windows.rules) * 1:43732 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista contacts gadget code execution attempt (os-windows.rules) * 1:43733 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall Controller filter SQL injection attempt (server-webapp.rules) * 1:43734 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall Controller filter SQL injection attempt (server-webapp.rules) * 1:43735 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG pathSegList memory corruption attempt (browser-firefox.rules) * 1:43736 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL commandDispatcher memory corruption attempt (browser-firefox.rules) * 1:43737 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL commandDispatcher memory corruption attempt (browser-firefox.rules) * 1:43738 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVGZoom memory corruption attempt (browser-firefox.rules) * 1:43739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVGZoom memory corruption attempt (browser-firefox.rules) * 1:43740 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox frameset memory corruption attempt (browser-firefox.rules) * 1:43741 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox frameset memory corruption attempt (browser-firefox.rules) * 1:43742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox lookup property memory corruption attempt (browser-firefox.rules) * 1:43743 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox lookup property memory corruption attempt (browser-firefox.rules) * 1:43744 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox style display inherit memory corruption attempt (browser-firefox.rules) * 1:43745 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox style display inherit memory corruption attempt (browser-firefox.rules) * 1:43746 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox frame element memory corruption attempt (browser-firefox.rules) * 1:43747 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox frame element memory corruption attempt (browser-firefox.rules) * 1:43748 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43749 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox BOM character cross site scripting attempt (browser-firefox.rules) * 1:43750 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:43751 <-> DISABLED <-> FILE-OTHER Sorensoft Media Player asz file buffer overflow attempt (file-other.rules) * 1:43752 <-> DISABLED <-> SERVER-OTHER Sun Solaris dhcpd malformed bootp denial of service attempt (server-other.rules) * 1:43753 <-> DISABLED <-> SERVER-OTHER Sami FTP RETR denial of service attempt (server-other.rules) * 1:43754 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Backdoor inbound connection attempt (malware-cnc.rules) * 1:43755 <-> DISABLED <-> SERVER-OTHER FreeBSD Routing Information Protocol assertion failure attempt (server-other.rules) * 1:43756 <-> DISABLED <-> SERVER-WEBAPP Coppermine Photo Gallery thumbnails.php SQL injection attempt (server-webapp.rules) * 1:43757 <-> DISABLED <-> SERVER-WEBAPP ScadaBR remote credential export attempt (server-webapp.rules) * 1:43758 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTravelEntry use after free attempt (browser-ie.rules) * 1:43759 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTravelEntry use after free attempt (browser-ie.rules) * 1:43760 <-> DISABLED <-> PROTOCOL-NNTP Control overflow attempt (protocol-nntp.rules) * 1:43761 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox wyciwgy domain forgery attempt (browser-firefox.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:43767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:43768 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox floating layer denial of service attempt (browser-firefox.rules) * 1:43769 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43770 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43771 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43772 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43773 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43774 <-> DISABLED <-> SERVER-OTHER D-Link DSL-2740B cross site request forgery attempt (server-other.rules) * 1:43775 <-> DISABLED <-> SERVER-WEBAPP HP Sitescope EmailServlet directory traversal attempt (server-webapp.rules) * 1:43776 <-> DISABLED <-> SERVER-WEBAPP HP Sitescope EmailServlet directory traversal attempt (server-webapp.rules) * 1:43777 <-> DISABLED <-> SERVER-WEBAPP HP Sitescope EmailServlet directory traversal attempt (server-webapp.rules) * 1:43778 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:43780 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-645 router buffer overflow attempt (server-webapp.rules) * 1:43781 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-645 router cross site scripting attempt (server-webapp.rules) * 1:43782 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-645 router cross site scripting attempt (server-webapp.rules) * 1:43783 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-645 router cross site scripting attempt (server-webapp.rules) * 1:43784 <-> DISABLED <-> POLICY-OTHER D-Link DIR-645 router external authentication attempt (policy-other.rules) * 1:43785 <-> DISABLED <-> POLICY-OTHER Possible Apache Continuum saveInstallation.action command injection vulnerability check (policy-other.rules) * 1:43786 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:43787 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:43788 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:43789 <-> DISABLED <-> SERVER-OTHER Solarwinds Virtualization Manager Java malicious object deserialization attempt (server-other.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43791 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework mscormmc.dll ASLR bypass attempt (os-windows.rules) * 1:43792 <-> DISABLED <-> OS-WINDOWS Microsoft .NET framework mscormmc.dll ASLR bypass attempt (os-windows.rules) * 1:43793 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:43794 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43795 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43797 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:43798 <-> DISABLED <-> FILE-OTHER Schneider Electric VAMSET CFG file heap buffer overflow attempt (file-other.rules) * 1:438 <-> DISABLED <-> PROTOCOL-ICMP Redirect undefined code (protocol-icmp.rules) * 1:43802 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:43803 <-> ENABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:43804 <-> DISABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:43805 <-> DISABLED <-> FILE-OFFICE Microsoft Office mqrt.dll dll-load exploit attempt (file-office.rules) * 1:43806 <-> DISABLED <-> MALWARE-BACKDOOR HVL Rat inbound command (malware-backdoor.rules) * 1:43807 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:43808 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:43809 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC cross site request forgery attempt (server-webapp.rules) * 1:43810 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43811 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43812 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43813 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC cross site scripting attempt (server-webapp.rules) * 1:43814 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules) * 1:43815 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43816 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43817 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43818 <-> DISABLED <-> OS-WINDOWS Microsoft VBScript engine RegExp information disclosure attempt (os-windows.rules) * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43822 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43823 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43824 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.XAgent outbound connection (malware-cnc.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules) * 1:43829 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules) * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43832 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:43833 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules) * 1:43835 <-> DISABLED <-> EXPLOIT-KIT RIG exploit kit Adobe Flash exploit download (exploit-kit.rules) * 1:43836 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file packed with SecureSwf obfuscator (indicator-obfuscation.rules) * 1:43837 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript regex (indicator-obfuscation.rules) * 1:43838 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash file contains reference to kernel32.dll (indicator-compromise.rules) * 1:43839 <-> DISABLED <-> INDICATOR-COMPROMISE backwards executable download (indicator-compromise.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43846 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules) * 1:43847 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43848 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43849 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman RestoreZipFile opcode command injection attempt (server-other.rules) * 1:43850 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman BackupZipFile opcode command injection attempt (server-other.rules) * 1:43851 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43852 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43853 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unpaired RTF dpendgroup buffer overflow attempt (file-office.rules) * 1:43854 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unpaired RTF dpendgroup buffer overflow attempt (file-office.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43866 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43871 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43872 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43873 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Professional malformed PCX memory corruption attempt (file-image.rules) * 1:43875 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules) * 1:43876 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF with malformed embedded JPEG memory corruption attempt (file-other.rules) * 1:43877 <-> ENABLED <-> FILE-PDF Acrobat Reader PDFDocEncoding object WinAnsiEncoding memory corruption attempt (file-pdf.rules) * 1:43878 <-> ENABLED <-> FILE-PDF Acrobat Reader PDFDocEncoding object WinAnsiEncoding memory corruption attempt (file-pdf.rules) * 1:43879 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:43880 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF polygon heap buffer overflow attempt (file-other.rules) * 1:43881 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules) * 1:43882 <-> DISABLED <-> FILE-PDF Adobe PDF file annotation plugin use after free memory corruption attempt (file-pdf.rules) * 1:43883 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules) * 1:43884 <-> ENABLED <-> FILE-PDF Acrobat Reader FontDescriptor object type confusion attempt (file-pdf.rules) * 1:43885 <-> DISABLED <-> EXPLOIT-KIT Exploit Kit malicious redirection attempt (exploit-kit.rules) * 1:43886 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules) * 1:43887 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed UTF-16 string memory corruption attempt (file-pdf.rules) * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43891 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43892 <-> ENABLED <-> MALWARE-OTHER Win.Malware.Emotet variant lateral propagation (malware-other.rules) * 1:43893 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules) * 1:43894 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF LZW coding table memory corruption attempt (file-other.rules) * 1:43895 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules) * 1:43896 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules) * 1:43897 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules) * 1:43898 <-> DISABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access sitecustomization command injection attempt (server-webapp.rules) * 1:43899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biggluck variant inbound response (malware-cnc.rules) * 1:439 <-> DISABLED <-> PROTOCOL-ICMP Reserved for Security Type 19 (protocol-icmp.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43902 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules) * 1:43903 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_STROKEPATH memory corruption attempt (file-image.rules) * 1:43904 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules) * 1:43905 <-> ENABLED <-> FILE-PDF Adobe Reader execMenuItem buffer overflow attempt (file-pdf.rules) * 1:43906 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules) * 1:43907 <-> ENABLED <-> FILE-PDF Adobe Reader XFA loadXML use after free attempt (file-pdf.rules) * 1:43908 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules) * 1:43909 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules) * 1:43910 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules) * 1:43911 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader JPEG 2000 tile memory corruption attempt (file-image.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:43915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode type confusion exploitation attempt (file-pdf.rules) * 1:43916 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules) * 1:43917 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file GIF sub-block memory corruption attempt (file-other.rules) * 1:43918 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43919 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader exportDataObject security bypass attempt (file-pdf.rules) * 1:43924 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules) * 1:43925 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader duplicate U3D header memory corruption attempt (file-pdf.rules) * 1:43926 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43927 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA javascript use after free exploitation attempt (file-pdf.rules) * 1:43928 <-> DISABLED <-> PROTOCOL-OTHER NETBIOS Session Service header length field denial of service attempt (protocol-other.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:43931 <-> ENABLED <-> EXPLOIT-KIT RIG exploit kit shellcode detected (exploit-kit.rules) * 1:43932 <-> ENABLED <-> EXPLOIT-KIT TERROR exploit kit FlashVars parameter shellcode (exploit-kit.rules) * 1:43933 <-> DISABLED <-> INDICATOR-COMPROMISE VBScript accessing scripting API for WMI (indicator-compromise.rules) * 1:43934 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:43935 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station PixlrEditorHandler.php directory traversal attempt (server-webapp.rules) * 1:43936 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules) * 1:43937 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules) * 1:43938 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station file_upload.php directory traversal attempt (server-webapp.rules) * 1:43939 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station synotheme_upload.php session forgery attempt (server-webapp.rules) * 1:43940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:43941 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:43942 <-> DISABLED <-> FILE-OTHER Abbs Media Player LST buffer overflow attempt (file-other.rules) * 1:43943 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (malware-backdoor.rules) * 1:43944 <-> DISABLED <-> FILE-OTHER multiple products malformed CUE file buffer overflow attempt (file-other.rules) * 1:43945 <-> DISABLED <-> FILE-OTHER Magic Music Editor malformed CDA buffer overflow attempt (file-other.rules) * 1:43946 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43947 <-> DISABLED <-> FILE-OTHER Guitar Pro malformed GPX buffer overflow attempt (file-other.rules) * 1:43948 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules) * 1:43949 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine heap memory corruption attempt (file-pdf.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:43951 <-> DISABLED <-> BROWSER-PLUGINS Shockwave ActiveX Control clsid access (browser-plugins.rules) * 1:43952 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:43953 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed AMR buffer overflow attempt (file-other.rules) * 1:43954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules) * 1:43955 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:43956 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine integer overflow attempt (browser-chrome.rules) * 1:43957 <-> DISABLED <-> SERVER-WEBAPP Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host Remote Command Execution attempt (server-webapp.rules) * 1:43958 <-> DISABLED <-> SERVER-WEBAPP SoapUI WSDL types element remote code execution attempt (server-webapp.rules) * 1:43959 <-> DISABLED <-> SERVER-OTHER Sybase Open Server function pointer array code execution attempt (server-other.rules) * 1:43960 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules) * 1:43961 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:43962 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:43963 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules) * 1:43964 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF file kerning data memory corruption attempt (file-other.rules) * 1:43965 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:43966 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer .doc file denial of service attempt (os-windows.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:43968 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:43970 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:43971 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIER16 out of bounds access attempt (file-multimedia.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43973 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules) * 1:43974 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF comment memory corruption attempt (file-other.rules) * 1:43975 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43976 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hermit variant malicious dropper download attempt (malware-other.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43979 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43980 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43983 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules) * 1:43984 <-> DISABLED <-> FILE-OTHER Adobe Professional JPEG APP1 memory corruption attempt (file-other.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:43986 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electroc ModbusDrv.exe buffer overflow attempt (protocol-scada.rules) * 1:43987 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:43988 <-> DISABLED <-> SERVER-OTHER Konqueror KDE ftp iframe denial of service attempt (server-other.rules) * 1:43989 <-> DISABLED <-> INDICATOR-OBFUSCATION newlines embedded in rtf header (indicator-obfuscation.rules) * 1:43990 <-> DISABLED <-> INDICATOR-OBFUSCATION RTF obfuscation string (indicator-obfuscation.rules) * 1:43991 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43992 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43995 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43997 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules) * 1:43998 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed TrueType font memory corruption attempt (file-pdf.rules) * 1:43999 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules) * 1:440 <-> DISABLED <-> PROTOCOL-ICMP Reserved for Security Type 19 undefined code (protocol-icmp.rules) * 1:44000 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed brush object attempt (file-multimedia.rules) * 1:44001 <-> DISABLED <-> SERVER-WEBAPP PHP malformed quoted printable denial of service attempt (server-webapp.rules) * 1:44002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44004 <-> DISABLED <-> POLICY-OTHER Cisco DDR2200 ASDL gateway file download detected (policy-other.rules) * 1:44005 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules) * 1:44006 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules) * 1:44007 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules) * 1:44008 <-> DISABLED <-> SERVER-WEBAPP Cisco DDR2200 ADSL gateway command injection attempt (server-webapp.rules) * 1:44009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:44010 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox empty lookupGetter dangling pointer attempt (browser-firefox.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44015 <-> DISABLED <-> PROTOCOL-OTHER STCP heartbeat chunk denial of service attempt (protocol-other.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44019 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44020 <-> DISABLED <-> FILE-IMAGE malformed png missing IHDR (file-image.rules) * 1:44021 <-> DISABLED <-> SERVER-WEBAPP Dell OpenManage server application field buffer overflow attempt (server-webapp.rules) * 1:44023 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44024 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44026 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44030 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint ppt file attachment detected file attachment detected (file-identify.rules) * 1:44031 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44032 <-> DISABLED <-> FILE-OFFICE Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt (file-office.rules) * 1:44033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules) * 1:44034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Professional EMF file JPEG Huffman table memory corrupt attempt (file-other.rules) * 1:44035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44036 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:44037 <-> ENABLED <-> INDICATOR-COMPROMISE DNS request for known malware sinkhole domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com - WannaCry (indicator-compromise.rules) * 1:44038 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:44039 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44040 <-> DISABLED <-> FILE-PDF Foxit PDF Reader Launch action buffer overflow attempt (file-pdf.rules) * 1:44041 <-> DISABLED <-> SERVER-OTHER LCDproc test_func buffer overflow attempt (server-other.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44043 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:44044 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44045 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox invalid watchpoint memory corruption attempt (browser-firefox.rules) * 1:44046 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44048 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44049 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox memory corruption attempt (browser-firefox.rules) * 1:44050 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44051 <-> DISABLED <-> BROWSER-OTHER Apple Safari document.write buffer overflow attempt (browser-other.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:44053 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules) * 1:44054 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG file invalid quantization table use-after-free attempt (file-pdf.rules) * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules) * 1:44057 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44058 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file EMR_ALPHABLEND record memory corruption attempt (file-other.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44064 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44065 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44066 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44067 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:44068 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44069 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:44072 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44073 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44074 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44075 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44076 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .trade dns query (indicator-compromise.rules) * 1:44077 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .win dns query (indicator-compromise.rules) * 1:44078 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod file download (malware-other.rules) * 1:44079 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder localize.php SQL injection attempt (server-webapp.rules) * 1:44080 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder localize.php SQL injection attempt (server-webapp.rules) * 1:44081 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (browser-ie.rules) * 1:44083 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules) * 1:44084 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA field initialization memory corruption attempt (file-pdf.rules) * 1:44085 <-> DISABLED <-> SERVER-OTHER FreeRADIUS invalid WiMAX VSA length out of bounds write attempt (server-other.rules) * 1:44086 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules) * 1:44087 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF line segments memory corruption attempt (file-other.rules) * 1:44088 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CapiCom.Utilities ActiveX control getRandom method access attempt (browser-plugins.rules) * 1:44089 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CapiCom.Utilities ActiveX control getRandom method access attempt (browser-plugins.rules) * 1:44090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CapiCom.Utilities ActiveX control getRandom method access attempt (browser-plugins.rules) * 1:44091 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CapiCom.Utilities ActiveX control getRandom method access attempt (browser-plugins.rules) * 1:44094 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules) * 1:44095 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record memory corruption attempt (file-multimedia.rules) * 1:44096 <-> DISABLED <-> MALWARE-TOOLS Request to service that provices external IP address detected (malware-tools.rules) * 1:44097 <-> DISABLED <-> FILE-PDF Foxit Reader launchURL Command Injection Remote Code Execution attempt (file-pdf.rules) * 1:44098 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript launchURL command injection and remote code execution attempt (file-pdf.rules) * 1:44099 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules) * 1:441 <-> DISABLED <-> PROTOCOL-ICMP Router Advertisement (protocol-icmp.rules) * 1:44100 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_STRETCHDIBITS record out of bounds access attempt (file-multimedia.rules) * 1:44103 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44104 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript saveAs arbitrary file write attempt (file-pdf.rules) * 1:44105 <-> DISABLED <-> SERVER-OTHER WebPageTests upload feature remote file upload attempt (server-other.rules) * 1:44108 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44109 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44110 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44111 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44112 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44113 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44114 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44115 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF file TIFF image size memory corruption attempt (file-other.rules) * 1:44116 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44117 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44118 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44119 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:44120 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record crash attempt (file-other.rules) * 1:44121 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44122 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional EMF JPEG APP13 malformed record memory corruption attempt (file-other.rules) * 1:44123 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:44124 <-> DISABLED <-> FILE-OTHER EMF EMR_EXTTEXTOUTW record memory corruption attempt (file-other.rules) * 1:44128 <-> DISABLED <-> FILE-IMAGE Microsoft Windows metafile SetPaletteEntries heap overflow attempt (file-image.rules) * 1:44129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:4413 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss AddPrinterEx overflow attempt (os-windows.rules) * 1:44130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:44133 <-> DISABLED <-> SERVER-WEBAPP OPENi-CMS Seitenschutz plugin remote file include attempt (server-webapp.rules) * 1:44134 <-> DISABLED <-> SERVER-WEBAPP OPENi-CMS Seitenschutz plugin remote file include attempt (server-webapp.rules) * 1:44143 <-> DISABLED <-> SERVER-OTHER LCDproc test_func format string code execution attempt (server-other.rules) * 1:44144 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules) * 1:44145 <-> ENABLED <-> FILE-PDF Adobe Reader XFA event use after free attempt (file-pdf.rules) * 1:44146 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44147 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JSXML integer overflow attempt (browser-firefox.rules) * 1:44148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed loop denial of service attempt (browser-ie.rules) * 1:44149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed loop denial of service attempt (browser-ie.rules) * 1:44150 <-> DISABLED <-> SERVER-WEBAPP IBM Websphere cross site scripting attempt (server-webapp.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44152 <-> DISABLED <-> SERVER-OTHER Multmedia Builder MEF buffer overflow attempt (server-other.rules) * 1:44153 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules) * 1:44154 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules) * 1:44155 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:44156 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:44157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules) * 1:44158 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:44159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media Player malformed au denial of service attempt (file-other.rules) * 1:44160 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44161 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44165 <-> ENABLED <-> SERVER-WEBAPP websocket protocol upgrade request detected (server-webapp.rules) * 1:44169 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules) * 1:44170 <-> DISABLED <-> FILE-PDF Adobe Professional JPEG ICC profile heap overflow attempt (file-pdf.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:44172 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious dynamic http link creation attempt (indicator-obfuscation.rules) * 1:44173 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44174 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44175 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder runscript.php arbitrary file include attempt (server-webapp.rules) * 1:44176 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Umotion Builder runscript.php arbitrary file include attempt (server-webapp.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 1:44180 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:44181 <-> DISABLED <-> FILE-OTHER Bluezone Desktop buffer overflow attempt (file-other.rules) * 1:44182 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:44183 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:44184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer information disclosure attempt (browser-ie.rules) * 1:44185 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer information disclosure attempt (browser-ie.rules) * 1:44188 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span frontier parsing memory corruption attempt (browser-ie.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:44191 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman BackupDBase opcode command injection attempt (server-other.rules) * 1:44192 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules) * 1:44193 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer frameBorder denial of service attempt (browser-ie.rules) * 1:44194 <-> DISABLED <-> FILE-MULTIMEDIA multiple audio players playlist file handling heap overflow attempt (file-multimedia.rules) * 1:44195 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules) * 1:44196 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules) * 1:44197 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules) * 1:44198 <-> DISABLED <-> BROWSER-IE Internet Explorer CCaret memory corruption attempt (browser-ie.rules) * 1:44199 <-> DISABLED <-> BROWSER-IE Microsoft Internet print table of links cross site scripting attempt (browser-ie.rules) * 1:44200 <-> DISABLED <-> BROWSER-IE Microsoft Internet print table of links cross site scripting attempt (browser-ie.rules) * 1:44201 <-> DISABLED <-> SERVER-OTHER Verso NetPerformer frame relay access device telnet buffer overflow attempt (server-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:44203 <-> DISABLED <-> SERVER-OTHER HP Data Protector memory corruption attempt (server-other.rules) * 1:44204 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:44205 <-> DISABLED <-> FILE-OTHER VideoLAN VLC Media Player Ogg/Vorbis denial of service attempt (file-other.rules) * 1:44206 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44207 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44208 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44209 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded JS array memory corruption attempt (file-pdf.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44215 <-> DISABLED <-> SERVER-OTHER Sybase Open Server TDS login packet stack memory corruption attempt (server-other.rules) * 1:44216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules) * 1:44217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules) * 1:44218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules) * 1:44219 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44231 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word doc file attachment detected (file-identify.rules) * 1:44232 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules) * 1:44233 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules) * 1:44234 <-> DISABLED <-> SERVER-WEBAPP Western Digital Dropbox App dropbox.php command injection attempt (server-webapp.rules) * 1:44235 <-> ENABLED <-> INDICATOR-OBFUSCATION FOPO obfuscated PHP file upload attempt (indicator-obfuscation.rules) * 1:44236 <-> ENABLED <-> SERVER-WEBAPP Wordpress Symposium arbitrary PHP file upload attempt (server-webapp.rules) * 1:44275 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44280 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules) * 1:44281 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44282 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44283 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44284 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC ActiveX clsid access attempt (browser-ie.rules) * 1:44286 <-> DISABLED <-> FILE-IMAGE Real-DRAW PRO malformed PNG denial of service attempt (file-image.rules) * 1:44289 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44291 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules) * 1:44292 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules) * 1:44293 <-> DISABLED <-> SERVER-OTHER FreeRADIUS data2vp_wimax out of bounds write attempt (server-other.rules) * 1:44296 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:44298 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem command injection attempt (server-webapp.rules) * 1:44299 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem information disclosure attempt (server-webapp.rules) * 1:443 <-> DISABLED <-> PROTOCOL-ICMP Router Selection (protocol-icmp.rules) * 1:44300 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem authentication bypass attempt (server-webapp.rules) * 1:44301 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem information disclosure attempt (server-webapp.rules) * 1:44302 <-> DISABLED <-> SERVER-WEBAPP AT&T U-verse modem firmware upload attempt (server-webapp.rules) * 1:44303 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44304 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint CString atom overflow attempt (file-office.rules) * 1:44305 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow memory corruption attempt (os-windows.rules) * 1:44306 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow memory corruption attempt (os-windows.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44308 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:44309 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44315 <-> ENABLED <-> SERVER-WEBAPP Java XML deserialization remote code execution attempt (server-webapp.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44320 <-> DISABLED <-> SERVER-OTHER Symantec Firewalls DNS response denial of service attempt (server-other.rules) * 1:44321 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules) * 1:44322 <-> DISABLED <-> SERVER-WEBAPP NEC Express Cluster DeleteWorkDirectory.js command injection attempt (server-webapp.rules) * 1:44323 <-> DISABLED <-> FILE-OTHER RAR file malformed header antivirus evasion attempt (file-other.rules) * 1:44324 <-> DISABLED <-> POLICY-OTHER vsFTPd denial of service attempt (policy-other.rules) * 1:44325 <-> DISABLED <-> FILE-OTHER ZIP file malformed header antivirus evasion attempt (file-other.rules) * 1:44326 <-> DISABLED <-> SERVER-OTHER Novell iPrint Client buffer overflow attempt (server-other.rules) * 1:44327 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44329 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44330 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44331 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44332 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44333 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44334 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44335 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44336 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44337 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman RestoreDBase opcode command injection attempt (server-other.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44339 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44340 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44341 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44342 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44343 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44349 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44350 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44353 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44354 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44355 <-> DISABLED <-> FILE-IMAGE Free Opener malformed JPEG file buffer overflow attempt (file-image.rules) * 1:44356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules) * 1:44359 <-> ENABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44363 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt (file-office.rules) * 1:44364 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt (file-office.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44368 <-> DISABLED <-> PROTOCOL-SCADA CoDeSys GatewayService heap overrun attempt (protocol-scada.rules) * 1:44369 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:44370 <-> DISABLED <-> FILE-PDF Nitro Pro malformed object index buffer overflow attempt (file-pdf.rules) * 1:44371 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44372 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44373 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:44374 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid hash algorithm (server-other.rules) * 1:44375 <-> DISABLED <-> SERVER-OTHER Open SSL 1.0.2 DoS attempt with an invalid signature algorithm (server-other.rules) * 1:44378 <-> DISABLED <-> SERVER-WEBAPP Easy File Sharing HTTP Server Post buffer overflow attempt (server-webapp.rules) * 1:44382 <-> DISABLED <-> SERVER-OTHER D-Link router remote reboot attempt (server-other.rules) * 1:44383 <-> DISABLED <-> SERVER-WEBAPP D-Link router firmware update attempt (server-webapp.rules) * 1:44384 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules) * 1:44385 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules) * 1:44386 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules) * 1:44387 <-> DISABLED <-> SERVER-WEBAPP D-Link router stack based buffer overflow attempt (server-webapp.rules) * 1:44388 <-> ENABLED <-> SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (server-webapp.rules) * 1:44390 <-> DISABLED <-> SERVER-WEBAPP PHP form-based file upload DoS attempt (server-webapp.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44394 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:44395 <-> DISABLED <-> PUA-ADWARE Win.Adware.Techsnab variant outbound connection detected (pua-adware.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44403 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44405 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44406 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44407 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44408 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44409 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44410 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44411 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44412 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44413 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44414 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44416 <-> DISABLED <-> INDICATOR-COMPROMISE png file attachment without matching file magic (indicator-compromise.rules) * 1:44418 <-> DISABLED <-> SERVER-OTHER Tipping Point IPS reverse DNS lookup format string exploit attempt (server-other.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44432 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44433 <-> ENABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44434 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server possible OPTIONS method memory leak attempt (server-apache.rules) * 1:44435 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF authentication token disclosure attempt (server-webapp.rules) * 1:44436 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules) * 1:44437 <-> DISABLED <-> SERVER-WEBAPP DenyAll WAF tail.php command injection attempt (server-webapp.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44441 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44442 <-> ENABLED <-> FILE-IDENTIFY Blender blend file magic detected (file-identify.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44453 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi NTP service configuration command injection attempt (server-webapp.rules) * 1:44454 <-> ENABLED <-> SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt (server-webapp.rules) * 1:44455 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:44456 <-> DISABLED <-> FILE-IMAGE Apple PICT Quickdraw image converter packType 4 buffer overflow attempt (file-image.rules) * 1:44465 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules) * 1:44466 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules) * 1:44467 <-> DISABLED <-> SERVER-WEBAPP Fibaro Home Center liliSetDeviceCommand.php command injection attempt (server-webapp.rules) * 1:44468 <-> DISABLED <-> SERVER-OTHER SAP Netweaver Dynpro Engine denial of service attempt (server-other.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44471 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules) * 1:44472 <-> ENABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (server-webapp.rules) * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:44474 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Change Cipher spoof runtime detection (malware-other.rules) * 1:44475 <-> DISABLED <-> MALWARE-OTHER GHBkdr TLS Handshake spoof runtime detection (malware-other.rules) * 1:44476 <-> DISABLED <-> PUA-ADWARE Win.Adware.OutBrowse variant outbound connection detected (pua-adware.rules) * 1:44477 <-> DISABLED <-> SERVER-OTHER dnsmasq dhcp6_maybe_relay stack buffer overflow attempt (server-other.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:44479 <-> DISABLED <-> PROTOCOL-DNS dnsmasq overly large DNS query denial of service attempt (protocol-dns.rules) * 1:44480 <-> DISABLED <-> SERVER-OTHER dnsmasq Relay-forw information leak attempt (server-other.rules) * 1:44481 <-> DISABLED <-> SERVER-OTHER dnsmasq IPv6 heap overflow attempt (server-other.rules) * 1:44482 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt (protocol-dns.rules) * 1:44483 <-> DISABLED <-> SERVER-OTHER Supervisord remote code execution attempt (server-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44485 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44486 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44487 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44488 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44489 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:44490 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules) * 1:44491 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules) * 1:44492 <-> DISABLED <-> SERVER-WEBAPP ZyXEL Router Firmware qos_queue_add.cgi command injection attempt (server-webapp.rules) * 1:44493 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ONVIF device_service SQL injection attempt (server-webapp.rules) * 1:44494 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules) * 1:44495 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules) * 1:44496 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ftp.cgi command injection attempt (server-webapp.rules) * 1:44497 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras information disclosure attempt (server-webapp.rules) * 1:445 <-> DISABLED <-> PROTOCOL-ICMP SKIP (protocol-icmp.rules) * 1:44501 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:44502 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess buffer overflow attempt (server-other.rules) * 1:44504 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager directory traversal attempt (server-webapp.rules) * 1:44505 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager directory traversal attempt (server-webapp.rules) * 1:44506 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager directory traversal attempt (server-webapp.rules) * 1:44507 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager information disclosure attempt (server-webapp.rules) * 1:44508 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44509 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44511 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44512 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44513 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44515 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44517 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44518 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44519 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44526 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44527 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44528 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44529 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44530 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center DeviceService Java expression language injection attempt (server-webapp.rules) * 1:44531 <-> ENABLED <-> SERVER-APACHE Apache Tomcat remote JSP file upload attempt (server-apache.rules) * 1:44532 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44533 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44534 <-> DISABLED <-> SERVER-WEBAPP HP IMC wmiConfigContent Java expression language injection attempt (server-webapp.rules) * 1:44535 <-> DISABLED <-> SERVER-WEBAPP HP IMC wmiConfigContent Java expression language injection attempt (server-webapp.rules) * 1:44536 <-> DISABLED <-> SERVER-WEBAPP HP IMC wmiConfigContent Java expression language injection attempt (server-webapp.rules) * 1:44548 <-> DISABLED <-> BROWSER-IE Microsoft Edge webnote exit event css arbitrary file read attempt (browser-ie.rules) * 1:44549 <-> DISABLED <-> BROWSER-IE Microsoft Edge webnote exit event css arbitrary file read attempt (browser-ie.rules) * 1:44550 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules) * 1:44551 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF memory corruption attempt (file-image.rules) * 1:44552 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44553 <-> ENABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44561 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44562 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44565 <-> DISABLED <-> SERVER-WEBAPP Trend Micro SPS and IMS diagnostic.log session disclosure attempt (server-webapp.rules) * 1:44566 <-> DISABLED <-> SERVER-WEBAPP Wordpress Customizer directory traversal attempt (server-webapp.rules) * 1:44567 <-> DISABLED <-> SERVER-WEBAPP Wordpress Customizer directory traversal attempt (server-webapp.rules) * 1:44568 <-> DISABLED <-> SERVER-WEBAPP Wordpress Customizer directory traversal attempt (server-webapp.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44571 <-> ENABLED <-> SERVER-WEBAPP Trend Micro Mobile Security Enterprise web_service.dll SQL injection attempt (server-webapp.rules) * 1:44572 <-> ENABLED <-> SERVER-WEBAPP Trend Micro Mobile Security Enterprise web_service.dll SQL injection attempt (server-webapp.rules) * 1:44573 <-> ENABLED <-> SERVER-WEBAPP Trend Micro Mobile Security Enterprise web_service.dll SQL injection attempt (server-webapp.rules) * 1:44574 <-> DISABLED <-> SERVER-OTHER Ipass Client control pipe remote code execution attempt (server-other.rules) * 1:44575 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-create cross site request forgery attempt (server-webapp.rules) * 1:44576 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ arbitrary file upload attempt (server-other.rules) * 1:44577 <-> DISABLED <-> SERVER-OTHER Samsung Security Manager ActiveMQ cross site scripting attempt (server-other.rules) * 1:44578 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS HelpDesk App supportutils.php SQL injection attempt (server-webapp.rules) * 1:44579 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44580 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44581 <-> DISABLED <-> SERVER-OTHER TrendMicro OfficeScan LogonUser buffer overflow attempt (server-other.rules) * 1:44582 <-> ENABLED <-> SERVER-WEBAPP Trend Micro widget system authentication bypass attempt (server-webapp.rules) * 1:44583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44585 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:44586 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx object type confusion attempt (file-office.rules) * 1:44587 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules) * 1:44588 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan server side request forgery attempt (server-webapp.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44596 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for oci.dll over SMB attempt (file-office.rules) * 1:44597 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for iasdatastore2.dll over SMB attempt (file-office.rules) * 1:44598 <-> DISABLED <-> FILE-OFFICE Microsoft Office request for ociw32.dll over SMB attempt (file-office.rules) * 1:44599 <-> DISABLED <-> FILE-OFFICE Microsoft Office oci.dll dll-load exploit attempt (file-office.rules) * 1:446 <-> DISABLED <-> PROTOCOL-ICMP SKIP undefined code (protocol-icmp.rules) * 1:44600 <-> DISABLED <-> FILE-OFFICE Microsoft Office iasdatastore2.dll dll-load exploit attempt (file-office.rules) * 1:44601 <-> DISABLED <-> FILE-OFFICE Microsoft Office ociw32.dll dll-load exploit attempt (file-office.rules) * 1:44602 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SetItem use after free attempt (browser-ie.rules) * 1:44603 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SetItem use after free attempt (browser-ie.rules) * 1:44604 <-> DISABLED <-> SERVER-OTHER Novell eDirectory LDAP server buffer overflow attempt (server-other.rules) * 1:44607 <-> DISABLED <-> SERVER-WEBAPP HP IMC userSelectPagingContent Java expression language injection attempt (server-webapp.rules) * 1:44608 <-> DISABLED <-> SERVER-WEBAPP HP IMC userSelectPagingContent Java expression language injection attempt (server-webapp.rules) * 1:44609 <-> DISABLED <-> SERVER-WEBAPP HP IMC userSelectPagingContent Java expression language injection attempt (server-webapp.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44612 <-> DISABLED <-> INDICATOR-COMPROMISE VBscript downloader detected (indicator-compromise.rules) * 1:44613 <-> DISABLED <-> INDICATOR-COMPROMISE VBscript downloader detected (indicator-compromise.rules) * 1:44615 <-> DISABLED <-> INDICATOR-OBFUSCATION suspicious javascript deobfuscation calls attempt (indicator-obfuscation.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44623 <-> DISABLED <-> POLICY-OTHER EMC Autostart default domain login attempt (policy-other.rules) * 1:44628 <-> DISABLED <-> OS-WINDOWS Attempted DNSSEC NSEC3 buffer overflow attempt (os-windows.rules) * 1:44629 <-> DISABLED <-> OS-WINDOWS Attempted DNSSEC NSEC3 buffer overflow attempt (os-windows.rules) * 1:44630 <-> DISABLED <-> OS-WINDOWS Attempted DNSSEC NSEC3 buffer overflow attempt (os-windows.rules) * 1:44631 <-> DISABLED <-> SERVER-WEBAPP Wordpress plugin bbPress comment cross site scripting attempt (server-webapp.rules) * 1:44632 <-> DISABLED <-> SERVER-WEBAPP Wordpress content cross site scripting attempt (server-webapp.rules) * 1:44633 <-> DISABLED <-> SERVER-OTHER Colorado FTP Server directory traversal attempt (server-other.rules) * 1:44634 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 1:44635 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:44636 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:44637 <-> DISABLED <-> PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (protocol-rpc.rules) * 1:44638 <-> DISABLED <-> PROTOCOL-RPC Linux kernel nfsd nfsd4_layout_verify out of bounds read attempt (protocol-rpc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44640 <-> DISABLED <-> POLICY-OTHER WPA2 key reuse tool attempt (policy-other.rules) * 1:44641 <-> DISABLED <-> POLICY-OTHER SERVER-WEBAPP Symantec Endpoint Protection Manager authentication lock bypass attempt (policy-other.rules) * 1:44642 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center getSelInsBean Java expression language injection attempt (server-webapp.rules) * 1:44643 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS denial of service attempt (server-other.rules) * 1:44644 <-> DISABLED <-> SERVER-WEBAPP pSys index.php shownews parameter SQL injection attempt (server-webapp.rules) * 1:44645 <-> DISABLED <-> SERVER-WEBAPP pSys index.php shownews parameter SQL injection attempt (server-webapp.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:44647 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44648 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44649 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB2 transfer attempt (malware-other.rules) * 1:44650 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SMB transfer attempt (malware-other.rules) * 1:44651 <-> DISABLED <-> NETBIOS SMB NTLMSSP authentication brute force attempt (netbios.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44655 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet dropper (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44658 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup storage API command injection attempt (server-webapp.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 1:44660 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 command execution attempt (server-other.rules) * 1:44661 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:44662 <-> DISABLED <-> SERVER-OTHER D-Link DIR-300 and DIR-600 information disclosure attempt (server-other.rules) * 1:44663 <-> DISABLED <-> SERVER-OTHER Mikrotik RouterOS SNMP security bypass attempt (server-other.rules) * 1:44664 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows shell.application object ShellExecute attempt (browser-plugins.rules) * 1:44665 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44666 <-> DISABLED <-> SERVER-OTHER Easy Chat Server buffer overflow attempt (server-other.rules) * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules) * 1:44668 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules) * 1:44669 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:44670 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules) * 1:44675 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules) * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules) * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:44682 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules) * 1:44683 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules) * 1:44684 <-> DISABLED <-> SERVER-WEBAPP Kaltura userzone cookie PHP object injection attempt (server-webapp.rules) * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules) * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules) * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules) * 1:44692 <-> DISABLED <-> INDICATOR-OBFUSCATION CoinHive cryptocurrency mining attempt (indicator-obfuscation.rules) * 1:44693 <-> DISABLED <-> INDICATOR-OBFUSCATION CoinHive cryptocurrency mining attempt (indicator-obfuscation.rules) * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules) * 1:44696 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess MSRPC server integer overflow attempt (server-other.rules) * 1:44697 <-> DISABLED <-> MALWARE-CNC SquirrelMail directory traversal attempt (malware-cnc.rules) * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules) * 1:44700 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44701 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules) * 1:44703 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44704 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44705 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44706 <-> DISABLED <-> POLICY-OTHER Apache OpenOffice malicious macro exploitation attempt (policy-other.rules) * 1:44715 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:44716 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44717 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Collector process remote start attempt (server-other.rules) * 1:44718 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44719 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44720 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate arbitrary file write attempt (server-other.rules) * 1:44721 <-> DISABLED <-> SERVER-OTHER Oracle GoldenGate Manager process arbitrary file execution attempt (server-other.rules) * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules) * 1:44729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44730 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer script action handler buffer overflow attempt (browser-ie.rules) * 1:44731 <-> DISABLED <-> SERVER-WEBAPP Tuleap getRecentElements PHP object injection attempt (server-webapp.rules) * 1:44732 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MC-WorkX ActiveX clsid access attempt (browser-plugins.rules) * 1:44733 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi MC-WorkX ActiveX clsid access attempt (browser-plugins.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44736 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules) * 1:44737 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer saveHistory use after free attempt (browser-ie.rules) * 1:44738 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror/Grandsoft/Magnitude exploit kit landing page detected (exploit-kit.rules) * 1:44739 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44740 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44741 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44742 <-> DISABLED <-> SERVER-OTHER Novell GroupWise HTTP interface arbitrary file retrieval attempt (server-other.rules) * 1:44743 <-> DISABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:44744 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:44745 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:44746 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:44747 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:44748 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:44749 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules) * 1:44751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:44752 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:44754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:44755 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:44756 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (server-other.rules) * 1:44757 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44758 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44759 <-> DISABLED <-> FILE-OTHER LibYAML yaml_parser_scan_uri_escapes heap buffer overflow attempt (file-other.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44764 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple editusertag.php arbitrary PHP code execution attempt (server-webapp.rules) * 1:44765 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple addgroup.php cross site scripting attempt (server-webapp.rules) * 1:44766 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple addgroup.php cross site scripting attempt (server-webapp.rules) * 1:44767 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server cm_agent.php command injection attempt (server-webapp.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44783 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44784 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44785 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44786 <-> ENABLED <-> FILE-IDENTIFY UltraPlayer USK file buffer overflow attempt (file-identify.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44790 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS cross site request forgery attempt (server-webapp.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:44792 <-> DISABLED <-> SERVER-WEBAPP Node.js V8 Debugging Protocol command injection attempt (server-webapp.rules) * 1:44793 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules) * 1:44794 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 codestream memory corruption attempt (file-pdf.rules) * 1:44795 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:44796 <-> DISABLED <-> FILE-OFFICE Hewlett-Packard Autonomy KeyView library stack-based buffer overflow attempt (file-office.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:448 <-> DISABLED <-> PROTOCOL-ICMP Source Quench undefined code (protocol-icmp.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44808 <-> DISABLED <-> INDICATOR-COMPROMISE Apache HTTP Server possible mod_dav.c remote denial of service vulnerability attempt (indicator-compromise.rules) * 1:44809 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44810 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44811 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44812 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44813 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine memory corruption attempt (browser-ie.rules) * 1:44814 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine memory corruption attempt (browser-ie.rules) * 1:44815 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:44816 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:44817 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44818 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44819 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44820 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44821 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:44822 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:44823 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript Join out of bounds memory access attempt (browser-ie.rules) * 1:44824 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript Join out of bounds memory access attempt (browser-ie.rules) * 1:44825 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:44826 <-> DISABLED <-> OS-WINDOWS Microsoft Edge out of bounds write attempt (os-windows.rules) * 1:44827 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44828 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44829 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array memory corruption attempt (browser-ie.rules) * 1:44830 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array memory corruption attempt (browser-ie.rules) * 1:44831 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44832 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44833 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44834 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44838 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:44839 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF memory corruption attempt (file-office.rules) * 1:44843 <-> DISABLED <-> BROWSER-IE Microsoft Edge Uint8Array memory corruption attempt (browser-ie.rules) * 1:44844 <-> DISABLED <-> BROWSER-IE Microsoft Edge Uint8Array memory corruption attempt (browser-ie.rules) * 1:44845 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:44846 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:44853 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:44854 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:44856 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:44857 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:44859 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44860 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44861 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:44862 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:44864 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:44865 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer OLE auto-open attempt (indicator-compromise.rules) * 1:44866 <-> DISABLED <-> SERVER-WEBAPP Xplico decoding manager daemon command injection attempt (server-webapp.rules) * 1:44871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44872 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44873 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:44874 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:44875 <-> ENABLED <-> INDICATOR-COMPROMISE Malicious VBA script detected (indicator-compromise.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:44878 <-> DISABLED <-> SERVER-OTHER Mako Web Server arbitrary file upload attempt (server-other.rules) * 1:44879 <-> DISABLED <-> SERVER-OTHER ISC BIND 9 DNS rdata length handling remote denial of service attempt (server-other.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44881 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44882 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44883 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44884 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:44887 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44889 <-> DISABLED <-> PUA-TOOLBARS WidgiToolbar toolbar runtime detection (pua-toolbars.rules) * 1:44890 <-> DISABLED <-> SERVER-OTHER Apache CouchDB remote privilege escalation attempt (server-other.rules) * 1:44891 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44893 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44894 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:449 <-> DISABLED <-> PROTOCOL-ICMP Time-To-Live Exceeded in Transit (protocol-icmp.rules) * 1:44900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44904 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44905 <-> DISABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:44906 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44907 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javscript use after free attempt (file-pdf.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44912 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44913 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44914 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44915 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PrintParams out of bounds array index attempt (file-pdf.rules) * 1:44916 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44917 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44918 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44919 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44920 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusRectF out of bounds read attempt (file-other.rules) * 1:44921 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44922 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44923 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44924 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44925 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44926 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44928 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44930 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44931 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44932 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file embedded JPEG invalid SOS data memory corruption attempt (file-other.rules) * 1:44933 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44934 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44935 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44936 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:44937 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44938 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44939 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44940 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44941 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44942 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader FDF file security bypass attempt (file-other.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:44949 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44950 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44953 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44954 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44955 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44956 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44957 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44958 <-> DISABLED <-> FILE-PDF Adobe Acrobat malformed XObject use after free attempt (file-pdf.rules) * 1:44959 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44960 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44961 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44962 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44963 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44965 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44966 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44967 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44968 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44970 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44971 <-> DISABLED <-> SERVER-OTHER QNAP transcode server command injection attempt (server-other.rules) * 1:44972 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection (malware-cnc.rules) * 1:44973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection (malware-cnc.rules) * 1:44974 <-> DISABLED <-> SERVER-OTHER Cisco IOS Smart Install identification attempt (server-other.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:44976 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44977 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:44979 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44980 <-> DISABLED <-> FILE-PDF Foxit Reader util printf information disclosure attempt (file-pdf.rules) * 1:44981 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44982 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Kristina encryption over SMB attempt (malware-other.rules) * 1:44983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44985 <-> DISABLED <-> SERVER-OTHER Galil RIO-47100 denial of service attempt (server-other.rules) * 1:44987 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44988 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44989 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44990 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules) * 1:44992 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules) * 1:44993 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules) * 1:44994 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules) * 1:44995 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules) * 1:44996 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44999 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules) * 1:450 <-> DISABLED <-> PROTOCOL-ICMP Time-To-Live Exceeded in Transit undefined code (protocol-icmp.rules) * 1:45000 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules) * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules) * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules) * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules) * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules) * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:45052 <-> DISABLED <-> SERVER-WEBAPP Wordpress wpdb prepare sprintf placeholder SQL injection attempt (server-webapp.rules) * 1:45058 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45059 <-> DISABLED <-> FILE-OTHER Microsoft Windows UAC bypass attempt (file-other.rules) * 1:45060 <-> DISABLED <-> SERVER-WEBAPP pfSense system_groupmanager.php command injection attempt (server-webapp.rules) * 1:45061 <-> DISABLED <-> SERVER-WEBAPP Wordpress User History plugin cross site scripting attempt (server-webapp.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45066 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45067 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45068 <-> DISABLED <-> SERVER-OTHER Oracle Identity Manager default login attempt (server-other.rules) * 1:45069 <-> DISABLED <-> SERVER-SAMBA Samba write andx command memory leak attempt (server-samba.rules) * 1:45070 <-> DISABLED <-> SERVER-SAMBA Samba write and close command memory leak attempt (server-samba.rules) * 1:45071 <-> DISABLED <-> SERVER-SAMBA Samba write and unlock command memory leak attempt (server-samba.rules) * 1:45072 <-> DISABLED <-> SERVER-SAMBA Samba write command memory leak attempt (server-samba.rules) * 1:45073 <-> DISABLED <-> SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt (server-webapp.rules) * 1:45074 <-> ENABLED <-> SERVER-SAMBA Samba unsigned connections attempt (server-samba.rules) * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45078 <-> DISABLED <-> SERVER-WEBAPP TP-Link WR1043ND router cross site request forgery attempt (server-webapp.rules) * 1:45079 <-> DISABLED <-> SERVER-WEBAPP TP-Link WR1043ND router cross site request forgery attempt (server-webapp.rules) * 1:45080 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror malicious flash file load attempt (exploit-kit.rules) * 1:45081 <-> DISABLED <-> SERVER-OTHER Geutebrueck GCore web server buffer overflow attempt (server-other.rules) * 1:45082 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails log file manipulation attempt (server-webapp.rules) * 1:45083 <-> DISABLED <-> SERVER-APACHE Apache Solr RunExecutableListener arbitrary command execution attempt (server-apache.rules) * 1:45084 <-> DISABLED <-> SERVER-APACHE Apache Solr xmlparser external doctype or entity expansion attempt (server-apache.rules) * 1:45085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:45093 <-> DISABLED <-> SERVER-WEBAPP Apache Archiva XML server side request forgery attempt (server-webapp.rules) * 1:45094 <-> DISABLED <-> SERVER-WEBAPP MediaWiki arbitrary file write attempt (server-webapp.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:451 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Reply (protocol-icmp.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:45101 <-> DISABLED <-> PROTOCOL-SCADA vxworks rpc credential flavor integer overflow device crash attempt (protocol-scada.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:45107 <-> DISABLED <-> SERVER-OTHER Fatek Automation PLC WinProladder buffer overflow attempt (server-other.rules) * 1:45108 <-> DISABLED <-> PROTOCOL-RPC XDR string allocation denial of service attempt (protocol-rpc.rules) * 1:45109 <-> DISABLED <-> SERVER-WEBAPP OrientDB remote code execution attempt (server-webapp.rules) * 1:45110 <-> DISABLED <-> SERVER-WEBAPP OrientDB privilege escalation attempt (server-webapp.rules) * 1:45111 <-> DISABLED <-> SERVER-WEBAPP OrientDB database query attempt (server-webapp.rules) * 1:45112 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:45113 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:45115 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45116 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45118 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45119 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45123 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:45124 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:45125 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:45126 <-> DISABLED <-> FILE-OTHER Adobe Shockwave newModel memory disclosure attempt (file-other.rules) * 1:45127 <-> DISABLED <-> BROWSER-FIREFOX Mozilla SSL certificate spoofing attempt (browser-firefox.rules) * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45133 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45134 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45135 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45136 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit PowerShell CLI Download and Run attempt (indicator-compromise.rules) * 1:45137 <-> ENABLED <-> INDICATOR-COMPROMISE Metasploit run hidden powershell attempt (indicator-compromise.rules) * 1:45138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45139 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45140 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45141 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45144 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45147 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45150 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45151 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45152 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45153 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft MsMpEng shrink compressed zip code execution attempt (indicator-compromise.rules) * 1:45154 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:45155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45157 <-> DISABLED <-> SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt (server-other.rules) * 1:45160 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45161 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45163 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45164 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 3 dump request attempt (policy-other.rules) * 1:45165 <-> DISABLED <-> POLICY-OTHER RPC Portmapper version 2 dump request attempt (policy-other.rules) * 1:45166 <-> DISABLED <-> POLICY-OTHER RPC Portmapper getstat request attempt (policy-other.rules) * 1:45167 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45168 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45170 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules) * 1:45175 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:45176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45185 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:45186 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules) * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules) * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45191 <-> DISABLED <-> PROTOCOL-TELNET TippingPoint IPS telnet login failure xss attempt (protocol-telnet.rules) * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:45195 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45196 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45197 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules) * 1:45198 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess dcerpc service opcode 80061 stack buffer overflow attempt (server-other.rules) * 1:45199 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:452 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Reply undefined code (protocol-icmp.rules) * 1:45200 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45202 <-> DISABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:45203 <-> DISABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:45204 <-> DISABLED <-> SERVER-WEBAPP ActiveCalendar css cross site scripting attempt (server-webapp.rules) * 1:45205 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express DtbClsLogin buffer overflow attempt (server-other.rules) * 1:45206 <-> DISABLED <-> BROWSER-FIREFOX Multiple browser pressure function denial of service attempt (browser-firefox.rules) * 1:45207 <-> DISABLED <-> PROTOCOL-SCADA WelinTech Kingview History Server denial of service attempt (protocol-scada.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45211 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45213 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45214 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules) * 1:45215 <-> DISABLED <-> FILE-OTHER Microsoft Word DDEauto code execution attempt (file-other.rules) * 1:45218 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead CGI information disclosure attempt (server-webapp.rules) * 1:45219 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead LD_preload code execution attempt (server-webapp.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45226 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:45235 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall router.php XML attribute injection attempt (server-webapp.rules) * 1:45236 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (server-webapp.rules) * 1:45237 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules) * 1:45238 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45240 <-> DISABLED <-> SERVER-WEBAPP OpenEMR fax_dispatch.php command injection attempt (server-webapp.rules) * 1:45241 <-> DISABLED <-> SERVER-WEBAPP Multiple IP cameras format string exploitation attempt (server-webapp.rules) * 1:45242 <-> DISABLED <-> SERVER-WEBAPP Multiple IP cameras format string exploitation attempt (server-webapp.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45249 <-> DISABLED <-> SERVER-WEBAPP UAParser.js library regular expression denial of service attempt (server-webapp.rules) * 1:45250 <-> ENABLED <-> SERVER-WEBAPP Delta IEM DIAEnergie file upload attempt (server-webapp.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 1:45254 <-> DISABLED <-> SERVER-OTHER Polycom HDX Series remote code execution attempt (server-other.rules) * 1:45255 <-> ENABLED <-> SERVER-SAMBA Samba tree connect andx memory corruption attempt (server-samba.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45258 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45259 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:45261 <-> DISABLED <-> SERVER-WEBAPP Vivotek IP Cameras remote stack buffer overflow attempt (server-webapp.rules) * 1:45262 <-> DISABLED <-> SERVER-WEBAPP Google App Engine open redirect attempt (server-webapp.rules) * 1:45263 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple server side template injection attempt (server-webapp.rules) * 1:45264 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple server side template injection attempt (server-webapp.rules) * 1:45265 <-> ENABLED <-> POLICY-OTHER cryptomining javascript client detected (policy-other.rules) * 1:45266 <-> ENABLED <-> POLICY-OTHER CoinHive Miner client detected (policy-other.rules) * 1:45267 <-> ENABLED <-> POLICY-OTHER CoinHive Miner Javascript library download detected (policy-other.rules) * 1:45268 <-> ENABLED <-> POLICY-OTHER CoinHive Miner client detected (policy-other.rules) * 1:45269 <-> DISABLED <-> SERVER-OTHER Apache CouchDB remote code execution attempt (server-other.rules) * 1:45270 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45271 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45272 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45273 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45274 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45275 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45276 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45277 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45278 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45279 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45280 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45281 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45282 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45283 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45284 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45285 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45286 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45287 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45288 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45289 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45290 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45291 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45292 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45293 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45294 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45295 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45296 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45297 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45298 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45299 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:453 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Request (protocol-icmp.rules) * 1:45300 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45301 <-> DISABLED <-> BROWSER-PLUGINS UCanCode ActiveX clsid access attempt (browser-plugins.rules) * 1:45302 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:45303 <-> DISABLED <-> BROWSER-OTHER Multiple browser long unicode string denial of service attempt (browser-other.rules) * 1:45304 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:45305 <-> DISABLED <-> FILE-IMAGE Qt library BMP image parser heap overflow exploit attempt (file-image.rules) * 1:45306 <-> DISABLED <-> FILE-IMAGE Qt library BMP image parser heap overflow exploit attempt (file-image.rules) * 1:45307 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:45308 <-> DISABLED <-> SERVER-WEBAPP Axis Communications CGI Parser information disclosure attempt (server-webapp.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45311 <-> DISABLED <-> POLICY-OTHER Vicon Security and Infinova IP cameras IP filer state change (policy-other.rules) * 1:45312 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules) * 1:45313 <-> DISABLED <-> SERVER-WEBAPP Vicon Security and Infinova filterIp command injection attempt (server-webapp.rules) * 1:45314 <-> ENABLED <-> SERVER-WEBAPP Beijing Hanbang Hanbanggaoke IP camera admin password change attempt (server-webapp.rules) * 1:45315 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:45316 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:45317 <-> DISABLED <-> SERVER-WEBAPP Chipmunk Guestbook cross site scripting attempt (server-webapp.rules) * 1:45318 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45319 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules) * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules) * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules) * 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules) * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules) * 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules) * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules) * 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules) * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules) * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules) * 1:45330 <-> DISABLED <-> SERVER-WEBAPP raSMP User-Agent XSS injection attempt (server-webapp.rules) * 1:45331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45342 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45346 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45347 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45348 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:45349 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:45350 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithClassLoaders method call attempt (file-java.rules) * 1:45351 <-> DISABLED <-> FILE-JAVA IBM Java invokeWithPrivilege method call attempt (file-java.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:45353 <-> DISABLED <-> SERVER-APACHE Sling framework information disclosure attempt (server-apache.rules) * 1:45354 <-> DISABLED <-> BROWSER-OTHER Apple Safari javascript mutlibyte character escaping denial of service attempt (browser-other.rules) * 1:45355 <-> DISABLED <-> BROWSER-OTHER Apple Safari javascript mutlibyte character escaping denial of service attempt (browser-other.rules) * 1:45356 <-> DISABLED <-> FILE-FLASH Adobe Flash Player null pointer dereference attempt (file-flash.rules) * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45369 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45372 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server admin_update_program.php command injection attempt (server-webapp.rules) * 1:45373 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server directory traversal attempt (server-webapp.rules) * 1:45374 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45375 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45376 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45377 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45378 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45379 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45380 <-> DISABLED <-> SERVER-OTHER Sixnet SixView Manager directory traversal attempt (server-other.rules) * 1:45381 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:45382 <-> DISABLED <-> SERVER-WEBAPP Huawei router command injection attempt (server-webapp.rules) * 1:45383 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45384 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45385 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45386 <-> DISABLED <-> OS-OTHER Mac OS X setuid privilege esclatation exploit attempt (os-other.rules) * 1:45387 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:45388 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:45389 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:45390 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:45391 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45392 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45393 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd buffer overflow attempt (server-other.rules) * 1:45394 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd denial of service attempt (server-other.rules) * 1:45395 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45396 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45397 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:45398 <-> DISABLED <-> PUA-ADWARE Osx.Adware.SurfBuyer adware outbound connection detected (pua-adware.rules) * 1:45399 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:454 <-> DISABLED <-> PROTOCOL-ICMP Timestamp Request undefined code (protocol-icmp.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:45401 <-> ENABLED <-> SERVER-WEBAPP Fortinet FortiOS redir parameter cross site scripting attempt (server-webapp.rules) * 1:45402 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:45403 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word memory corruption exploit attempt (file-office.rules) * 1:45404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45406 <-> DISABLED <-> SERVER-WEBAPP Possible Phpmyadmin CSRF exploitation attempt (server-webapp.rules) * 1:45407 <-> ENABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi backdoor account access attempt (server-webapp.rules) * 1:45408 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules) * 1:45409 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules) * 1:45410 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud nas_sharing.cgi command injection attempt (server-webapp.rules) * 1:45411 <-> DISABLED <-> POLICY-OTHER TrendMicro ServerProtect server configuration file download detected (policy-other.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules) * 1:45413 <-> DISABLED <-> SERVER-WEBAPP Hikvision IP camera admin authentication attempt (server-webapp.rules) * 1:45414 <-> DISABLED <-> SERVER-WEBAPP DotNetNuke DNNPersonalization remote code execution attempt (server-webapp.rules) * 1:45415 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45416 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45417 <-> DISABLED <-> POLICY-OTHER Stratum mining protocol outbound connection attempt (policy-other.rules) * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules) * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules) * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules) * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules) * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules) * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules) * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules) * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules) * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules) * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules) * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules) * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules) * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules) * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules) * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules) * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules) * 1:45455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45456 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D network_ssl_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45457 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D cslog_export.php arbitrary file read attempt (server-webapp.rules) * 1:45458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45459 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45460 <-> DISABLED <-> PROTOCOL-FTP Multiple products FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45461 <-> DISABLED <-> PROTOCOL-FTP Multiple products FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45462 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45463 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45466 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45467 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45474 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45475 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45479 <-> ENABLED <-> SERVER-WEBAPP Western Digital MyCloud multi_uploadify.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45480 <-> DISABLED <-> SERVER-WEBAPP Cambium cnPilot r200/r201 directory traversal attempt (server-webapp.rules) * 1:45481 <-> DISABLED <-> SERVER-WEBAPP Cambium cnPilot r200/r201 directory traversal attempt (server-webapp.rules) * 1:45482 <-> DISABLED <-> SERVER-WEBAPP Cambium cnPilot r200/r201 directory traversal attempt (server-webapp.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:45484 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Samsam propagation via SMB transfer attempt (malware-other.rules) * 1:45485 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Samsam propagation via SMB2 transfer attempt (malware-other.rules) * 1:45486 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Samsam upload attempt (malware-other.rules) * 1:45491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word PlfLfo use after free attempt (file-office.rules) * 1:45493 <-> DISABLED <-> SERVER-WEBAPP Seagate Personal Cloud getLogs.psp command injection attempt (server-webapp.rules) * 1:45494 <-> DISABLED <-> SERVER-WEBAPP Seagate Personal Cloud uploadTelemetry.psp command injection attempt (server-webapp.rules) * 1:45495 <-> DISABLED <-> SERVER-WEBAPP Seagate Personal Cloud getLogs.psp command injection attempt (server-webapp.rules) * 1:45496 <-> DISABLED <-> SERVER-WEBAPP Seagate Personal Cloud uploadTelemetry.psp command injection attempt (server-webapp.rules) * 1:45497 <-> DISABLED <-> SERVER-WEBAPP Cambium ePMP and cnPilot command execution attempt (server-webapp.rules) * 1:45498 <-> DISABLED <-> SERVER-WEBAPP Cambium ePMP and cnPilot command execution attempt (server-webapp.rules) * 1:45499 <-> DISABLED <-> SERVER-OTHER ISC DHCPD remote denial of service attempt (server-other.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45508 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:45509 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:45511 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor Package objclass RTF evasion attempt (file-office.rules) * 1:45512 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor Package objclass RTF evasion attempt (file-office.rules) * 1:45513 <-> DISABLED <-> SERVER-OTHER OpenLDAP zero size PagedResultsControl denial of service attempt (server-other.rules) * 1:45514 <-> DISABLED <-> BROWSER-IE toStaticHTML CSS import XSS exploit attempt (browser-ie.rules) * 1:45515 <-> ENABLED <-> NETBIOS SMB SESSION_SETUP subcommand detected (netbios.rules) * 1:45516 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:45517 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:45518 <-> DISABLED <-> POLICY-OTHER Remote Desktop weak 40-bit RC4 encryption use attempt (policy-other.rules) * 1:45519 <-> ENABLED <-> INDICATOR-COMPROMISE Microsoft Word internal object auto update attempt (indicator-compromise.rules) * 1:45520 <-> ENABLED <-> INDICATOR-COMPROMISE Microsoft Word internal object auto update attempt (indicator-compromise.rules) * 1:45523 <-> DISABLED <-> SERVER-OTHER Magneto CE and EE PHP objection injection attempt (server-other.rules) * 1:45526 <-> DISABLED <-> SERVER-WEBAPP AsusWRT vpnupload.cgi unauthenticated NVRAM configuration modification attempt (server-webapp.rules) * 1:45527 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45528 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45529 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45530 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45531 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45532 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45533 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:45534 <-> DISABLED <-> FILE-OTHER Ghostscript rsdparams type confusion attempt (file-other.rules) * 1:45535 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45536 <-> DISABLED <-> FILE-OTHER Ghostscript eqproc type confusion attempt (file-other.rules) * 1:45537 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services heap underflow exploit attempt (server-other.rules) * 1:45538 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services heap underflow exploit attempt (server-other.rules) * 1:45539 <-> DISABLED <-> SERVER-OTHER Mozilla Network Security Services heap underflow exploit attempt (server-other.rules) * 1:45540 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server mdsys.md2.sdo_code_size buffer overflow attempt (server-oracle.rules) * 1:45541 <-> DISABLED <-> FILE-OTHER WinAce TAR file directory traversal attempt (file-other.rules) * 1:45542 <-> DISABLED <-> FILE-OTHER WinAce TAR file directory traversal attempt (file-other.rules) * 1:45543 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:45544 <-> DISABLED <-> FILE-OTHER WinAce RAR file directory traversal attempt (file-other.rules) * 1:45545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.SHLayer variant outbound connection (malware-cnc.rules) * 1:45546 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45547 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45548 <-> ENABLED <-> FILE-EXECUTABLE Win.Trojan.CoinMiner attempted download (file-executable.rules) * 1:45549 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency mining pool connection attempt (pua-other.rules) * 1:45550 <-> ENABLED <-> PUA-OTHER CPUMiner-Multi cryptocurrency mining pool connection attempt (pua-other.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45553 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules) * 1:45554 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules) * 1:45555 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS jsproxy readPostData memory corruption attempt (server-webapp.rules) * 1:45556 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 1:45557 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 1:45558 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules) * 1:45559 <-> DISABLED <-> FILE-OTHER Multiple products XML Import Command buffer overflow attempt (file-other.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45565 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif variant download attempt (malware-other.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45568 <-> DISABLED <-> SERVER-SAMBA Samba LDAP Server libldb denial of service attempt (server-samba.rules) * 1:45569 <-> DISABLED <-> SERVER-WEBAPP Squid host header cache poisoning attempt (server-webapp.rules) * 1:45570 <-> DISABLED <-> SERVER-WEBAPP HP Moonshot Provisioning Manager Appliance khuploadfile.cgi directory traversal attempt (server-webapp.rules) * 1:45571 <-> DISABLED <-> SERVER-OTHER Commvault Communications Service command injection attempt (server-other.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45576 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Function focus overflow attempt (browser-firefox.rules) * 1:45577 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45578 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45579 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45580 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP invite request denial of service attempt (protocol-voip.rules) * 1:45581 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP options request denial of service attempt (protocol-voip.rules) * 1:45582 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP subscribe request denial of service attempt (protocol-voip.rules) * 1:45583 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45584 <-> DISABLED <-> PROTOCOL-VOIP Mr.SIP SIP servers discovery attempt (protocol-voip.rules) * 1:45585 <-> DISABLED <-> SERVER-WEBAPP PMSotware Simple Web Server connection header buffer overflow attempt (server-webapp.rules) * 1:45586 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (file-multimedia.rules) * 1:45587 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45588 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45589 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45590 <-> DISABLED <-> SERVER-OTHER Firefly Media Server malformed HTTP request denial of service attempt (server-other.rules) * 1:45591 <-> DISABLED <-> PROTOCOL-FTP LabF nfsAxe FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45592 <-> DISABLED <-> SERVER-WEBAPP Cambium cnPilot r200 and r201 configuration file download attempt (server-webapp.rules) * 1:45593 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45595 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45598 <-> ENABLED <-> SERVER-OTHER Wordpress CMS platform denial of service attempt (server-other.rules) * 1:456 <-> DISABLED <-> PROTOCOL-ICMP Traceroute (protocol-icmp.rules) * 1:45601 <-> DISABLED <-> SERVER-WEBAPP Cambium ePMP 1000 admin account password reset attempt (server-webapp.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:45611 <-> DISABLED <-> PROTOCOL-SNMP Cambium cnPilot SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:45612 <-> DISABLED <-> PROTOCOL-TFTP WRITE long filename attempt (protocol-tftp.rules) * 1:45613 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45614 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45615 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45616 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45617 <-> ENABLED <-> SERVER-WEBAPP HP IMC WebDM arbitrary Java object deserialization attempt (server-webapp.rules) * 1:45618 <-> DISABLED <-> PROTOCOL-SNMP Cambium ePMP SNMP request with read-only community string attempt (protocol-snmp.rules) * 1:45619 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:45620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:45624 <-> ENABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:45625 <-> ENABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:45626 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:45627 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:45628 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45629 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45630 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:45631 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS privilege escalation attempt (file-other.rules) * 1:45632 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free win32kbase.sys privilege escalation attempt (os-windows.rules) * 1:45633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free win32kbase.sys privilege escalation attempt (os-windows.rules) * 1:45634 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free win32kbase.sys privilege escalation attempt (os-windows.rules) * 1:45635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows use after free win32kbase.sys privilege escalation attempt (os-windows.rules) * 1:45636 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45637 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45638 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45639 <-> DISABLED <-> SERVER-MAIL SqWebMail print_header_ua cross site scripting attempt (server-mail.rules) * 1:45640 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45641 <-> DISABLED <-> POLICY-OTHER Possible Cisco IOS upgrade attempt (policy-other.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:45644 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:45645 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:45647 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Lazarus initial download (malware-cnc.rules) * 1:45648 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Lazarus initial download (malware-cnc.rules) * 1:45649 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (os-windows.rules) * 1:45650 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (os-windows.rules) * 1:45651 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vermin outbound connection attempt (malware-cnc.rules) * 1:45654 <-> ENABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:45655 <-> ENABLED <-> FILE-OFFICE Microsoft Office remote code execution attempt (file-office.rules) * 1:45656 <-> ENABLED <-> OS-WINDOWS Microsoft Windows HIDPARSE.sys memory corruption attempt (os-windows.rules) * 1:45657 <-> ENABLED <-> OS-WINDOWS Microsoft Windows HIDPARSE.sys memory corruption attempt (os-windows.rules) * 1:45658 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45659 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45660 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45661 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:45662 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:45663 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF EmfPlustDrawImagePoints out of bounds read attempt (file-other.rules) * 1:45664 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF EmfPlustDrawImagePoints out of bounds read attempt (file-other.rules) * 1:45665 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45666 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45667 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45668 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45669 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45670 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45671 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45672 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded TIFF heap overflow attempt (file-other.rules) * 1:45673 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer localeCompare use after free attempt (browser-ie.rules) * 1:45674 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer localeCompare use after free attempt (browser-ie.rules) * 1:45675 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45676 <-> DISABLED <-> SERVER-WEBAPP PHP php_mime_split multipart file upload buffer overflow attempt (server-webapp.rules) * 1:45677 <-> ENABLED <-> SERVER-WEBAPP HP IMC mibBrowser arbitrary Java object deserialization attempt (server-webapp.rules) * 1:45678 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules) * 1:45679 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules) * 1:45680 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules) * 1:45681 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:45683 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45684 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:45685 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro BMP out of bounds read attempt (file-image.rules) * 1:45686 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:45687 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro embedded JPEG out of bounds read attempt (file-other.rules) * 1:45688 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess SQL injection attempt (server-webapp.rules) * 1:45691 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro tiff parser out of bounds read attempt (file-other.rules) * 1:45692 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro tiff parser out of bounds read attempt (file-other.rules) * 1:45693 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK denial of service attempt (server-other.rules) * 1:45694 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GandCrab outbound connection (malware-cnc.rules) * 1:45695 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript XFA engine use after free attempt (file-pdf.rules) * 1:45696 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript XFA engine use after free attempt (file-pdf.rules) * 1:457 <-> DISABLED <-> PROTOCOL-ICMP Traceroute undefined code (protocol-icmp.rules) * 1:45719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader OCG heap overflow attempt (file-pdf.rules) * 1:45721 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45722 <-> DISABLED <-> SERVER-WEBAPP Ulterius web server directory traversal attempt (server-webapp.rules) * 1:45723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45724 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader byte order mark out of bounds read attempt (file-pdf.rules) * 1:45732 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45733 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45734 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45735 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:45736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 decoder use after free attempt (file-pdf.rules) * 1:45738 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed data channel authentication message denial of service attempt (server-other.rules) * 1:45739 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash potential exploit download attempt (indicator-compromise.rules) * 1:45740 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash potential exploit download attempt (indicator-compromise.rules) * 1:45741 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash potential exploit download attempt (indicator-compromise.rules) * 1:45742 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash potential exploit download attempt (indicator-compromise.rules) * 1:45743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45745 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45746 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45747 <-> DISABLED <-> SERVER-OTHER CloudMe Sync Client stack buffer overflow attempt (server-other.rules) * 1:45748 <-> ENABLED <-> SERVER-WEBAPP HP IMC TopoMsgServlet arbitrary Java object deserialization attempt (server-webapp.rules) * 1:45749 <-> ENABLED <-> SERVER-WEBAPP PHPUnit PHP remote code execution attempt (server-webapp.rules) * 1:45754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saturn initial download (malware-cnc.rules) * 1:45755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saturn initial download (malware-cnc.rules) * 1:45756 <-> DISABLED <-> SERVER-OTHER Squid HTTP Accept Encoding response header denial of service attempt (server-other.rules) * 1:45757 <-> DISABLED <-> SERVER-OTHER Squid HTTP Vary response header denial of service attempt (server-other.rules) * 1:45758 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View guest login attempt (policy-other.rules) * 1:45759 <-> DISABLED <-> POLICY-OTHER AutomationDirect Point Of View built-in function WebGetFile usage attempt (policy-other.rules) * 1:45760 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:45761 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:45762 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:45763 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:45764 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:45765 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:45766 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:45767 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink ImageBitmap integer overflow attempt (browser-chrome.rules) * 1:45768 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize integer overflow attempt (server-webapp.rules) * 1:45769 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize integer overflow attempt (server-webapp.rules) * 1:45770 <-> DISABLED <-> POLICY-OTHER Polycom VoIP config download attempt (policy-other.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:45774 <-> DISABLED <-> SERVER-WEBAPP HP IMC operatorGroupSelectContent Java expression language injection attempt (server-webapp.rules) * 1:45775 <-> DISABLED <-> SERVER-WEBAPP HP IMC operatorGroupSelectContent Java expression language injection attempt (server-webapp.rules) * 1:45776 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:45777 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file malformed Source attribute buffer overflow attempt (file-other.rules) * 1:45778 <-> ENABLED <-> SERVER-OTHER Jackson databind deserialization remote code execution attempt (server-other.rules) * 1:45779 <-> ENABLED <-> SERVER-OTHER Jackson databind deserialization remote code execution attempt (server-other.rules) * 1:45780 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45781 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out of bounds read attempt (file-other.rules) * 1:45782 <-> ENABLED <-> FILE-OTHER EMF EmrText object out of bounds read attempt (file-other.rules) * 1:45783 <-> ENABLED <-> FILE-OTHER EMF EmrText object out of bounds read attempt (file-other.rules) * 1:45784 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45785 <-> DISABLED <-> FILE-PDF Adobe Reader annotation object out of bounds read attempt (file-pdf.rules) * 1:45786 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45787 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45788 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules) * 1:45789 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-image.rules) * 1:45790 <-> ENABLED <-> SERVER-WEBAPP Jenkins Java SignedObject deserialization command execution attempt (server-webapp.rules) * 1:45791 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values attempt (file-image.rules) * 1:45792 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values attempt (file-image.rules) * 1:45793 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro nested IFD out of bounds read attempt (file-other.rules) * 1:45794 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro nested IFD out of bounds read attempt (file-other.rules) * 1:45795 <-> DISABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:45796 <-> DISABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:45797 <-> DISABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:45798 <-> DISABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:45799 <-> DISABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:458 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 1 (protocol-icmp.rules) * 1:45800 <-> DISABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:45801 <-> DISABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules) * 1:45802 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:45803 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:45804 <-> DISABLED <-> SERVER-OTHER Disk Savvy Enterprise buffer overflow attempt (server-other.rules) * 1:45805 <-> DISABLED <-> SERVER-WEBAPP HP IMC guiDataDetail Java expression language injection attempt (server-webapp.rules) * 1:45806 <-> DISABLED <-> SERVER-WEBAPP HP IMC guiDataDetail Java expression language injection attempt (server-webapp.rules) * 1:45807 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GetThreadContext kernel memory leak attempt (os-windows.rules) * 1:45808 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GetThreadContext kernel memory leak attempt (os-windows.rules) * 1:45809 <-> DISABLED <-> INDICATOR-OBFUSCATION Coinhive cryptocurrency miner obfuscated detected (indicator-obfuscation.rules) * 1:45810 <-> ENABLED <-> INDICATOR-OBFUSCATION Coinhive cryptocurrency miner obfuscated detected (indicator-obfuscation.rules) * 1:45811 <-> ENABLED <-> FILE-OTHER EMF embedded image out of bound read attempt (file-other.rules) * 1:45812 <-> ENABLED <-> FILE-OTHER EMF embedded image out of bound read attempt (file-other.rules) * 1:45814 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG tag data buffer overflow attempt (file-image.rules) * 1:45815 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG tag data buffer overflow attempt (file-image.rules) * 1:45816 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Ransomware.Thanatos (malware-cnc.rules) * 1:45817 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Thanatos ransomware inbound download attempt (malware-other.rules) * 1:45818 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Thanatos ransomware inbound download attempt (malware-other.rules) * 1:45819 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt (file-other.rules) * 1:45820 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt (file-other.rules) * 1:45821 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt (file-other.rules) * 1:45822 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt (file-other.rules) * 1:45825 <-> ENABLED <-> PUA-OTHER XMR-Stak cryptocurrency mining pool connection attempt (pua-other.rules) * 1:45826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Smominru outbound call (malware-cnc.rules) * 1:45827 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Smominru outbound call (malware-cnc.rules) * 1:45828 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:45830 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45831 <-> DISABLED <-> MALWARE-TOOLS TLS-Attacker tool connection attempt - known SSL client random (malware-tools.rules) * 1:45834 <-> DISABLED <-> SERVER-WEBAPP /bin/sh access (server-webapp.rules) * 1:45835 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:45836 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server authentication bypass attempt (server-oracle.rules) * 1:45837 <-> DISABLED <-> SERVER-ORACLE Oracle Application Test Suite server arbitrary JSP file upload attempt (server-oracle.rules) * 1:45840 <-> DISABLED <-> SERVER-WEBAPP SERVER-WEBAPP Open WebMail userstat.pl command injection attempt (server-webapp.rules) * 1:45841 <-> DISABLED <-> SERVER-WEBAPP SERVER-WEBAPP Open WebMail userstat.pl command injection attempt (server-webapp.rules) * 1:45842 <-> DISABLED <-> SERVER-WEBAPP SERVER-WEBAPP Open WebMail userstat.pl command injection attempt (server-webapp.rules) * 1:45843 <-> DISABLED <-> SERVER-WEBAPP SERVER-WEBAPP Open WebMail userstat.pl command injection attempt (server-webapp.rules) * 1:45844 <-> DISABLED <-> SERVER-MYSQL into dumpfile function attempt (server-mysql.rules) * 1:45845 <-> DISABLED <-> SERVER-MYSQL UDF system access attempt (server-mysql.rules) * 1:45846 <-> DISABLED <-> SERVER-MYSQL UDF function check attempt (server-mysql.rules) * 1:45847 <-> DISABLED <-> SERVER-MYSQL UDF function create attempt (server-mysql.rules) * 1:45848 <-> DISABLED <-> SERVER-MYSQL UDF function drop attempt (server-mysql.rules) * 1:45849 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF malformed bitmap rectangle destination out of bounds read attempt (file-other.rules) * 1:45850 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF malformed bitmap rectangle destination out of bounds read attempt (file-other.rules) * 1:45851 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF malformed bitmap rectangle destination out of bounds read attempt (file-other.rules) * 1:45852 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF malformed bitmap rectangle destination out of bounds read attempt (file-other.rules) * 1:45853 <-> DISABLED <-> SERVER-OTHER Fatek Automation PLC WinProladder buffer overflow attempt (server-other.rules) * 1:45854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv3 null pointer dereference attempt (os-windows.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:45857 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center Platform /rptviewer/servlets/redirectviewer directory traversal attempt (server-webapp.rules) * 1:45858 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center Platform /rptviewer/servlets/redirectviewer directory traversal attempt (server-webapp.rules) * 1:45859 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center Platform /rptviewer/servlets/redirectviewer directory traversal attempt (server-webapp.rules) * 1:45860 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS malformed TIFF data out of bounds access attempt (file-other.rules) * 1:45861 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS malformed TIFF data out of bounds access attempt (file-other.rules) * 1:45862 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader bookmarkRoot memory corruption attempt (file-pdf.rules) * 1:45863 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader bookmarkRoot memory corruption attempt (file-pdf.rules) * 1:45864 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader bookmarkRoot memory corruption attempt (file-pdf.rules) * 1:45865 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader bookmarkRoot memory corruption attempt (file-pdf.rules) * 1:45866 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid trailer memory corruption attempt (file-pdf.rules) * 1:45867 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid trailer memory corruption attempt (file-pdf.rules) * 1:45868 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:45869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:45871 <-> DISABLED <-> PROTOCOL-SCADA IntegraXor 6x denial of service attempt (protocol-scada.rules) * 1:45872 <-> DISABLED <-> SERVER-WEBAPP Reliance SCADA directory traversal attempt (server-webapp.rules) * 1:45873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SetProcessDeviceMap arbitrary file read attempt (os-windows.rules) * 1:45874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SetProcessDeviceMap arbitrary file read attempt (os-windows.rules) * 1:45875 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory use attempt (browser-ie.rules) * 1:45876 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory use attempt (browser-ie.rules) * 1:45877 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45878 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45879 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:45880 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF listoverride memory corruption attempt (file-office.rules) * 1:45881 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 gdi32 library integer overflow attempt (os-windows.rules) * 1:45882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 gdi32 library integer overflow attempt (os-windows.rules) * 1:45883 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules) * 1:45884 <-> ENABLED <-> FILE-OFFICE Microsoft Access remote code execution attempt (file-office.rules) * 1:45885 <-> ENABLED <-> SERVER-WEBAPP HP IMC perfAccessMgrServlet arbitrary Java object deserialization attempt (server-webapp.rules) * 1:45886 <-> DISABLED <-> SERVER-WEBAPP Potential Misfortune Cookie probe attempt (server-webapp.rules) * 1:45887 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:45888 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:45889 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:45890 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:45892 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules) * 1:45893 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules) * 1:45894 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules) * 1:45895 <-> DISABLED <-> FILE-OTHER ZIP file directory traversal attempt (file-other.rules) * 1:45898 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45899 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:459 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 1 undefined code (protocol-icmp.rules) * 1:45900 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt (os-windows.rules) * 1:45901 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt (os-windows.rules) * 1:45902 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt (os-windows.rules) * 1:45903 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Desktop Bridge privilege escalation attempt (os-windows.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:45905 <-> ENABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:45906 <-> ENABLED <-> MALWARE-CNC CobaltStrike DNS Beacon outbound A record (malware-cnc.rules) * 1:45907 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon outbound TXT record (malware-cnc.rules) * 1:45908 <-> ENABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:45910 <-> DISABLED <-> MALWARE-CNC Cobalt Strike outbound beacon command result (malware-cnc.rules) * 1:45911 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt (server-webapp.rules) * 1:45912 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt (server-webapp.rules) * 1:45913 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt (server-webapp.rules) * 1:45914 <-> DISABLED <-> INDICATOR-COMPROMISE PHP phpinfo command execution attempt (indicator-compromise.rules) * 1:45915 <-> DISABLED <-> INDICATOR-COMPROMISE PHP obfuscated eval command execution attempt (indicator-compromise.rules) * 1:45916 <-> DISABLED <-> INDICATOR-COMPROMISE PHP shell_exec command execution attempt (indicator-compromise.rules) * 1:45917 <-> ENABLED <-> SERVER-WEBAPP PHPMailer command injection remote code execution attempt (server-webapp.rules) * 1:45918 <-> DISABLED <-> SERVER-WEBAPP SugarCRM RSSDashlet XML external entity information disclosure attempt (server-webapp.rules) * 1:45919 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror EK landing page attempt (exploit-kit.rules) * 1:45921 <-> DISABLED <-> EXPLOIT-KIT Terror EK resource access attempt (exploit-kit.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:45925 <-> ENABLED <-> EXPLOIT-KIT Terror EK page access attempt (exploit-kit.rules) * 1:45926 <-> ENABLED <-> SERVER-OTHER Flexense Syncbreeze buffer overflow attempt (server-other.rules) * 1:45927 <-> DISABLED <-> FILE-OTHER Sophos Tester Tool dll-load exploit attempt (file-other.rules) * 1:45928 <-> DISABLED <-> FILE-OTHER Sophos Tester Tool dll-load exploit attempt (file-other.rules) * 1:45929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial file download (malware-cnc.rules) * 1:45930 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial file download (malware-cnc.rules) * 1:45931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial file download (malware-cnc.rules) * 1:45932 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial file download (malware-cnc.rules) * 1:45933 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45934 <-> DISABLED <-> FILE-EXECUTABLE Binutils objdump integer overflow attempt (file-executable.rules) * 1:45935 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules) * 1:45936 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules) * 1:45937 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules) * 1:45938 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules) * 1:45939 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules) * 1:45940 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules) * 1:45941 <-> DISABLED <-> SERVER-OTHER Memcached UDP version discovery attempt (server-other.rules) * 1:45942 <-> DISABLED <-> SERVER-OTHER Memcached DDoS reflective attempt (server-other.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:45945 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DarkSky variant outbound connection (malware-cnc.rules) * 1:45946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection attempt (malware-cnc.rules) * 1:45947 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection attempt (malware-cnc.rules) * 1:45948 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection attempt (malware-cnc.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:45951 <-> ENABLED <-> PUA-OTHER Authedmine TLS server hello attempt (pua-other.rules) * 1:45952 <-> ENABLED <-> PUA-OTHER Authedmine TLS client hello attempt (pua-other.rules) * 1:45953 <-> DISABLED <-> SERVER-WEBAPP HP IMC mediaForAction Java expression language injection attempt (server-webapp.rules) * 1:45954 <-> DISABLED <-> SERVER-WEBAPP HP IMC mediaForAction Java expression language injection attempt (server-webapp.rules) * 1:45955 <-> ENABLED <-> PUA-OTHER XMRMiner cryptocurrency mining pool connection attempt (pua-other.rules) * 1:45956 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.PyCryptoMiner outbound connection (malware-cnc.rules) * 1:45957 <-> DISABLED <-> SERVER-WEBAPP HP IMC iccSelectDeviceSeries Java expression language injection attempt (server-webapp.rules) * 1:45958 <-> DISABLED <-> SERVER-WEBAPP HP IMC iccSelectDeviceSeries Java expression language injection attempt (server-webapp.rules) * 1:45959 <-> DISABLED <-> SERVER-WEBAPP ZEIT Next.js /_next namespace directory traversal attempt (server-webapp.rules) * 1:45960 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silverstar outbound connection (malware-cnc.rules) * 1:45961 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Revenge RAT initial outbound connection (malware-cnc.rules) * 1:45962 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Revenge RAT inbound heartbeat check (malware-cnc.rules) * 1:45963 <-> ENABLED <-> MALWARE-CNC Win.Trojan.UDPOS outbound command and control IP address check (malware-cnc.rules) * 1:45964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.UDPOS outbound system information disclousre (malware-cnc.rules) * 1:45966 <-> ENABLED <-> MALWARE-CNC Win.Trojan.UDPOS outbound heartbeat (malware-cnc.rules) * 1:45967 <-> ENABLED <-> MALWARE-CNC Win.Trojan.UDPOS outbound data exfiltration (malware-cnc.rules) * 1:45968 <-> ENABLED <-> MALWARE-CNC Win.Trojan.UDPOS outbound data exfiltration (malware-cnc.rules) * 1:45969 <-> DISABLED <-> SERVER-WEBAPP SugarCRM cross site scripting attempt (server-webapp.rules) * 1:45970 <-> DISABLED <-> SERVER-WEBAPP SugarCRM cross site scripting attempt (server-webapp.rules) * 1:45971 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess webvrpcs service arbitrary command execution attempt (server-other.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45974 <-> ENABLED <-> MALWARE-CNC Suspected Unix.Malware.GoScanSSH outbound beacon attempt (malware-cnc.rules) * 1:45975 <-> ENABLED <-> MALWARE-BACKDOOR Unix.Malware.Chaos backdoor trigger attempt (malware-backdoor.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:45979 <-> ENABLED <-> MALWARE-CNC MultiOS.Trojan.OSCelestial variant outbound connection (malware-cnc.rules) * 1:45980 <-> ENABLED <-> MALWARE-CNC MultiOS.Trojan.OSCelestial variant inbound connection (malware-cnc.rules) * 1:45983 <-> DISABLED <-> POLICY-OTHER Sandvine PacketLogic http redirection attempt (policy-other.rules) * 1:45984 <-> DISABLED <-> SERVER-WEBAPP Joomla component Jimtawl 2.2.5 arbitrary PHP file upload attempt (server-webapp.rules) * 1:45989 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path element out of bounds memory access attempt (file-other.rules) * 1:45990 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path element out of bounds memory access attempt (file-other.rules) * 1:45995 <-> DISABLED <-> SERVER-WEBAPP CoreOS etcd service private keys listing attempt (server-webapp.rules) * 1:45996 <-> DISABLED <-> SERVER-WEBAPP CoreOS etcd service private keys listing attempt (server-webapp.rules) * 1:460 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 2 (protocol-icmp.rules) * 1:46023 <-> DISABLED <-> OS-OTHER FreeBSD sctp6_ctlinput null pointer dereference attempt (os-other.rules) * 1:46024 <-> DISABLED <-> SERVER-WEBAPP multiple vendor calendar application id parameter SQL injection attempt (server-webapp.rules) * 1:46025 <-> DISABLED <-> SERVER-WEBAPP multiple vendor calendar application id parameter SQL injection attempt (server-webapp.rules) * 1:46026 <-> DISABLED <-> SERVER-WEBAPP EventManager page.php sql injection attempt SQL injection attempt (server-webapp.rules) * 1:46027 <-> DISABLED <-> SERVER-WEBAPP EventManager page.php sql injection attempt SQL injection attempt (server-webapp.rules) * 1:46028 <-> DISABLED <-> SERVER-WEBAPP Joomla JE PayperVideo extension SQL injection attempt (server-webapp.rules) * 1:46029 <-> DISABLED <-> SERVER-WEBAPP Joomla jextn-classifieds SQL injection attempt (server-webapp.rules) * 1:46030 <-> DISABLED <-> SERVER-WEBAPP Joomla jextn-classifieds SQL injection attempt (server-webapp.rules) * 1:46040 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Storage Manager EmConfigMigration servlet directory traversal attempt (server-webapp.rules) * 1:46041 <-> DISABLED <-> SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt (server-webapp.rules) * 1:46042 <-> DISABLED <-> SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt (server-webapp.rules) * 1:46043 <-> DISABLED <-> SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt (server-webapp.rules) * 1:46044 <-> DISABLED <-> SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt (server-webapp.rules) * 1:46045 <-> DISABLED <-> SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt (server-webapp.rules) * 1:46046 <-> DISABLED <-> SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt (server-webapp.rules) * 1:46047 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mobef variant outbound connection attempt (malware-cnc.rules) * 1:46048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound communication (malware-cnc.rules) * 1:46049 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fosniw variant connection attempt (malware-cnc.rules) * 1:46050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrossRAT outbound connection attempt (malware-cnc.rules) * 1:46051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandook/Anbacas outbound connection attempt (malware-cnc.rules) * 1:46052 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Uploador - Win.Trojan.CrossRAT (malware-cnc.rules) * 1:46053 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF malformed Object record out-of-bounds access attempt (file-other.rules) * 1:46054 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF malformed Object record out-of-bounds access attempt (file-other.rules) * 1:46055 <-> DISABLED <-> FILE-OTHER Microsoft wimgapi LoadIntegrityInfo heap buffer overflow attempt (file-other.rules) * 1:46056 <-> DISABLED <-> FILE-OTHER Microsoft wimgapi LoadIntegrityInfo heap buffer overflow attempt (file-other.rules) * 1:46058 <-> DISABLED <-> FILE-OTHER Microsoft wimgapi LoadIntegrityInfo heap buffer overflow attempt (file-other.rules) * 1:46059 <-> DISABLED <-> FILE-OTHER Microsoft wimgapi LoadIntegrityInfo heap buffer overflow attempt (file-other.rules) * 1:46061 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess webvrpcs service arbitrary pointer dereference attempt (server-other.rules) * 1:46062 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46063 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46064 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt (server-webapp.rules) * 1:46065 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Sigma outbound connection (malware-cnc.rules) * 1:46066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.yty second stage downloader initial outbound connection (malware-cnc.rules) * 1:46067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.yty plugin downloader initial outbound connection (malware-cnc.rules) * 1:46068 <-> ENABLED <-> MALWARE-CNC Win.Trojan.yty module download request (malware-cnc.rules) * 1:46069 <-> ENABLED <-> MALWARE-CNC Win.Trojan.yty module request (malware-cnc.rules) * 1:46070 <-> ENABLED <-> MALWARE-CNC Win.Trojan.yty file exfiltration outbound request (malware-cnc.rules) * 1:46071 <-> ENABLED <-> SERVER-APACHE Apache Tomcat Java JmxRemoteLifecycleListener unauthorized serialized object attempt (server-apache.rules) * 1:46072 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:46073 <-> DISABLED <-> FILE-OTHER Python lib wave.py wav zero channel denial of service attempt (file-other.rules) * 1:46074 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:46075 <-> DISABLED <-> FILE-OTHER Microsoft Windows Remote Assistance external entity remote file download attempt (file-other.rules) * 1:46076 <-> DISABLED <-> NETBIOS MikroTik RouterOS buffer overflow attempt (netbios.rules) * 1:46077 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:46078 <-> DISABLED <-> FILE-IMAGE Gifsicle gifread double-free attempt (file-image.rules) * 1:4608 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs function 43 overflow attempt (os-windows.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:46082 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46083 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46084 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi directory traversal attempt (server-webapp.rules) * 1:46085 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46086 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt (server-webapp.rules) * 1:46087 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt (server-webapp.rules) * 1:46088 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt (server-webapp.rules) * 1:46089 <-> ENABLED <-> SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt (server-webapp.rules) * 1:46091 <-> DISABLED <-> MALWARE-OTHER VBscript downloader detected (malware-other.rules) * 1:46092 <-> DISABLED <-> MALWARE-OTHER VBscript downloader detected (malware-other.rules) * 1:46096 <-> ENABLED <-> SERVER-OTHER Cisco Smart Install init discovery message stack buffer overflow attempt (server-other.rules) * 1:46098 <-> DISABLED <-> PROTOCOL-OTHER Routing Information Protocol version 1 potential amplified distributed denial of service attempt (protocol-other.rules) * 1:46099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Modimer Trojanized MediaGet outbound connection (malware-cnc.rules) * 1:461 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 2 undefined code (protocol-icmp.rules) * 1:46100 <-> DISABLED <-> SERVER-WEBAPP Laerdal SimMan-3G arbitrary file upload attempt (server-webapp.rules) * 1:46106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:46112 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46113 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46114 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:46115 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46116 <-> DISABLED <-> SERVER-APACHE FrontPage privilege escalation attempt (server-apache.rules) * 1:46117 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46118 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro JPEG embedded XPS file heap overflow attempt (file-other.rules) * 1:46121 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46122 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46123 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46124 <-> DISABLED <-> PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected (protocol-other.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:46130 <-> DISABLED <-> SERVER-OTHER cPanel Mailman privilege escalation attempt (server-other.rules) * 1:46131 <-> DISABLED <-> SERVER-OTHER cPanel Mailman privilege escalation attempt (server-other.rules) * 1:46132 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:46133 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:46134 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:46136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:46138 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Bandarchor variant outbound connection (malware-cnc.rules) * 1:46139 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Bandarchor variant outbound connection (malware-cnc.rules) * 1:46140 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Bandarchor variant outbound connection (malware-cnc.rules) * 1:46141 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Bandarchor variant outbound connection (malware-cnc.rules) * 1:46156 <-> ENABLED <-> MALWARE-CNC Coldroot RAT outbound connection (malware-cnc.rules) * 1:46157 <-> DISABLED <-> SERVER-WEBAPP Oracle Hospitality Simphony MICROS directory traversal attempt (server-webapp.rules) * 1:46158 <-> DISABLED <-> SERVER-WEBAPP Oracle Hospitality Simphony MICROS directory traversal attempt (server-webapp.rules) * 1:46159 <-> DISABLED <-> SERVER-WEBAPP Oracle Hospitality Simphony MICROS directory traversal attempt (server-webapp.rules) * 1:46160 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud home_mgr.cgi command injection attempt (server-webapp.rules) * 1:46161 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud home_mgr.cgi command injection attempt (server-webapp.rules) * 1:46162 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud home_mgr.cgi command injection attempt (server-webapp.rules) * 1:46163 <-> ENABLED <-> FILE-OTHER Microsoft Windows Defender malformed RAR memory corruption attempt (file-other.rules) * 1:46164 <-> ENABLED <-> FILE-OTHER Microsoft Windows Defender malformed RAR memory corruption attempt (file-other.rules) * 1:46176 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra use after free attempt (browser-ie.rules) * 1:46177 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra use after free attempt (browser-ie.rules) * 1:46178 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules) * 1:46179 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds read attempt (file-office.rules) * 1:46180 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel use after free remote code execution attempt (file-office.rules) * 1:46181 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel use after free remote code execution attempt (file-office.rules) * 1:46182 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel graphics remote code execution attempt (file-office.rules) * 1:46183 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel graphics remote code execution attempt (file-office.rules) * 1:46184 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:46185 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:46186 <-> ENABLED <-> FILE-OTHER TrueType Font Windows EOT font engine remote code execution attempt (file-other.rules) * 1:46187 <-> ENABLED <-> FILE-OTHER TrueType Font Windows EOT font engine remote code execution attempt (file-other.rules) * 1:46188 <-> ENABLED <-> FILE-OTHER Microsoft Windows malformed TTF integer overflow attempt (file-other.rules) * 1:46189 <-> ENABLED <-> FILE-OTHER Microsoft Windows malformed TTF integer overflow attempt (file-other.rules) * 1:46192 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel drawing cell reuse use-after-free attempt (file-office.rules) * 1:46193 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel drawing cell reuse use-after-free attempt (file-office.rules) * 1:46194 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra use after free attempt (browser-ie.rules) * 1:46195 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra use after free attempt (browser-ie.rules) * 1:46196 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel named range cell content use-after-free attempt (file-office.rules) * 1:46197 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel named range cell content use-after-free attempt (file-office.rules) * 1:46198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Vbscript String out of bounds write (browser-ie.rules) * 1:46199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Vbscript String out of bounds write (browser-ie.rules) * 1:462 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 7 (protocol-icmp.rules) * 1:46200 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType font heap overflow attempt (os-windows.rules) * 1:46201 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType font heap overflow attempt (os-windows.rules) * 1:46202 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Wannaminer malicious Powershell download attempt (malware-cnc.rules) * 1:46203 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Wannamine malicious Powershell download attempt (malware-cnc.rules) * 1:46204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array use after free attempt (browser-ie.rules) * 1:46205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array use after free attempt (browser-ie.rules) * 1:46206 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge use-after-free attempt (browser-ie.rules) * 1:46207 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge use-after-free attempt (browser-ie.rules) * 1:46208 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel use after free remote code execution attempt (file-office.rules) * 1:46209 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel use after free remote code execution attempt (file-office.rules) * 1:46210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blackshades variant outbound communication (malware-cnc.rules) * 1:46212 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:46213 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:46214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType font heap overflow attempt (os-windows.rules) * 1:46215 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType font heap overflow attempt (os-windows.rules) * 1:46216 <-> DISABLED <-> SERVER-WEBAPP DIAEnergie credential request attempt (server-webapp.rules) * 1:46218 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:46219 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:46220 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:46221 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:46226 <-> ENABLED <-> FILE-PDF Microsoft Edge pdf parsing information disclosure attempt (file-pdf.rules) * 1:46227 <-> ENABLED <-> FILE-PDF Microsoft Edge pdf parsing information disclosure attempt (file-pdf.rules) * 1:46228 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer javascript memory corruption attempt (browser-ie.rules) * 1:46229 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript memory corruption attempt (browser-ie.rules) * 1:46230 <-> ENABLED <-> OS-WINDOWS Microsoft Windows malformed TTF integer overflow attempt (os-windows.rules) * 1:46231 <-> ENABLED <-> OS-WINDOWS Microsoft Windows malformed TTF integer overflow attempt (os-windows.rules) * 1:46232 <-> DISABLED <-> SERVER-WEBAPP Mango Automation arbitrary JSP file upload attempt (server-webapp.rules) * 1:46233 <-> ENABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46234 <-> ENABLED <-> FILE-OFFICE Microsoft JET Database remote code execution attempt (file-office.rules) * 1:46235 <-> ENABLED <-> MALWARE-CNC Dofoil outbound connection attempt (malware-cnc.rules) * 1:46236 <-> ENABLED <-> MALWARE-CNC Dofoil file download attempt (malware-cnc.rules) * 1:46237 <-> ENABLED <-> PUA-OTHER Cryptocurrency Miner outbound connection attempt (pua-other.rules) * 1:46238 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rarog outbound communication attempt (malware-cnc.rules) * 1:46239 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rarog outbound communication attempt (malware-cnc.rules) * 1:46240 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rarog user-agent outbound communication attempt (malware-cnc.rules) * 1:46243 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer embedSWF use after free exploit attempt (browser-ie.rules) * 1:46244 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer embedSWF use after free exploit attempt (browser-ie.rules) * 1:46245 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer embedSWF use after free exploit attempt (browser-ie.rules) * 1:46246 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer embedSWF use after free exploit attempt (browser-ie.rules) * 1:46247 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46248 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:46254 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46255 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46256 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46257 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46258 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46259 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip out of bounds write attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46262 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46264 <-> ENABLED <-> FILE-OTHER Adobe Flash Player ATF image file out of bounds read attempt (file-other.rules) * 1:46265 <-> ENABLED <-> FILE-OTHER Adobe Flash Player ATF image file out of bounds read attempt (file-other.rules) * 1:46266 <-> DISABLED <-> FILE-OTHER Microsoft Office Outlook 2003 OLE information disclosure attempt detected (file-other.rules) * 1:46267 <-> DISABLED <-> FILE-OTHER Microsoft Office Outlook 2003 OLE information disclosure attempt detected (file-other.rules) * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules) * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules) * 1:46271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules) * 1:46272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules) * 1:46273 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46274 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46275 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46276 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46277 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46278 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46279 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46280 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46281 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46282 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules) * 1:46283 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUJobCountHistory SQL injection attempt (server-webapp.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:46285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules) * 1:46286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules) * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules) * 1:46288 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules) * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules) * 1:46290 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules) * 1:46291 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor file management attempt (malware-backdoor.rules) * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:463 <-> DISABLED <-> PROTOCOL-ICMP unassigned type 7 undefined code (protocol-icmp.rules) * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules) * 1:46301 <-> DISABLED <-> SERVER-OTHER QNAP QTS X-Forwarded-For buffer overflow (server-other.rules) * 1:46302 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUEventHistory SQL injection attempt (server-webapp.rules) * 1:46303 <-> DISABLED <-> SERVER-WEBAPP Antsle antman authentication bypass attempt (server-webapp.rules) * 1:46304 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ JMS ObjectMessage deserialization attempt (server-other.rules) * 1:46305 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46306 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46307 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46308 <-> DISABLED <-> SERVER-WEBAPP QNAP WTS 4.2.1 command injection attempt (server-webapp.rules) * 1:46309 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46310 <-> DISABLED <-> SERVER-OTHER QNAP NVR/NAS Heap/Stack Overflow attempt (server-other.rules) * 1:46311 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUTransferHistory SQL injection attempt (server-webapp.rules) * 1:46312 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46313 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46314 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information disclosure attempt (server-webapp.rules) * 1:46315 <-> DISABLED <-> SERVER-WEBAPP Joomla restore.php PHP object injection attempt (server-webapp.rules) * 1:46316 <-> ENABLED <-> SERVER-WEBAPP Drupal 8 remote code execution attempt (server-webapp.rules) * 1:46317 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46318 <-> DISABLED <-> SERVER-OTHER NETGEAR TelnetEnable attempt (server-other.rules) * 1:46322 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46323 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200B stored cross-site scripting attempt (server-webapp.rules) * 1:46324 <-> ENABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46325 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center UrlAccessController authentication bypass attempt (server-webapp.rules) * 1:46326 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46327 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed PageManagementService persistent XSS attempt (server-apache.rules) * 1:46328 <-> DISABLED <-> SERVER-WEBAPP Apache Jetspeed PageManagementService persistent XSS attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46333 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46334 <-> ENABLED <-> SERVER-WEBAPP Joomla DT Register SQL injection attempt (server-webapp.rules) * 1:46335 <-> DISABLED <-> SERVER-OTHER QNAP QTS hard coded credential access attempt (server-other.rules) * 1:46336 <-> DISABLED <-> SERVER-APACHE Apache Jetspeed User Manager service unauthorized API access attempt (server-apache.rules) * 1:46337 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46338 <-> ENABLED <-> SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt (server-webapp.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46340 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt (server-webapp.rules) * 1:46341 <-> DISABLED <-> SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt (server-webapp.rules) * 1:46342 <-> DISABLED <-> SERVER-OTHER QNAP QTS cross site request forgery attempt (server-other.rules) * 1:46344 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46345 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46346 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk directory traversal attempt (server-webapp.rules) * 1:46347 <-> DISABLED <-> SERVER-WEBAPP MediaWiki index.php rs cross site scripting attempt (server-webapp.rules) * 1:46348 <-> ENABLED <-> SERVER-WEBAPP NetIQ Access Manager Identity Server directory traversal attempt (server-webapp.rules) * 1:46349 <-> ENABLED <-> SERVER-WEBAPP NetIQ Access Manager Identity Server directory traversal attempt (server-webapp.rules) * 1:46350 <-> ENABLED <-> SERVER-WEBAPP NetIQ Access Manager Identity Server directory traversal attempt (server-webapp.rules) * 1:46351 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut220 ActiveX clsid access attempt (browser-plugins.rules) * 1:46352 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut220 ActiveX clsid access attempt (browser-plugins.rules) * 1:46353 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk download-file directory traversal attempt (server-webapp.rules) * 1:46354 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk download-file directory traversal attempt (server-webapp.rules) * 1:46355 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk download-file directory traversal attempt (server-webapp.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46365 <-> ENABLED <-> PUA-OTHER CoinHive Miner client detected (pua-other.rules) * 1:46366 <-> ENABLED <-> PUA-OTHER CryptoNight webassembly download attempt (pua-other.rules) * 1:46367 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file download detected (file-identify.rules) * 1:46368 <-> DISABLED <-> MALWARE-BACKDOOR JSP Web shell upload attempt (malware-backdoor.rules) * 1:46369 <-> DISABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules) * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules) * 1:46370 <-> ENABLED <-> PUA-OTHER Moonify Miner client detected (pua-other.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:46373 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:46374 <-> DISABLED <-> PROTOCOL-OTHER CLDAP potential reflected distributed denial of service attempt (protocol-other.rules) * 1:46375 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:46376 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46377 <-> DISABLED <-> SERVER-OTHER libgd heap-overflow attempt (server-other.rules) * 1:46378 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules) * 1:46379 <-> DISABLED <-> SERVER-WEBAPP Afian FileRun SQL injection attempt (server-webapp.rules) * 1:4638 <-> DISABLED <-> SERVER-OTHER RSVP Protocol zero length object DoS attempt (server-other.rules) * 1:46380 <-> DISABLED <-> SERVER-WEBAPP Afian FileRun SQL injection attempt (server-webapp.rules) * 1:46381 <-> DISABLED <-> INDICATOR-COMPROMISE Potential data exfiltration through Google form submission (indicator-compromise.rules) * 1:46382 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration denial of service attempt (server-other.rules) * 1:46383 <-> DISABLED <-> SERVER-OTHER Micro Focus Operations Orchestration information disclosure attempt (server-other.rules) * 1:46384 <-> ENABLED <-> BROWSER-IE Internet Explorer URL file remote code execution attempt detected (browser-ie.rules) * 1:46385 <-> ENABLED <-> BROWSER-IE Internet Explorer URL file remote code execution attempt detected (browser-ie.rules) * 1:46387 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP zero-origin timestamp denial of service attempt (server-other.rules) * 1:4639 <-> DISABLED <-> SERVER-OTHER Ethereal Distcc ARGV buffer overflow attempt (server-other.rules) * 1:46393 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file detected (file-identify.rules) * 1:46394 <-> ENABLED <-> FILE-IDENTIFY WebAssembly file attachment detected (file-identify.rules) * 1:46396 <-> ENABLED <-> FILE-EXECUTABLE Win.Ransomware.Rapid download attempt (file-executable.rules) * 1:46397 <-> ENABLED <-> FILE-EXECUTABLE Win.Ransomware.Rapid download attempt (file-executable.rules) * 1:46398 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:46399 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox table object integer underflow (browser-other.rules) * 1:4640 <-> DISABLED <-> SERVER-OTHER Ethereal Distcc SERR buffer overflow attempt (server-other.rules) * 1:46400 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-343 Mail_Test command injection attempt (server-webapp.rules) * 1:46401 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-343 Mail_Test command injection attempt (server-webapp.rules) * 1:46402 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-343 Mail_Test command injection attempt (server-webapp.rules) * 1:46403 <-> DISABLED <-> NETBIOS SMB NTLM Authentication with unknown authentication message type attempt (netbios.rules) * 1:46404 <-> DISABLED <-> BROWSER-PLUGINS RealPlayer rmoc3260.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:46405 <-> DISABLED <-> BROWSER-PLUGINS RealPlayer rmoc3260.dll ActiveX clsid access attempt (browser-plugins.rules) * 1:46406 <-> ENABLED <-> MALWARE-CNC Bitvote miner kernel driver outbound request attempt (malware-cnc.rules) * 1:46407 <-> ENABLED <-> MALWARE-CNC Bitvote miner kernel driver payload download attempt (malware-cnc.rules) * 1:46408 <-> DISABLED <-> SERVER-WEBAPP Moodle PoodLL Filter plugin cross site scripting attempt (server-webapp.rules) * 1:46409 <-> DISABLED <-> OS-WINDOWS Attempted DNS overflow (os-windows.rules) * 1:4641 <-> DISABLED <-> SERVER-OTHER Ethereal Distcc SOUT buffer overflow attempt (server-other.rules) * 1:46410 <-> ENABLED <-> PUA-OTHER Mineralt TLS client hello attempt (pua-other.rules) * 1:46411 <-> ENABLED <-> PUA-OTHER Mineralt TLS server hello attempt (pua-other.rules) * 1:46412 <-> DISABLED <-> PUA-OTHER Javascript obfuscated by obfuscator.io download attempt (pua-other.rules) * 1:46413 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46414 <-> ENABLED <-> PUA-OTHER Mineralt JavaScript cryptocurrency mining attempt (pua-other.rules) * 1:46415 <-> ENABLED <-> PUA-OTHER obfuscated cryptomining javascript download attempt (pua-other.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:46417 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:46418 <-> DISABLED <-> SERVER-OTHER X.509 IPAddressFamily extension buffer overread attempt (server-other.rules) * 1:46419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules) * 1:46420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XXE information disclosure attempt (os-windows.rules) * 1:46421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kraens delivery attempt (malware-cnc.rules) * 1:46422 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kraens delivery attempt (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:46424 <-> DISABLED <-> BROWSER-IE Microsoft Edge Javascript ParseCatch type confusion attempt (browser-ie.rules) * 1:46425 <-> DISABLED <-> BROWSER-IE Microsoft Edge Javascript ParseCatch type confusion attempt (browser-ie.rules) * 1:46426 <-> DISABLED <-> BROWSER-IE Microsoft Edge Javascript ParseCatch type confusion attempt (browser-ie.rules) * 1:46427 <-> DISABLED <-> BROWSER-IE Microsoft Edge Javascript ParseCatch type confusion attempt (browser-ie.rules) * 1:46428 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:46429 <-> DISABLED <-> OS-WINDOWS Total Meltdown side-channel information leak attempt (os-windows.rules) * 1:4643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:46430 <-> DISABLED <-> OS-WINDOWS Total Meltdown side-channel information leak attempt (os-windows.rules) * 1:46431 <-> DISABLED <-> OS-WINDOWS Total Meltdown side-channel information leak attempt (os-windows.rules) * 1:46432 <-> DISABLED <-> OS-WINDOWS Total Meltdown side-channel information leak attempt (os-windows.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 1:46435 <-> ENABLED <-> MALWARE-CNC Vbs.Downloader.Kryptik known malicious user-agent string (malware-cnc.rules) * 1:46436 <-> ENABLED <-> MALWARE-CNC Vbs.Downloader.Agent inbound connection (malware-cnc.rules) * 1:46437 <-> ENABLED <-> MALWARE-CNC Vbs.Downloader.Agent inbound connection (malware-cnc.rules) * 1:46438 <-> ENABLED <-> MALWARE-CNC Vbs.Downloader.Agent inbound connection (malware-cnc.rules) * 1:46439 <-> ENABLED <-> MALWARE-CNC Vbs.Downloader.Agent inbound delivery attempt (malware-cnc.rules) * 1:4644 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:46440 <-> DISABLED <-> SERVER-OTHER Apache CouchDB remote code execution attempt (server-other.rules) * 1:46441 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJsInterpreter method use after free attempt (browser-ie.rules) * 1:46442 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJsInterpreter method use after free attempt (browser-ie.rules) * 1:46443 <-> DISABLED <-> BROWSER-OTHER HTTP encoding header evasion attempt (browser-other.rules) * 1:46444 <-> DISABLED <-> BROWSER-OTHER HTTP encoding header evasion attempt (browser-other.rules) * 1:46445 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic unsafe deserialization remote code execution attempt detected (server-other.rules) * 1:46446 <-> ENABLED <-> SERVER-OTHER Oracle Weblogic unsafe deserialization remote code execution attempt detected (server-other.rules) * 1:46447 <-> DISABLED <-> POLICY-OTHER TP-Link device reboot attempt (policy-other.rules) * 1:46448 <-> DISABLED <-> POLICY-OTHER TP-Link device enable remote management attempt (policy-other.rules) * 1:46449 <-> ENABLED <-> SERVER-OTHER PostgreSQL Empty Password authentication bypass attempt (server-other.rules) * 1:4645 <-> DISABLED <-> PROTOCOL-IMAP search format string attempt (protocol-imap.rules) * 1:46450 <-> DISABLED <-> SERVER-WEBAPP Elasticsearch snapshot directory traversal attempt (server-webapp.rules) * 1:46451 <-> ENABLED <-> SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt (server-webapp.rules) * 1:46454 <-> DISABLED <-> SERVER-WEBAPP Node.js zlib createDeflateRaw denial of service attempt (server-webapp.rules) * 1:4646 <-> DISABLED <-> PROTOCOL-IMAP search literal format string attempt (protocol-imap.rules) * 1:46461 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx cross site scripting attempt (server-webapp.rules) * 1:46462 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:46463 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:46464 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx cross site scripting attempt (server-webapp.rules) * 1:46465 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx cross site scripting attempt (server-webapp.rules) * 1:46466 <-> ENABLED <-> OS-WINDOWS Windows NTFS NtfsFindExistingLcb denial of service attempt (os-windows.rules) * 1:46467 <-> ENABLED <-> OS-WINDOWS Windows NTFS NtfsFindExistingLcb denial of service attempt (os-windows.rules) * 1:46468 <-> ENABLED <-> SERVER-OTHER Cisco Smart Install invalid init discovery message denial of service attempt (server-other.rules) * 1:46469 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize integer overflow attempt (server-webapp.rules) * 1:4647 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload overflow attempt (browser-ie.rules) * 1:46470 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize integer overflow attempt (server-webapp.rules) * 1:46471 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra code execution attempt (browser-ie.rules) * 1:46472 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra code execution attempt (browser-ie.rules) * 1:46473 <-> ENABLED <-> SERVER-OTHER Spring Data Commons remote code execution attempt (server-other.rules) * 1:46474 <-> ENABLED <-> SERVER-OTHER Quest Appliance NetVault Backup buffer overflow attempt (server-other.rules) * 1:46475 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SquirtDanger get module list outbound request (malware-cnc.rules) * 1:46476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SquirtDanger inbound delivery attempt (malware-cnc.rules) * 1:46477 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SquirtDanger inbound delivery attempt (malware-cnc.rules) * 1:46478 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SquirtDanger inbound delivery attempt (malware-cnc.rules) * 1:46479 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SquirtDanger inbound delivery attempt (malware-cnc.rules) * 1:4648 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer wang image admin activex object access (browser-plugins.rules) * 1:46480 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file keys atom integer overflow attempt (file-multimedia.rules) * 1:46481 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file keys atom integer overflow attempt (file-multimedia.rules) * 1:46482 <-> ENABLED <-> MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes data exfiltration (malware-cnc.rules) * 1:46483 <-> DISABLED <-> SERVER-WEBAPP Wordpress VideoWhisper Live Streaming Integration plugin double extension file upload attempt (server-webapp.rules) * 1:46484 <-> DISABLED <-> SERVER-MAIL Multiple IMAP servers DELETE command buffer overflow attempt (server-mail.rules) * 1:46485 <-> DISABLED <-> SERVER-WEBAPP TwonkyMedia server directory listing attempt (server-webapp.rules) * 1:46486 <-> ENABLED <-> PUA-ADWARE Slimware Utilities variant outbound connection (pua-adware.rules) * 1:46487 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ammy heartbeat (malware-cnc.rules) * 1:46488 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ammy download attempt (malware-cnc.rules) * 1:46489 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUBackup SQL injection attempt (server-webapp.rules) * 1:4649 <-> DISABLED <-> SERVER-MYSQL create function buffer overflow attempt (server-mysql.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46495 <-> DISABLED <-> SERVER-OTHER HTTP request smuggling attempt (server-other.rules) * 1:465 <-> DISABLED <-> PROTOCOL-ICMP ISS Pinger (protocol-icmp.rules) * 1:4650 <-> DISABLED <-> SERVER-WEBAPP cacti graph_image.php access (server-webapp.rules) * 1:46501 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound request (malware-cnc.rules) * 1:46502 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound request (malware-cnc.rules) * 1:46503 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TTF cmap integer overflow attempt (os-windows.rules) * 1:46504 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TTF cmap integer overflow attempt (os-windows.rules) * 1:46505 <-> DISABLED <-> BROWSER-IE Microsoft Edge eval heap overflow attempt (browser-ie.rules) * 1:46506 <-> DISABLED <-> BROWSER-IE Microsoft Edge eval heap overflow attempt (browser-ie.rules) * 1:46507 <-> DISABLED <-> BROWSER-IE Microsoft Edge eval heap overflow attempt (browser-ie.rules) * 1:46508 <-> DISABLED <-> BROWSER-IE Microsoft Edge eval heap overflow attempt (browser-ie.rules) * 1:46509 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API command injection attempt (server-webapp.rules) * 1:4651 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules) * 1:46510 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt (server-webapp.rules) * 1:46511 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt (server-webapp.rules) * 1:46512 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt (server-webapp.rules) * 1:46513 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt (server-webapp.rules) * 1:46514 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt (server-webapp.rules) * 1:46515 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt (server-webapp.rules) * 1:46516 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt (server-webapp.rules) * 1:46517 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt (server-webapp.rules) * 1:46518 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router remote telnet enable attempt (server-webapp.rules) * 1:46519 <-> DISABLED <-> SERVER-WEBAPP Belkin N750 F9K1103 wireless router remote telnet enable attempt (server-webapp.rules) * 1:4652 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules) * 1:46520 <-> DISABLED <-> SERVER-WEBAPP WebPort 1.16.2 directory traversal attempt (server-webapp.rules) * 1:46521 <-> DISABLED <-> SERVER-WEBAPP WebPort 1.16.2 directory traversal attempt (server-webapp.rules) * 1:46522 <-> DISABLED <-> SERVER-WEBAPP WebPort 1.16.2 directory traversal attempt (server-webapp.rules) * 1:46524 <-> DISABLED <-> SERVER-WEBAPP OpenEMR 5.0 directory traversal attempt (server-webapp.rules) * 1:46525 <-> DISABLED <-> SERVER-WEBAPP OpenEMR 5.0 directory traversal attempt (server-webapp.rules) * 1:46526 <-> DISABLED <-> SERVER-WEBAPP OpenEMR 5.0 directory traversal attempt (server-webapp.rules) * 1:46527 <-> DISABLED <-> SERVER-WEBAPP LibreEHR 2.0.0 directory traversal attempt (server-webapp.rules) * 1:46528 <-> DISABLED <-> SERVER-WEBAPP LibreEHR 2.0.0 directory traversal attempt (server-webapp.rules) * 1:46529 <-> DISABLED <-> SERVER-WEBAPP LibreEHR 2.0.0 directory traversal attempt (server-webapp.rules) * 1:4653 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules) * 1:46530 <-> DISABLED <-> SERVER-WEBAPP Dream Report ASPX file upload attempt (server-webapp.rules) * 1:46531 <-> DISABLED <-> SERVER-WEBAPP SearchBlox suspicious configuration upload attempt (server-webapp.rules) * 1:46532 <-> DISABLED <-> SERVER-WEBAPP SearchBlox suspicious configuration upload attempt (server-webapp.rules) * 1:46533 <-> DISABLED <-> SERVER-WEBAPP DHCP cross site scripting attempt (server-webapp.rules) * 1:46534 <-> DISABLED <-> SERVER-WEBAPP NetGear DGN2200B command injection attempt (server-webapp.rules) * 1:46535 <-> DISABLED <-> SERVER-WEBAPP NetGear DGN2200B command injection attempt (server-webapp.rules) * 1:46536 <-> DISABLED <-> SERVER-WEBAPP NetGear DGN2200B command injection attempt (server-webapp.rules) * 1:46537 <-> DISABLED <-> SERVER-WEBAPP NetGear DGN2200B command injection attempt (server-webapp.rules) * 1:46538 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (os-windows.rules) * 1:46539 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (os-windows.rules) * 1:4654 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules) * 1:46540 <-> DISABLED <-> SERVER-WEBAPP UltiDev Cassini Webserver file download attempt (server-webapp.rules) * 1:46544 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine use after free attempt (browser-ie.rules) * 1:46545 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine use after free attempt (browser-ie.rules) * 1:46546 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46547 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46548 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:46549 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:4655 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules) * 1:46552 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:46553 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:46554 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Regexp use after free attempt (browser-ie.rules) * 1:46555 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Regexp use after free attempt (browser-ie.rules) * 1:46556 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:46557 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel remote code execution attempt (file-office.rules) * 1:46558 <-> ENABLED <-> FILE-OFFICE Microsoft Office docx heap out of bounds read attempt (file-office.rules) * 1:46559 <-> ENABLED <-> FILE-OFFICE Microsoft Office docx heap out of bounds read attempt (file-office.rules) * 1:4656 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules) * 1:46560 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF embedded ole file out of bounds write attempt (file-office.rules) * 1:46561 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF embedded ole file out of bounds write attempt (file-office.rules) * 1:46562 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:46563 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:46564 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:46565 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:4657 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules) * 1:46574 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46575 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46576 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46577 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46578 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious system information disclosure (malware-cnc.rules) * 1:46579 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious system information disclosure (malware-cnc.rules) * 1:4658 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46587 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46588 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46589 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:4659 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC SACL overflow attempt (netbios.rules) * 1:46590 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46591 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46592 <-> DISABLED <-> BROWSER-IE Microsoft Edge JSON.parse information disclosure attempt (browser-ie.rules) * 1:46593 <-> DISABLED <-> BROWSER-IE Microsoft Edge JSON.parse information disclosure attempt (browser-ie.rules) * 1:46594 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer prototype type confusion attempt (browser-ie.rules) * 1:46595 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer prototype type confusion attempt (browser-ie.rules) * 1:46596 <-> ENABLED <-> OS-WINDOWS dxgkrnl.sys privilege escalation attempt (os-windows.rules) * 1:46597 <-> ENABLED <-> OS-WINDOWS dxgkrnl.sys privilege escalation attempt (os-windows.rules) * 1:46598 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:466 <-> DISABLED <-> PROTOCOL-ICMP L3retriever Ping (protocol-icmp.rules) * 1:4660 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC andx SACL overflow attempt (netbios.rules) * 1:46600 <-> DISABLED <-> SERVER-WEBAPP Indusoft Web Studio/Intouch Machine Edition buffer overflow attempt (server-webapp.rules) * 1:46601 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook HTML acronym tag memory corruption attempt (file-office.rules) * 1:46602 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook HTML acronym tag memory corruption attempt (file-office.rules) * 1:46603 <-> ENABLED <-> OS-WINDOWS Microsoft Windows clfs.sys out of bounds local privilege escalation attempt (os-windows.rules) * 1:46604 <-> ENABLED <-> OS-WINDOWS Microsoft Windows clfs.sys out of bounds local privilege escalation attempt (os-windows.rules) * 1:46605 <-> DISABLED <-> SERVER-ORACLE Oracle Access Manager authentication bypass attempt (server-oracle.rules) * 1:46606 <-> ENABLED <-> BROWSER-IE Microsoft Edge out-of-bounds memory access attempt (browser-ie.rules) * 1:46607 <-> ENABLED <-> BROWSER-IE Microsoft Edge out-of-bounds memory access attempt (browser-ie.rules) * 1:46608 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blackshades variant outbound communication (malware-cnc.rules) * 1:46609 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackIce variant outbound connection (malware-cnc.rules) * 1:4661 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode SACL overflow attempt (netbios.rules) * 1:46610 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules) * 1:46611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload second stage download request (malware-cnc.rules) * 1:46612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unruy outbound callout (malware-cnc.rules) * 1:46613 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46614 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46615 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46616 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46617 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46618 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:46619 <-> DISABLED <-> OS-LINUX Linux systemd DNS resolver denial of service attempt (os-linux.rules) * 1:4662 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx SACL overflow attempt (netbios.rules) * 1:46620 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Graphics Server image converter information leak attempt (server-webapp.rules) * 1:46621 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Graphics Server image converter arbitrary file upload attempt (server-webapp.rules) * 1:46622 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Graphics Server buffer overflow attempt (server-webapp.rules) * 1:46623 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Graphics Server buffer overflow attempt (server-webapp.rules) * 1:46624 <-> ENABLED <-> SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (server-webapp.rules) * 1:46625 <-> ENABLED <-> SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (server-webapp.rules) * 1:46626 <-> ENABLED <-> SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (server-webapp.rules) * 1:46627 <-> ENABLED <-> SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (server-webapp.rules) * 1:46628 <-> ENABLED <-> MALWARE-CNC Rubella Macro Builder generated payload (malware-cnc.rules) * 1:46629 <-> ENABLED <-> MALWARE-CNC Rubella Macro Builder generated payload (malware-cnc.rules) * 1:4663 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules) * 1:46630 <-> ENABLED <-> MALWARE-CNC Rubella Macro Builder generated payload (malware-cnc.rules) * 1:46631 <-> ENABLED <-> MALWARE-CNC Rubella Macro Builder generated payload (malware-cnc.rules) * 1:46632 <-> DISABLED <-> SERVER-MAIL Office 365 ATP Safe Links bypass attempt (server-mail.rules) * 1:46633 <-> DISABLED <-> SERVER-MAIL Office 365 ATP Safe Links bypass attempt (server-mail.rules) * 1:46636 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Gandcrab variant outbound connection (malware-cnc.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:46638 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DC OCG setIntent memory corruption attempt (file-pdf.rules) * 1:46639 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader DC OCG setIntent memory corruption attempt (file-pdf.rules) * 1:4664 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules) * 1:46640 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (indicator-compromise.rules) * 1:46641 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (indicator-compromise.rules) * 1:46642 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (malware-cnc.rules) * 1:46643 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules) * 1:46644 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF compression out of bounds write attempt (file-other.rules) * 1:46645 <-> DISABLED <-> FILE-PDF Adobe Reader XFA node manipulation use-after-free attempt (file-pdf.rules) * 1:46646 <-> DISABLED <-> FILE-PDF Adobe Reader XFA node manipulation use-after-free attempt (file-pdf.rules) * 1:46647 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules) * 1:46648 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EmfPlusDrawBeziers buffer over-read attempt (file-other.rules) * 1:46649 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA form use after free attempt (file-pdf.rules) * 1:4665 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules) * 1:46650 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA form use after free attempt (file-pdf.rules) * 1:46651 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules) * 1:46652 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro PDX malformed index out of bounds memory read attempt (file-other.rules) * 1:46653 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript data structure use after free attempt (file-pdf.rules) * 1:46654 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript data structure use after free attempt (file-pdf.rules) * 1:46655 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:46656 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS2PDF conversion buffer over-read attempt (file-other.rules) * 1:46657 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine annotations use after free attempt (file-pdf.rules) * 1:46658 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine annotations use after free attempt (file-pdf.rules) * 1:46659 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules) * 1:4666 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules) * 1:46660 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader jp2 double free attempt (file-other.rules) * 1:46662 <-> ENABLED <-> EXPLOIT-KIT FakeFlash update attempt (exploit-kit.rules) * 1:46663 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound telize.com geo-IP location connection attempt (indicator-compromise.rules) * 1:46664 <-> DISABLED <-> INDICATOR-COMPROMISE Outbound freegeoip.net geo-IP location connection attempt (indicator-compromise.rules) * 1:46665 <-> DISABLED <-> SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt (server-webapp.rules) * 1:46666 <-> DISABLED <-> SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt (server-webapp.rules) * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:4667 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules) * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules) * 1:46675 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader go-to action NTLM credential disclosure attempt (file-pdf.rules) * 1:46676 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader go-to action NTLM credential disclosure attempt (file-pdf.rules) * 1:46677 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader go-to action NTLM credential disclosure attempt (file-pdf.rules) * 1:46678 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader go-to action NTLM credential disclosure attempt (file-pdf.rules) * 1:46679 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:4668 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules) * 1:46680 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader security bypass attempt (file-pdf.rules) * 1:46681 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader security bypass attempt (file-pdf.rules) * 1:46682 <-> DISABLED <-> SERVER-MAIL Multiple products email with crafted MIME parts direct exfiltration attempt (server-mail.rules) * 1:46683 <-> DISABLED <-> SERVER-MAIL Multiple products email with crafted MIME parts direct exfiltration attempt (server-mail.rules) * 1:46684 <-> DISABLED <-> SERVER-MAIL Multiple products email with crafted MIME parts direct exfiltration attempt (server-mail.rules) * 1:46685 <-> DISABLED <-> SERVER-MAIL Multiple products email with crafted MIME parts direct exfiltration attempt (server-mail.rules) * 1:46686 <-> DISABLED <-> FILE-PDF Adobe Acrobat XFA field type confusion overflow attempt (file-pdf.rules) * 1:46687 <-> DISABLED <-> FILE-PDF Adobe Acrobat XFA field type confusion overflow attempt (file-pdf.rules) * 1:46688 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules) * 1:46689 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS out-of-bounds read attempt (file-image.rules) * 1:4669 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules) * 1:46690 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules) * 1:46691 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro path rendertransform out of bound write attempt (file-other.rules) * 1:46692 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules) * 1:46693 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawCurve out of bounds read attempt (file-image.rules) * 1:46694 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules) * 1:46695 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF embedded GIF memory corruption attempt (file-other.rules) * 1:46696 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA use after free attempt (file-pdf.rules) * 1:46697 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA use after free attempt (file-pdf.rules) * 1:46698 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules) * 1:46699 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded DIB out of bound read attempt (file-other.rules) * 1:467 <-> DISABLED <-> PROTOCOL-ICMP Nemesis v1.1 Echo (protocol-icmp.rules) * 1:4670 <-> DISABLED <-> NETBIOS SMB-DS NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules) * 1:46700 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.Crossrider outbound download request (malware-cnc.rules) * 1:46701 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules) * 1:46702 <-> DISABLED <-> FILE-IMAGE Adobe Acrboat EMF invalid EMR_STRETCHDIBITS record out-of-bounds read attempt (file-image.rules) * 1:46703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules) * 1:46704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_STRETCHDIBITS size out of bounds read attempt (file-other.rules) * 1:46705 <-> DISABLED <-> FILE-PDF Adobe Acrobat ADBCAnnotEnumerator use after free attempt (file-pdf.rules) * 1:46706 <-> DISABLED <-> FILE-PDF Adobe Acrobat ADBCAnnotEnumerator use after free attempt (file-pdf.rules) * 1:46707 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules) * 1:46708 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF malformed EmfPlusPointF object buffer overflow attempt (file-other.rules) * 1:46709 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules) * 1:4671 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC DACL overflow attempt (netbios.rules) * 1:46710 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules) * 1:46711 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:46712 <-> DISABLED <-> FILE-OTHER Adobe Professional BMP embedded image heap overflow attempt (file-other.rules) * 1:46713 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:46714 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:46715 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:46716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:46717 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules) * 1:46718 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules) * 1:46719 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules) * 1:4672 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC andx DACL overflow attempt (netbios.rules) * 1:46720 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object heap overflow attempt (file-image.rules) * 1:46721 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation use after free attempt (file-pdf.rules) * 1:46722 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation use after free attempt (file-pdf.rules) * 1:46723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader pointer dereference attempt (file-pdf.rules) * 1:46724 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader pointer dereference attempt (file-pdf.rules) * 1:46725 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:46726 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG out of bounds read attempt (file-image.rules) * 1:46727 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules) * 1:46728 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF embedded GIF LZW compression out of bound read attempt (file-other.rules) * 1:46729 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:4673 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt (netbios.rules) * 1:46730 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS out of bounds read attempt (file-other.rules) * 1:46731 <-> ENABLED <-> FILE-PDF Adobe Reader malformed JPEG2000 image invalid colr size out of bounds read attempt (file-pdf.rules) * 1:46732 <-> ENABLED <-> FILE-PDF Adobe Reader malformed JPEG2000 image invalid colr size out of bounds read attempt (file-pdf.rules) * 1:46733 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules) * 1:46734 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules) * 1:46735 <-> ENABLED <-> SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (server-webapp.rules) * 1:46736 <-> ENABLED <-> SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (server-webapp.rules) * 1:46737 <-> ENABLED <-> SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (server-webapp.rules) * 1:4674 <-> DISABLED <-> NETBIOS SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt (netbios.rules) * 1:46742 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious script download attempt (malware-cnc.rules) * 1:46743 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper initial outbound connection attempt (malware-cnc.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:46745 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:46746 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:46747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qarallax outbound connection (malware-cnc.rules) * 1:46748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qarallax outbound connection (malware-cnc.rules) * 1:4675 <-> DISABLED <-> FILE-FLASH Adobe Flash DOACTION tag overflow attempt (file-flash.rules) * 1:46751 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46752 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.SynAck download attempt (malware-other.rules) * 1:46753 <-> DISABLED <-> SERVER-WEBAPP LG NAS login_check.php command injection attempt (server-webapp.rules) * 1:46754 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46755 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtUserSetImeInfoEx privilege escalation attempt (os-windows.rules) * 1:46758 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46759 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:4676 <-> DISABLED <-> SERVER-ORACLE Enterprise Manager Application Server Control web parameter overflow attempt (server-oracle.rules) * 1:46760 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-325 ShareCenter photocenter_mgr.cgi command injection attempt (server-webapp.rules) * 1:46763 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46764 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:46765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46767 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:4677 <-> DISABLED <-> SERVER-ORACLE Enterprise Manager Application Server Control GET parameter overflow attempt (server-oracle.rules) * 1:46773 <-> DISABLED <-> SERVER-WEBAPP Nagios XI SQL injection attempt (server-webapp.rules) * 1:46774 <-> DISABLED <-> SERVER-WEBAPP NagiosXI SQL injection attempt (server-webapp.rules) * 1:46775 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46776 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46777 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46778 <-> DISABLED <-> SERVER-WEBAPP Nagios XI command injection attempt (server-webapp.rules) * 1:46779 <-> DISABLED <-> SERVER-WEBAPP Nagios XI database settings modification attempt (server-webapp.rules) * 1:46781 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsHTMLDocument SetBody use-after-free attempt (browser-firefox.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46784 <-> DISABLED <-> SERVER-OTHER Pidgin MSN MSNP2P SLP message integer overflow attempt (server-other.rules) * 1:46785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy known malicious user-agent string (malware-cnc.rules) * 1:46786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Zebrocy initial outbound request (malware-cnc.rules) * 1:46787 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46788 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46789 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:4679 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file component name integer overflow multipacket attempt (file-multimedia.rules) * 1:46790 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.ZooPark outbound connection attempt (malware-cnc.rules) * 1:46791 <-> DISABLED <-> SERVER-WEBAPP Ruby Net FTP library command injection attempt (server-webapp.rules) * 1:46792 <-> ENABLED <-> MALWARE-CNC Outbound malicious vbscript attempt (malware-cnc.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46794 <-> ENABLED <-> OS-WINDOWS Malicious vbscript download attempt (os-windows.rules) * 1:46795 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper initial outbound connection (malware-cnc.rules) * 1:46796 <-> ENABLED <-> MALWARE-CNC Dharma ransomware dropper outbound connection (malware-cnc.rules) * 1:46797 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46798 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:46799 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:4680 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file component name integer overflow attempt (file-multimedia.rules) * 1:46800 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46801 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud snmp_mgr.cgi command injection attempt (server-webapp.rules) * 1:46802 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46803 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46804 <-> DISABLED <-> SERVER-WEBAPP Anti-Web directory traversal attempt (server-webapp.rules) * 1:46805 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46806 <-> ENABLED <-> SERVER-WEBAPP BA Systems BAS Web information disclosure attempt (server-webapp.rules) * 1:46807 <-> ENABLED <-> MALWARE-OTHER DNS request for known malware domain toknowall.com - Unix.Trojan.Vpnfilter (malware-other.rules) * 1:46808 <-> DISABLED <-> SERVER-WEBAPP PHP .phar cross site scripting attempt (server-webapp.rules) * 1:46809 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:46810 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader font enumeration use after free attempt (file-pdf.rules) * 1:46811 <-> ENABLED <-> FILE-OTHER Microsoft Windows Host Compute Service Shim remote code execution attempt (file-other.rules) * 1:46812 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules) * 1:46813 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds read attempt (file-other.rules) * 1:46814 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud login_mgr.cgi command injection attempt (server-webapp.rules) * 1:46815 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud login_mgr.cgi command injection attempt (server-webapp.rules) * 1:46816 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud login_mgr.cgi command injection attempt (server-webapp.rules) * 1:46817 <-> DISABLED <-> SERVER-WEBAPP FLIR Breakstream 2300 unauthenticated information disclosure attempt (server-webapp.rules) * 1:46818 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Satan outbound connection (malware-cnc.rules) * 1:46819 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Satan payload download (malware-other.rules) * 1:46820 <-> ENABLED <-> MALWARE-CNC Win.Downloader.QuantLoader variant outbound connection attempt (malware-cnc.rules) * 1:46821 <-> ENABLED <-> MALWARE-CNC Win.Trojan.N40 variant outbound connection (malware-cnc.rules) * 1:46822 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud raid_cgi.php arbitrary command execution attempt (server-webapp.rules) * 1:46823 <-> ENABLED <-> SERVER-WEBAPP Spring Security OAuth remote code execution attempt (server-webapp.rules) * 1:46824 <-> DISABLED <-> SERVER-WEBAPP DotNetNuke DreamSlider arbitrary file download attempt (server-webapp.rules) * 1:46825 <-> ENABLED <-> SERVER-WEBAPP Multiple products DVR admin password leak attempt (server-webapp.rules) * 1:46826 <-> DISABLED <-> SERVER-WEBAPP Multiple products DVR arbitrary command execution attempt (server-webapp.rules) * 1:46827 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dunihi outbound connection (malware-cnc.rules) * 1:46828 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-620 index.cgi command injection attempt (server-webapp.rules) * 1:46829 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-620 index.cgi command injection attempt (server-webapp.rules) * 1:46830 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel privilege escalation attempt (os-windows.rules) * 1:46831 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel privilege escalation attempt (os-windows.rules) * 1:46832 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ROP gadget locate attempt (os-windows.rules) * 1:46833 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ROP gadget locate attempt (os-windows.rules) * 1:46834 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel privilege escalation attempt (os-windows.rules) * 1:46835 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel privilege escalation attempt (os-windows.rules) * 1:46836 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Vega variant outbound connection detected (malware-cnc.rules) * 1:46837 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Vega variant outbound connection detected (malware-cnc.rules) * 1:46838 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vega variant outbound connection detected (malware-cnc.rules) * 1:46839 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves variant outbound connection (malware-cnc.rules) * 1:46840 <-> ENABLED <-> MALWARE-OTHER GPON exploit download attempt (malware-other.rules) * 1:46841 <-> ENABLED <-> MALWARE-OTHER GPON exploit download attempt (malware-other.rules) * 1:46842 <-> ENABLED <-> MALWARE-CNC GPON botnet outbound communication (malware-cnc.rules) * 1:46847 <-> DISABLED <-> OS-LINUX Red Hat NetworkManager DHCP client command injection attempt (os-linux.rules) * 1:46848 <-> DISABLED <-> INDICATOR-COMPROMISE Possible Samba internal DNS forged response (indicator-compromise.rules) * 1:46849 <-> DISABLED <-> SERVER-WEBAPP IBM QRadar SIEM command injection attempt (server-webapp.rules) * 1:46850 <-> DISABLED <-> SERVER-WEBAPP IBM QRadar SIEM ForensicsAnalysisServlet authentication bypass attempt (server-webapp.rules) * 1:46851 <-> DISABLED <-> SERVER-WEBAPP IBM QRadar SIEM command injection attempt (server-webapp.rules) * 1:46852 <-> DISABLED <-> SERVER-WEBAPP IBM QRadar SIEM command injection attempt (server-webapp.rules) * 1:46854 <-> DISABLED <-> BROWSER-OTHER Electron nodeIntegration bypass exploit attempt (browser-other.rules) * 1:46855 <-> DISABLED <-> BROWSER-OTHER Electron nodeIntegration bypass exploit attempt (browser-other.rules) * 1:46856 <-> ENABLED <-> FILE-PDF ADOBE ActiveX Browser Plugin client side request injection attempt (file-pdf.rules) * 1:46857 <-> ENABLED <-> FILE-PDF ADOBE ActiveX Browser Plugin client side request injection attempt (file-pdf.rules) * 1:46860 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud jqueryFileTree.php command injection attempt (server-webapp.rules) * 1:46861 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud jqueryFileTree.php command injection attempt (server-webapp.rules) * 1:46862 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud jqueryFileTree.php command injection attempt (server-webapp.rules) * 1:46863 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUBackupOptionSet SQL injection attempt (server-webapp.rules) * 1:46866 <-> DISABLED <-> SERVER-WEBAPP TYPO3 news module SQL injection attempt (server-webapp.rules) * 1:46871 <-> ENABLED <-> MALWARE-CNC Win.Dropper.NavRat payload download (malware-cnc.rules) * 1:46872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CowerSnail command and control response detected (malware-cnc.rules) * 1:46873 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CowerSnail initial outbound connection attempt (malware-cnc.rules) * 1:46874 <-> ENABLED <-> PUA-ADWARE Win.Pua.Softonic installer variant outbound connection (pua-adware.rules) * 1:46875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules) * 1:46876 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules) * 1:46878 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46879 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46880 <-> DISABLED <-> SERVER-OTHER BMC Server Automation RSCD Agent remote code execution attempt (server-other.rules) * 1:46881 <-> DISABLED <-> SERVER-WEBAPP Elasticsearch directory traversal attempt (server-webapp.rules) * 1:46885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Joanap variant outbound connection (malware-cnc.rules) * 1:46886 <-> DISABLED <-> SERVER-WEBAPP Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt (server-webapp.rules) * 1:46894 <-> ENABLED <-> MALWARE-CNC Vbs.Worm.SysinfY2X outbound beacon (malware-cnc.rules) * 1:46895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nocturnal outbound connection (malware-cnc.rules) * 1:46896 <-> DISABLED <-> SERVER-WEBAPP Joomla component GeoContent typename parameter cross site scripting attempt (server-webapp.rules) * 1:46898 <-> DISABLED <-> SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (server-webapp.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46917 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46918 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46920 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46921 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup Login.pm command injection attempt (server-webapp.rules) * 1:46922 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:46923 <-> ENABLED <-> SERVER-OTHER Mitsubishi Electric E-Designer Status_bit buffer overflow attempt (server-other.rules) * 1:46924 <-> ENABLED <-> SERVER-OTHER Mitsubishi Electric E-Designer Status_bit buffer overflow attempt (server-other.rules) * 1:46925 <-> ENABLED <-> SERVER-OTHER Mitsubishi Electric E-Designer font field buffer overflow attempt (server-other.rules) * 1:46926 <-> ENABLED <-> SERVER-OTHER Mitsubishi Electric E-Designer font field buffer overflow attempt (server-other.rules) * 1:46927 <-> ENABLED <-> BROWSER-IE Microsoft Edge ClipPath out of bounds write attempt (browser-ie.rules) * 1:46928 <-> ENABLED <-> BROWSER-IE Microsoft Edge ClipPath out of bounds write attempt (browser-ie.rules) * 1:46929 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion memory corruption attempt (browser-ie.rules) * 1:46930 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion memory corruption attempt (browser-ie.rules) * 1:46931 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46932 <-> DISABLED <-> INDICATOR-COMPROMISE dynamic Excel web query file download attempt (indicator-compromise.rules) * 1:46933 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:46934 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:46935 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNSAPI remote code execution attempt (os-windows.rules) * 1:46936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules) * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:46938 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:46939 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:46940 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed RTF memory corruption attempt (file-office.rules) * 1:46941 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word malformed RTF memory corruption attempt (file-office.rules) * 1:46942 <-> ENABLED <-> FILE-OTHER Microsoft Windows .lnk shortcut file executing system32 executable attempt (file-other.rules) * 1:46943 <-> ENABLED <-> FILE-OTHER Microsoft Windows .lnk shortcut file executing system32 executable attempt (file-other.rules) * 1:46944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:46945 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:46946 <-> ENABLED <-> MALWARE-CNC Js.Downloader.Cryptojacking miner download attempt (malware-cnc.rules) * 1:46947 <-> DISABLED <-> BROWSER-IE Microsoft Edge Media Foundation use-after-free attempt (browser-ie.rules) * 1:46948 <-> DISABLED <-> BROWSER-IE Microsoft Edge Media Foundation use-after-free attempt (browser-ie.rules) * 1:46949 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46950 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 JScript use-after-free attempt (browser-ie.rules) * 1:46952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 JScript use-after-free attempt (browser-ie.rules) * 1:46953 <-> ENABLED <-> OS-WINDOWS Microsoft OfficeHub object manager namespace privilege escalation attempt (os-windows.rules) * 1:46954 <-> ENABLED <-> OS-WINDOWS Microsoft OfficeHub object manager namespace privilege escalation attempt (os-windows.rules) * 1:46955 <-> DISABLED <-> OS-WINDOWS Windows 10 access control privilege escalation attempt (os-windows.rules) * 1:46956 <-> DISABLED <-> OS-WINDOWS Windows 10 access control privilege escalation attempt (os-windows.rules) * 1:46957 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:46958 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hidparse.sys privilege escalation attempt (os-windows.rules) * 1:46959 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DarkSeoul variant payload download (malware-cnc.rules) * 1:46960 <-> DISABLED <-> FILE-OTHER Adobe Flash Player AMF0 Shared Object integer overflow attempt (file-other.rules) * 1:46961 <-> DISABLED <-> OS-WINDOWS Windows Desktop Bridge privilege escalation attempt (os-windows.rules) * 1:46962 <-> DISABLED <-> OS-WINDOWS Windows Desktop Bridge privilege escalation attempt (os-windows.rules) * 1:46963 <-> ENABLED <-> MALWARE-CNC Win.Adware.Taplika toolbar download attempt (malware-cnc.rules) * 1:46964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ammyy RAT outbound connection (malware-cnc.rules) * 1:46965 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backswap self-signed certificate exchange (malware-cnc.rules) * 1:46966 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Danabot outbound connection (malware-cnc.rules) * 1:46967 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Danabot outbound connection (malware-cnc.rules) * 1:46968 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Danabot outbound connection (malware-cnc.rules) * 1:46969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autophyte dropper variant outbound connection (malware-cnc.rules) * 1:46970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autophyte RAT variant outbound connection (malware-cnc.rules) * 1:46971 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup UsersService.pm update method command injection attempt (server-webapp.rules) * 1:46972 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup UsersService.pm update method command injection attempt (server-webapp.rules) * 1:46973 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup UsersService.pm delete method command injection attempt (server-webapp.rules) * 1:46974 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup UsersService.pm update_pw method command injection attempt (server-webapp.rules) * 1:46975 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46976 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46977 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46978 <-> DISABLED <-> BROWSER-CHROME Google Chrome Crankshaft type confusion attempt (browser-chrome.rules) * 1:46979 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:46980 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Office Discovery User-Agent to a potential URL shortener service (indicator-compromise.rules) * 1:46981 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcus RAT inbound SSL certificate (malware-cnc.rules) * 1:46982 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup SchedulesService.pm command injection attempt (server-webapp.rules) * 1:46983 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner (indicator-compromise.rules) * 1:46984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoban RAT outbound connection (malware-cnc.rules) * 1:46985 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoban RAT outbound connection (malware-cnc.rules) * 1:46986 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Annabelle file download (malware-other.rules) * 1:46987 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Annabelle file download (malware-other.rules) * 1:46988 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:46990 <-> DISABLED <-> OS-OTHER Apple macOS and iOS fgetattrlist kernel heap overflow attempt (os-other.rules) * 1:46991 <-> DISABLED <-> OS-OTHER Apple macOS and iOS fgetattrlist kernel heap overflow attempt (os-other.rules) * 1:46997 <-> DISABLED <-> SERVER-WEBAPP XiongMai NVR login.htm buffer overflow attempt (server-webapp.rules) * 1:46998 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MnuBot variant outbound SQL connection (malware-cnc.rules) * 1:46999 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules) * 1:47000 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules) * 1:47001 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules) * 1:47002 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules) * 1:47005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:47007 <-> DISABLED <-> SERVER-WEBAPP Spring Web Flow arbitrary code exeuction attempt (server-webapp.rules) * 1:47015 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup PasswordService.pm command injection attempt (server-webapp.rules) * 1:47016 <-> ENABLED <-> MALWARE-CNC Win.Spyware.Invisimole CnC outbound connection (malware-cnc.rules) * 1:47017 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup CompressionService.pm command injection attempt (server-webapp.rules) * 1:47018 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:47019 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 __defineGetter__ memory corruption attempt (browser-chrome.rules) * 1:47020 <-> ENABLED <-> MALWARE-OTHER Portable Executable containing CoinHive download attempt (malware-other.rules) * 1:47021 <-> ENABLED <-> MALWARE-OTHER Portable Executable containing CoinHive download attempt (malware-other.rules) * 1:47022 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit memory corruption attempt (browser-webkit.rules) * 1:47023 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit memory corruption attempt (browser-webkit.rules) * 1:47024 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules) * 1:47025 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syndicasec variant outbound connection (malware-cnc.rules) * 1:47026 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection detected (malware-cnc.rules) * 1:47027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection detected (malware-cnc.rules) * 1:47030 <-> ENABLED <-> MALWARE-CNC Win.Malware.Innaput variant outbound connection (malware-cnc.rules) * 1:47031 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup LicenseService.pm command injection attempt (server-webapp.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47034 <-> DISABLED <-> EXPLOIT-KIT Sundown/Terror/Grandsoft/Magnitude exploit kit landing page detected (exploit-kit.rules) * 1:47038 <-> DISABLED <-> SERVER-WEBAPP TheWebForum cross site scripting attempt (server-webapp.rules) * 1:47041 <-> DISABLED <-> SERVER-WEBAPP Quest KACE Systems Management Appliance download_agent_installer.php command injection attempt (server-webapp.rules) * 1:47042 <-> DISABLED <-> SERVER-WEBAPP Quest KACE Systems Management Appliance download_agent_installer.php command injection attempt (server-webapp.rules) * 1:47043 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA user enumeration attempt (indicator-compromise.rules) * 1:47044 <-> DISABLED <-> INDICATOR-COMPROMISE Atvise SCADA privilege escalation attempt (indicator-compromise.rules) * 1:47045 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace null byte injection attempt (server-webapp.rules) * 1:47046 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace null byte injection attempt (server-webapp.rules) * 1:47047 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:47048 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules) * 1:47049 <-> DISABLED <-> SERVER-WEBAPP CA Unified Infrastructure Management download_lar servelet directory traversal attempt (server-webapp.rules) * 1:47050 <-> DISABLED <-> SERVER-WEBAPP CA Unified Infrastructure Management download_lar servelet directory traversal attempt (server-webapp.rules) * 1:47051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47052 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess arbitrary file deletion attempt (server-other.rules) * 1:47053 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules) * 1:47054 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules) * 1:47055 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:47057 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:47058 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:47059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:47060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-image.rules) * 1:47061 <-> DISABLED <-> SERVER-WEBAPP Apache Struts URL validator denial of service attempt (server-webapp.rules) * 1:47063 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed emf remote code execution attempt (file-office.rules) * 1:47064 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed emf remote code execution attempt (file-office.rules) * 1:47065 <-> DISABLED <-> BROWSER-IE Microsoft Edge array.join information disclosure attempt (browser-ie.rules) * 1:47066 <-> DISABLED <-> BROWSER-IE Microsoft Edge array.join information disclosure attempt (browser-ie.rules) * 1:47067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TechSupportScam installed binary outbound connection (malware-cnc.rules) * 1:47068 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TechSupportScam installed binary outbound connection (malware-cnc.rules) * 1:47069 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TechSupportScam installed binary outbound connection (malware-cnc.rules) * 1:47070 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:47071 <-> DISABLED <-> BROWSER-IE Microsoft Edge Cross Origin Request Sharing information leak attempt (browser-ie.rules) * 1:47072 <-> DISABLED <-> BROWSER-IE Microsoft Edge Cross Origin Request Sharing information leak attempt (browser-ie.rules) * 1:47073 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Smokeloader outbound response (malware-cnc.rules) * 1:47076 <-> ENABLED <-> MALWARE-CNC Powershell PRB backdoor initial outbound communication attempt (malware-cnc.rules) * 1:47077 <-> ENABLED <-> MALWARE-OTHER HTA script hidden window execution attempt (malware-other.rules) * 1:47078 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector command injection attempt (server-webapp.rules) * 1:47079 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector command injection attempt (server-webapp.rules) * 1:47080 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector command injection attempt (server-webapp.rules) * 1:47081 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Email Inspector command injection attempt (server-webapp.rules) * 1:47082 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47083 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:47084 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant connection attempt (malware-cnc.rules) * 1:47085 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess authentication bypass attempt attempt (server-webapp.rules) * 1:47086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TYPEFRAME malware download attempt (malware-cnc.rules) * 1:47087 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TYPEFRAME malware download attempt (malware-cnc.rules) * 1:47088 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TYPEFRAME malware download attempt (malware-cnc.rules) * 1:47089 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TYPEFRAME malware download attempt (malware-cnc.rules) * 1:47090 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TYPEFRAME malware download attempt (malware-cnc.rules) * 1:47091 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules) * 1:47092 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer crafted UNC path sandbox escape attempt (browser-ie.rules) * 1:47093 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47094 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47095 <-> DISABLED <-> PUA-ADWARE Win.Adware.Pbot variant outbound connection (pua-adware.rules) * 1:47096 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules) * 1:47097 <-> DISABLED <-> OS-WINDOWS Microsoft Windows xxxNextWindow NULL pointer dereference attempt (os-windows.rules) * 1:47098 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules) * 1:47099 <-> ENABLED <-> BROWSER-IE Microsoft Edge parseFloat type confusion attempt (browser-ie.rules) * 1:47100 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules) * 1:47101 <-> ENABLED <-> BROWSER-IE Microsoft Edge TryArraySplice memory corruption attempt (browser-ie.rules) * 1:47102 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules) * 1:47103 <-> ENABLED <-> BROWSER-IE Microsoft Edge Intl.js memory corruption attempt (browser-ie.rules) * 1:47104 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules) * 1:47105 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules) * 1:47106 <-> DISABLED <-> SERVER-WEBAPP LibreHealthIO LibreEHR directory traversal attempt (server-webapp.rules) * 1:47107 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules) * 1:47108 <-> ENABLED <-> BROWSER-IE Microsoft Edge event handling use-after-free attempt (browser-ie.rules) * 1:47109 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:47110 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:47111 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules) * 1:47112 <-> ENABLED <-> BROWSER-IE Microsoft Edge Form buffer overflow attempt (browser-ie.rules) * 1:47113 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:47114 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:47115 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47116 <-> DISABLED <-> SERVER-MAIL Zerofont phishing attempt (server-mail.rules) * 1:47117 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules) * 1:47118 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser memory corruption attempt (browser-ie.rules) * 1:47119 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:47120 <-> ENABLED <-> BROWSER-OTHER Microsoft Edge url spoofing attempt (browser-other.rules) * 1:47121 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:47122 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:47123 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules) * 1:47124 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules) * 1:47125 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules) * 1:47126 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS embedded JPEG with malformed copyright tag heap overflow attempt (file-other.rules) * 1:47127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47129 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:47130 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL heap overflow attempt (file-image.rules) * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules) * 1:47136 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller uninstall action arbitrary command execution attempt (server-webapp.rules) * 1:47137 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default token authentication attempt (server-webapp.rules) * 1:47138 <-> DISABLED <-> SERVER-WEBAPP HP VAN SDN Controller default credentials authentication attempt (server-webapp.rules) * 1:47139 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules) * 1:47140 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out-of-bounds read attempt (file-other.rules) * 1:47141 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:47142 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:47143 <-> DISABLED <-> FILE-OTHER Multiple Products SGI ZSIZE handling buffer overflow attempt (file-other.rules) * 1:47144 <-> DISABLED <-> FILE-OTHER Multiple Products SGI ZSIZE handling buffer overflow attempt (file-other.rules) * 1:47145 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup EmailRelayHostService.pm command injection attempt (server-webapp.rules) * 1:47146 <-> DISABLED <-> POLICY-OTHER Siemens SICAM PAS hard coded factory account usage attempt (policy-other.rules) * 1:47147 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:47149 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader removeLinks use after free attempt (file-pdf.rules) * 1:47150 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader removeLinks use after free attempt (file-pdf.rules) * 1:47151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTravelEntry use after free attempt (browser-ie.rules) * 1:47152 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTravelEntry use after free attempt (browser-ie.rules) * 1:47153 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47154 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47155 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize integer overflow attempt (server-webapp.rules) * 1:47156 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize integer overflow attempt (server-webapp.rules) * 1:47157 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:47158 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader jp2 out-of-bounds read attempt (file-image.rules) * 1:47159 <-> DISABLED <-> SERVER-WEBAPP Cognex VisionView directory traversal attempt (server-webapp.rules) * 1:47160 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:47161 <-> DISABLED <-> BROWSER-IE Microsoft Edge mutation event memory corruption attempt (browser-ie.rules) * 1:47162 <-> DISABLED <-> FILE-PDF Adobe Reader XFA nested subforms out-of-bounds read attempt (file-pdf.rules) * 1:47163 <-> DISABLED <-> FILE-PDF Adobe Reader XFA nested subforms out-of-bounds read attempt (file-pdf.rules) * 1:47164 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro HTML image input element use-after-free attempt (file-pdf.rules) * 1:47165 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro HTML image input element use-after-free attempt (file-pdf.rules) * 1:47167 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PageLabels heap buffer overflow attempt (file-pdf.rules) * 1:47168 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PageLabels heap buffer overflow attempt (file-pdf.rules) * 1:47169 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PageLabels heap buffer overflow attempt (file-pdf.rules) * 1:47170 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PageLabels heap buffer overflow attempt (file-pdf.rules) * 1:47171 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47172 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:47173 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47174 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47176 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound communication (malware-cnc.rules) * 1:47178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NukeSped RAT variant outbound connection (malware-cnc.rules) * 1:47179 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47180 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF invalid EmfPlusFillRects out-of-bounds read attempt (file-other.rules) * 1:47181 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47182 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file uninitialized pointer dereference attempt (file-other.rules) * 1:47183 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47184 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusFillRects type confusion attempt (file-other.rules) * 1:47185 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47186 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro EMF EmfPlusDrawLines heap overflow attempt (file-pdf.rules) * 1:47187 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47188 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader type confusion attempt (file-pdf.rules) * 1:47189 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47190 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47193 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47194 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF use-after-free attempt (file-other.rules) * 1:47195 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47196 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47197 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47198 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:47199 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47201 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel fileVersion use-after-free attempt (file-office.rules) * 1:47205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47206 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:47207 <-> DISABLED <-> SERVER-WEBAPP PHP phar extension remote code execution attempt (server-webapp.rules) * 1:47208 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47209 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47210 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47211 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EmfPlusDrawImagePoints heap overflow attempt (file-image.rules) * 1:47212 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47213 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript form field manipulation out-of-bounds read attempt (file-pdf.rules) * 1:47214 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47215 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation objects out-of-bounds read attempt (file-pdf.rules) * 1:47216 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageService.pm command injection attempt (server-webapp.rules) * 1:47217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS heap overflow attempt (file-other.rules) * 1:47219 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47220 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:47221 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47222 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript object prototype defineSetter out-of-bounds read attempt (file-pdf.rules) * 1:47223 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47224 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47225 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47226 <-> DISABLED <-> FILE-PDF Adobe Reader annotated page object out-of-bounds read attempt (file-pdf.rules) * 1:47227 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47228 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript annotation out of bound read attempt (file-pdf.rules) * 1:47229 <-> DISABLED <-> SERVER-WEBAPP Oracle PeopleSoft information disclosure attempt (server-webapp.rules) * 1:47230 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47231 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds write attempt (file-other.rules) * 1:47232 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47233 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47235 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankshot variant outbound connection (malware-cnc.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:47237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47238 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47243 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mylobot inbound connection (malware-cnc.rules) * 1:47244 <-> ENABLED <-> MALWARE-CNC Win.Malware.Ramnit outbound REGISTER_BOT beacon (malware-cnc.rules) * 1:47245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47246 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:47247 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47248 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro crafted GIF file out-of-bounds read attempt (file-image.rules) * 1:47249 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47250 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47251 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47252 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47253 <-> ENABLED <-> POLICY-OTHER cryptomining javascript client detected (policy-other.rules) * 1:47254 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47255 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47256 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47257 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47258 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47259 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47260 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47261 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47262 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47263 <-> DISABLED <-> FILE-OTHER Microsoft Excel malicious CSV code execution attempt (file-other.rules) * 1:47264 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47265 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ICLoader outbound connection (malware-cnc.rules) * 1:47266 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47267 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47268 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47269 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47270 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47271 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSL value-of select transformation out-of-bounds write attempt (file-pdf.rules) * 1:47274 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47275 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47276 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47277 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file PPDoc out-of-bounds read attempt (file-other.rules) * 1:47278 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Gandcrab variant network share encryption attempt (malware-other.rules) * 1:47279 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47280 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out-of-bounds read attempt (file-other.rules) * 1:47283 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47284 <-> DISABLED <-> FILE-OTHER Adobe Reader HTML to PDF conversion getMatchedCSSRules use-after-free attempt (file-other.rules) * 1:47287 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47288 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript XSLT parsing out-of-bounds read attempt (file-pdf.rules) * 1:47289 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47290 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript exportAsFDFStr out-of-bounds write attempt (file-pdf.rules) * 1:47291 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47293 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47294 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:47297 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader use-after-free attempt (file-pdf.rules) * 1:47298 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader use-after-free attempt (file-pdf.rules) * 1:47299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remcos variant outbound connection (malware-cnc.rules) * 1:47300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remcos variant inbound payload download (malware-cnc.rules) * 1:47301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remcos variant outbound connection (malware-cnc.rules) * 1:47302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remcos variant outbound connection (malware-cnc.rules) * 1:47303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remcos variant outbound connection (malware-cnc.rules) * 1:47304 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remcos variant outbound connection (malware-cnc.rules) * 1:47305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remcos variant outbound connection (malware-cnc.rules) * 1:47306 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules) * 1:47307 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Distiller PostScript pdfmark out-of-bounds write attempt (file-other.rules) * 1:47308 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules) * 1:47309 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF RegionNodeCount out-of-bounds write attempt (file-other.rules) * 1:47310 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:47311 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:47312 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47313 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47314 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:47315 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CEL out of bounds read attempt (file-image.rules) * 1:47316 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawPie out-of-bounds write attempt (file-other.rules) * 1:47317 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawPie out-of-bounds write attempt (file-other.rules) * 1:47318 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:47319 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds write attempt (file-pdf.rules) * 1:47320 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer beacon connection (malware-cnc.rules) * 1:47321 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer outbound connection (malware-cnc.rules) * 1:47322 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer outbound connection (malware-cnc.rules) * 1:47323 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer outbound connection (malware-cnc.rules) * 1:47324 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer compromised website (malware-cnc.rules) * 1:47325 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer compromised website (malware-cnc.rules) * 1:47326 <-> ENABLED <-> MALWARE-OTHER known malicious user-agent string - DanaBot (malware-other.rules) * 1:47327 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Luoxk malicious payload download attempt (malware-cnc.rules) * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules) * 1:47332 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:47333 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds write attempt (file-other.rules) * 1:47334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:47335 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:47338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ARS VBS loader outbound connection (malware-cnc.rules) * 1:47339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant outbound connection (malware-cnc.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules) * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47367 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules) * 1:47368 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro PSD malformed image data out-of-bounds write attempt (file-image.rules) * 1:47369 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:47370 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds memory access attempt (file-other.rules) * 1:47371 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSLT engine use after free attempt (file-pdf.rules) * 1:47372 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSLT engine use after free attempt (file-pdf.rules) * 1:47373 <-> ENABLED <-> MALWARE-CNC Win.Coinminer.PyroMineIoT outbound connection (malware-cnc.rules) * 1:47374 <-> ENABLED <-> MALWARE-CNC Win.Coinminer.PyroMineIoT outbound connection (malware-cnc.rules) * 1:47375 <-> ENABLED <-> MALWARE-CNC Win.Coinminer.PyroMineIoT outbound connection (malware-cnc.rules) * 1:47376 <-> ENABLED <-> MALWARE-CNC Win.Coinminer.PyroMineIoT outbound connection (malware-cnc.rules) * 1:47377 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter plugin variant connection attempt (malware-cnc.rules) * 1:47378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:47379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:47380 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.Agent variant download attempt (malware-other.rules) * 1:47381 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.Agent variant download attempt (malware-other.rules) * 1:47382 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:47383 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro use after free attempt (file-image.rules) * 1:47384 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47385 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro use after free attempt (file-other.rules) * 1:47386 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server unauthenticated modified JSP access attempt (server-webapp.rules) * 1:47387 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server potential unauthenticated reconnaissance attempt (server-webapp.rules) * 1:47388 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server potential precursor to keystore attack attempt (server-webapp.rules) * 1:47389 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server arbitrary JSP file upload attempt (server-webapp.rules) * 1:47390 <-> ENABLED <-> SERVER-WEBAPP Oracle WebLogic Server arbitrary JSP file upload attempt (server-webapp.rules) * 1:47391 <-> DISABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_network command injection attempt (server-webapp.rules) * 1:47392 <-> DISABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_network command injection attempt (server-webapp.rules) * 1:47393 <-> DISABLED <-> SERVER-WEBAPP QNAP QCenter API command injection attempt (server-webapp.rules) * 1:47396 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules) * 1:47397 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JPEG quantization table out-of-bounds write attempt (file-image.rules) * 1:47398 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:47399 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe outbound shell attempt (indicator-compromise.rules) * 1:474 <-> DISABLED <-> PROTOCOL-ICMP superscan echo (protocol-icmp.rules) * 1:47400 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft powershell.exe outbound shell attempt (indicator-compromise.rules) * 1:47401 <-> DISABLED <-> INDICATOR-OBFUSCATION ICMP HTTP tunneling attempt (indicator-obfuscation.rules) * 1:47402 <-> DISABLED <-> INDICATOR-OBFUSCATION FTP file upload over non-standard port attempt (indicator-obfuscation.rules) * 1:47413 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic T3 inbound connection detected (policy-other.rules) * 1:47414 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Calisto outbound connection (malware-cnc.rules) * 1:47415 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Calisto outbound connection (malware-cnc.rules) * 1:47416 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAcess Dashboard Viewer arbitrary file disclosure attempt (server-webapp.rules) * 1:47417 <-> ENABLED <-> PUA-ADWARE Slimware Utilities variant outbound connection (pua-adware.rules) * 1:47418 <-> ENABLED <-> PUA-ADWARE Slimware Utilities variant outbound connection (pua-adware.rules) * 1:47419 <-> DISABLED <-> SERVER-WEBAPP Easy Hosting Control Panel cross site scripting attempt (server-webapp.rules) * 1:47420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuping variant outbound connection (malware-cnc.rules) * 1:47421 <-> DISABLED <-> SERVER-WEBAPP Joomla Core com_fields cross site scripting attempt (server-webapp.rules) * 1:47422 <-> DISABLED <-> FILE-OTHER SAP GUI ABAP code arbitrary dll-load attempt (file-other.rules) * 1:47423 <-> DISABLED <-> SERVER-WEBAPP QNAP QCenter API date_config command injection attempt (server-webapp.rules) * 1:47424 <-> DISABLED <-> SERVER-WEBAPP Site Editor WordPress plugin local file access attempt (server-webapp.rules) * 1:47425 <-> DISABLED <-> SERVER-WEBAPP Raptr Plays.tv unauthenticated remote arbitrary file execution attempt (server-webapp.rules) * 1:47427 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mapoyun variant outbound connection attempt (malware-cnc.rules) * 1:47434 <-> DISABLED <-> MALWARE-CNC Win.Coinminer.HiddenShock variant outbound connection (malware-cnc.rules) * 1:47435 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID payload download (malware-cnc.rules) * 1:47436 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID outbound connection (malware-cnc.rules) * 1:47437 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server denial of service attempt (server-webapp.rules) * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules) * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules) * 1:47440 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules) * 1:47441 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules) * 1:47444 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47445 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47446 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47448 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47449 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47451 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules) * 1:47453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules) * 1:47454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules) * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules) * 1:47458 <-> DISABLED <-> SERVER-WEBAPP Zyxel EMG2926 command injection attempt (server-webapp.rules) * 1:47459 <-> DISABLED <-> SERVER-WEBAPP Zyxel EMG2926 command injection attempt (server-webapp.rules) * 1:47460 <-> DISABLED <-> SERVER-WEBAPP Zyxel EMG2926 command injection attempt (server-webapp.rules) * 1:47461 <-> DISABLED <-> BROWSER-PLUGINS CTSWebProxy ActiveX privilege escalation attempt (browser-plugins.rules) * 1:47462 <-> DISABLED <-> BROWSER-PLUGINS CTSWebProxy ActiveX privilege escalation attempt (browser-plugins.rules) * 1:47463 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer pre-line use after free attempt (browser-ie.rules) * 1:47464 <-> ENABLED <-> SERVER-WEBAPP CGit cgit_clone_objects function directory traversal attempt (server-webapp.rules) * 1:47465 <-> ENABLED <-> SERVER-WEBAPP CGit cgit_clone_objects function directory traversal attempt (server-webapp.rules) * 1:47466 <-> ENABLED <-> SERVER-WEBAPP CGit cgit_clone_objects function directory traversal attempt (server-webapp.rules) * 1:47467 <-> DISABLED <-> SERVER-WEBAPP Redaxo CMS addon SQL injection attempt (server-webapp.rules) * 1:47468 <-> DISABLED <-> SERVER-WEBAPP Redaxo CMS addon SQL injection attempt (server-webapp.rules) * 1:47469 <-> DISABLED <-> SERVER-WEBAPP Redaxo CMS addon SQL injection attempt (server-webapp.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:47471 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess gmicons.asp picfile arbitrary file upload attempt (server-webapp.rules) * 1:47472 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess gmicons.asp directory traversal attempt (server-webapp.rules) * 1:47473 <-> DISABLED <-> SERVER-WEBAPP Kodi playlist creation persistent cross site scripting attempt (server-webapp.rules) * 1:47474 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser redirection vulnerability attempt (browser-ie.rules) * 1:47475 <-> ENABLED <-> BROWSER-IE Microsoft Edge browser redirection vulnerability attempt (browser-ie.rules) * 1:47476 <-> ENABLED <-> FILE-OTHER Microsoft LNK remote code execution attempt (file-other.rules) * 1:47477 <-> ENABLED <-> FILE-OTHER Microsoft LNK remote code execution attempt (file-other.rules) * 1:47478 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Scripting Engine type confusion attempt (browser-ie.rules) * 1:47479 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Scripting Engine type confusion attempt (browser-ie.rules) * 1:47480 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:47481 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion vulnerability attempt (browser-ie.rules) * 1:47482 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint slide show type confusion attempt (file-office.rules) * 1:47483 <-> DISABLED <-> FILE-OFFICE Microsoft PowerPoint slide show type confusion attempt (file-office.rules) * 1:47484 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:47485 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:47486 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:47487 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:47488 <-> ENABLED <-> BROWSER-IE Microsoft Edge transform type confusion attempt (browser-ie.rules) * 1:47489 <-> ENABLED <-> BROWSER-IE Microsoft Edge transform type confusion attempt (browser-ie.rules) * 1:47490 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Scripting Engine memory corruption attempt (browser-ie.rules) * 1:47491 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Scripting Engine memory corruption attempt (browser-ie.rules) * 1:47492 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Scripting Engine localeCompare type confusion attempt (browser-ie.rules) * 1:47493 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Scripting Engine localeCompare type confusion attempt (browser-ie.rules) * 1:47494 <-> DISABLED <-> SERVER-WEBAPP Easy File Sharing stack buffer overflow attempt (server-webapp.rules) * 1:47495 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:47496 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel use after free attempt (file-office.rules) * 1:47497 <-> DISABLED <-> SERVER-WEBAPP Joomla CheckList extension SQL injection attempt (server-webapp.rules) * 1:47498 <-> DISABLED <-> SERVER-WEBAPP Joomla CheckList extension SQL injection attempt (server-webapp.rules) * 1:47499 <-> DISABLED <-> SERVER-WEBAPP TestLink Open Source Test Management PHP code injection attempt (server-webapp.rules) * 1:47500 <-> DISABLED <-> SERVER-WEBAPP TestLink Open Source Test Management PHP code injection attempt (server-webapp.rules) * 1:47501 <-> ENABLED <-> SERVER-WEBAPP Joomla ProjectLog search SQL injection attempt (server-webapp.rules) * 1:47502 <-> ENABLED <-> SERVER-WEBAPP Joomla ProjectLog search SQL injection attempt (server-webapp.rules) * 1:47503 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Win32k privilege escalation attempt (file-executable.rules) * 1:47504 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Win32k privilege escalation attempt (file-executable.rules) * 1:47505 <-> ENABLED <-> MALWARE-CNC Py.Malware.EvilOSX 404 Error Page Payload/Command Delivery (malware-cnc.rules) * 1:47506 <-> DISABLED <-> SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt (server-webapp.rules) * 1:47507 <-> DISABLED <-> SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt (server-webapp.rules) * 1:47508 <-> DISABLED <-> SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt (server-webapp.rules) * 1:47509 <-> DISABLED <-> SERVER-WEBAPP RoundCube WebMail IMAP command injection attempt (server-webapp.rules) * 1:47510 <-> DISABLED <-> SERVER-WEBAPP RoundCube WebMail IMAP command injection attempt (server-webapp.rules) * 1:47511 <-> ENABLED <-> MALWARE-CNC Win32.Backdoor.Ropindo variant outbound post detected (malware-cnc.rules) * 1:47512 <-> ENABLED <-> OS-WINDOWS Microsoft Windows D3D memory corruption attempt (os-windows.rules) * 1:47513 <-> ENABLED <-> OS-WINDOWS Microsoft Windows D3D memory corruption attempt (os-windows.rules) * 1:47514 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server checksession authentication bypass attempt (server-webapp.rules) * 1:47515 <-> ENABLED <-> OS-WINDOWS Microsoft Windows D3D memory corruption attempt (os-windows.rules) * 1:47516 <-> ENABLED <-> OS-WINDOWS Microsoft Windows D3D memory corruption attempt (os-windows.rules) * 1:47517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows D3D memory corruption attempt (os-windows.rules) * 1:47518 <-> ENABLED <-> OS-WINDOWS Microsoft Windows D3D memory corruption attempt (os-windows.rules) * 1:47519 <-> ENABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:47520 <-> ENABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:47525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Grobios outbound connection (malware-cnc.rules) * 1:47526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Grobios C2 inbound server command (malware-cnc.rules) * 1:47529 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed COMM ID3 frame out-of-bounds read attempt (file-multimedia.rules) * 1:47530 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed COMM ID3 frame out-of-bounds read attempt (file-multimedia.rules) * 1:47531 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47532 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47533 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed MP4-AVC out-of-bounds read attempt (file-multimedia.rules) * 1:47534 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player malformed MP4-AVC out-of-bounds read attempt (file-multimedia.rules) * 1:47535 <-> ENABLED <-> PUA-ADWARE Magic Downloader BHO variant outbound connection (pua-adware.rules) * 1:47536 <-> ENABLED <-> PUA-ADWARE Magic Downloader BHO variant outbound connection (pua-adware.rules) * 1:47537 <-> DISABLED <-> SERVER-WEBAPP Bacula-Web client-report.php SQL injection attempt (server-webapp.rules) * 1:47538 <-> DISABLED <-> SERVER-WEBAPP Bacula-Web jobs.php SQL injection attempt (server-webapp.rules) * 1:47539 <-> DISABLED <-> SERVER-WEBAPP Bacula-Web jobs.php SQL injection attempt (server-webapp.rules) * 1:4754 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP locator nsi_binding_lookup_begin overflow attempt (os-windows.rules) * 1:47540 <-> DISABLED <-> SERVER-WEBAPP Bacula-Web client-report.php SQL injection attempt (server-webapp.rules) * 1:47541 <-> DISABLED <-> SERVER-MAIL EHLO user overflow attempt (server-mail.rules) * 1:47542 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup StorageGroupService.pm command injection attempt (server-webapp.rules) * 1:47543 <-> DISABLED <-> SERVER-WEBAPP MicroFocus Secure Messaging Gateway enginelist.php SQL injection attempt (server-webapp.rules) * 1:47544 <-> DISABLED <-> SERVER-WEBAPP MicroFocus Secure Messaging Gateway enginelist.php SQL injection attempt (server-webapp.rules) * 1:47545 <-> DISABLED <-> SERVER-WEBAPP MicroFocus Secure Messaging Gateway command injection attempt (server-webapp.rules) * 1:47546 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keywsec variant outbound request detected (malware-cnc.rules) * 1:47547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keywsec variant post-compromise outbound request detected (malware-cnc.rules) * 1:47548 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keywsec variant outbound request for malicious dll exe and js detected (malware-cnc.rules) * 1:47549 <-> DISABLED <-> SERVER-WEBAPP Easy Hosting Control Panel action cross site scripting attempt (server-webapp.rules) * 1:4755 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP locator nsi_binding_lookup_begin overflow attempt (os-windows.rules) * 1:47550 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess SCADA SQL injection attempt (server-webapp.rules) * 1:47551 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess SCADA SQL injection attempt (server-webapp.rules) * 1:47552 <-> DISABLED <-> SERVER-WEBAPP Epic MyChart SQL injection attempt (server-webapp.rules) * 1:47553 <-> DISABLED <-> SERVER-WEBAPP Epic MyChart SQL injection attempt (server-webapp.rules) * 1:47554 <-> DISABLED <-> SERVER-WEBAPP Epic MyChart SQL injection attempt (server-webapp.rules) * 1:47555 <-> DISABLED <-> SERVER-WEBAPP Epic MyChart SQL injection attempt (server-webapp.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47558 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess CertUpdate directory traversal attempt (server-webapp.rules) * 1:47559 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess CertUpdate directory traversal attempt (server-webapp.rules) * 1:47560 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess CertUpdate directory traversal attempt (server-webapp.rules) * 1:47561 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.motion Builder directory traversal attempt (server-webapp.rules) * 1:47562 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.motion Builder directory traversal attempt (server-webapp.rules) * 1:47563 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.motion Builder directory traversal attempt (server-webapp.rules) * 1:47564 <-> DISABLED <-> PROTOCOL-TFTP NetGain Systems Enterprise Manager TFTP directory traversal attempt (protocol-tftp.rules) * 1:47565 <-> DISABLED <-> FILE-OFFICE LibreOffice WEBSERVICE arbitrary file disclosure attempt (file-office.rules) * 1:47566 <-> DISABLED <-> FILE-OFFICE LibreOffice WEBSERVICE arbitrary file disclosure attempt (file-office.rules) * 1:47567 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegost variant outbound connection (malware-cnc.rules) * 1:47568 <-> ENABLED <-> FILE-OFFICE Adobe Flash Player ActiveX security bypass attempt (file-office.rules) * 1:47569 <-> ENABLED <-> FILE-OFFICE Adobe Flash Player ActiveX security bypass attempt (file-office.rules) * 1:47574 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bound write attempt (file-pdf.rules) * 1:47575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bound write attempt (file-pdf.rules) * 1:47576 <-> DISABLED <-> SERVER-WEBAPP Cobub Razor channel name SQL injection attempt (server-webapp.rules) * 1:47577 <-> DISABLED <-> SERVER-WEBAPP Cobub Razor channel name SQL injection attempt (server-webapp.rules) * 1:47578 <-> DISABLED <-> SERVER-WEBAPP NetGain Systems Enterprise Manager directory traversal attempt (server-webapp.rules) * 1:47579 <-> DISABLED <-> SERVER-WEBAPP Joomla Aist id SQL injection attempt (server-webapp.rules) * 1:47580 <-> DISABLED <-> SERVER-WEBAPP Joomla Aist id SQL injection attempt (server-webapp.rules) * 1:47581 <-> DISABLED <-> SERVER-WEBAPP GitStack unauthenticated REST API add user attempt (server-webapp.rules) * 1:47582 <-> DISABLED <-> SERVER-WEBAPP GitStack unauthenticated REST API repository modification attempt (server-webapp.rules) * 1:47583 <-> DISABLED <-> SERVER-WEBAPP GitStack unauthenticated REST API repository modification attempt (server-webapp.rules) * 1:47584 <-> DISABLED <-> SERVER-WEBAPP Dolibarr Carte cross site scripting attempt (server-webapp.rules) * 1:47585 <-> DISABLED <-> SERVER-OTHER ntpq decode array buffer overflow attempt (server-other.rules) * 1:47586 <-> DISABLED <-> FILE-OTHER Info-ZIP UnZip heap buffer overflow attempt (file-other.rules) * 1:47587 <-> DISABLED <-> FILE-OTHER Info-ZIP UnZip heap buffer overflow attempt (file-other.rules) * 1:47588 <-> DISABLED <-> SERVER-WEBAPP Subsonic Subscribe to Podcast cross site scripting attempt (server-webapp.rules) * 1:47589 <-> DISABLED <-> SERVER-WEBAPP Subsonic Subscribe to Podcast cross site scripting attempt (server-webapp.rules) * 1:47590 <-> DISABLED <-> SERVER-WEBAPP Subsonic Subscribe to Podcast cross site scripting attempt (server-webapp.rules) * 1:47591 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules) * 1:47592 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules) * 1:47593 <-> ENABLED <-> MALWARE-CNC Fake PDFEscape font pack cryptominer (malware-cnc.rules) * 1:47594 <-> ENABLED <-> MALWARE-CNC Fake PDFEscape font pack cryptominer (malware-cnc.rules) * 1:47599 <-> DISABLED <-> SERVER-WEBAPP GitList searchTree git grep arbitrary command execution attempt (server-webapp.rules) * 1:476 <-> DISABLED <-> PROTOCOL-ICMP webtrends scanner (protocol-icmp.rules) * 1:47600 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waldek variant initial outbound connection detected (malware-cnc.rules) * 1:47601 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Betabot variant outbound connection detected (malware-cnc.rules) * 1:47602 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AzoRult variant outbound connection detected (malware-cnc.rules) * 1:47603 <-> DISABLED <-> SERVER-WEBAPP WordPress phar deserialization attempt (server-webapp.rules) * 1:47604 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Automation Allen-Bradley MicroLogix controller buffer overflow attempt (protocol-scada.rules) * 1:47605 <-> DISABLED <-> SERVER-WEBAPP Joomla Gridbox app cross site scripting attempt (server-webapp.rules) * 1:47606 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DiagnosticsService.pm command injection attempt (server-webapp.rules) * 1:47607 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard Viewer arbitrary file upload attempt (server-webapp.rules) * 1:47608 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard Viewer arbitrary file upload attempt (server-webapp.rules) * 1:47609 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard Viewer arbitrary file upload attempt (server-webapp.rules) * 1:47610 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard Viewer arbitrary file upload attempt (server-webapp.rules) * 1:47611 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:47612 <-> DISABLED <-> FILE-OTHER Easy MPEG to DVD Burner buffer overflow attempt (file-other.rules) * 1:47613 <-> ENABLED <-> SERVER-WEBAPP Joomla Proclaim biblestudy backup access attempt (server-webapp.rules) * 1:47614 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup ReplicationsService.pm command injection attempt (server-webapp.rules) * 1:47615 <-> DISABLED <-> SERVER-APACHE Apache Tika crafted HTTP header command injection attempt (server-apache.rules) * 1:47616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant download (malware-cnc.rules) * 1:47617 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant download (malware-cnc.rules) * 1:47618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:47619 <-> DISABLED <-> SERVER-WEBAPP Symfony HttpFoundation component potential security bypass attempt (server-webapp.rules) * 1:47620 <-> DISABLED <-> SERVER-WEBAPP Symfony HttpFoundation component potential security bypass attempt (server-webapp.rules) * 1:47621 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Princess variant outbound connection attempt (malware-cnc.rules) * 1:47622 <-> DISABLED <-> SERVER-WEBAPP Piltz PASvisu denial of service attempt (server-webapp.rules) * 1:47623 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG engine crafted symbol dictionary out-of-bounds read attempt (file-pdf.rules) * 1:47624 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG engine crafted symbol dictionary out-of-bounds read attempt (file-pdf.rules) * 1:47625 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47626 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader EMF path record out-of-bounds read attempt (file-other.rules) * 1:47627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KeyPass variant inbound connection attempt (malware-cnc.rules) * 1:47628 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules) * 1:47629 <-> ENABLED <-> FILE-OTHER Adobe Professional EMF embedded image heap overflow attempt (file-other.rules) * 1:47630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules) * 1:47631 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro untrusted pointer dereference attempt (file-other.rules) * 1:47634 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:47635 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules) * 1:47636 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules) * 1:47637 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules) * 1:47638 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra floating point type confusion attempt (browser-ie.rules) * 1:47639 <-> DISABLED <-> INDICATOR-OBFUSCATION DNS TXT response record tunneling (indicator-obfuscation.rules) * 1:47640 <-> DISABLED <-> SERVER-WEBAPP SSL certificate with null issuer rdnSequence fields detected (server-webapp.rules) * 1:47641 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules) * 1:47642 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules) * 1:47643 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules) * 1:47644 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules) * 1:47645 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules) * 1:47646 <-> DISABLED <-> SERVER-WEBAPP IceWarp Mail Server directory traversal attempt (server-webapp.rules) * 1:47647 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules) * 1:47648 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 symbol header out of bounds read attempt (file-pdf.rules) * 1:47649 <-> ENABLED <-> SERVER-WEBAPP Apache Struts remote code execution attempt (server-webapp.rules) * 1:47650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Marap outbound beacon detected (malware-cnc.rules) * 1:47651 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules) * 1:47652 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules) * 1:47653 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules) * 1:47654 <-> ENABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules) * 1:47655 <-> ENABLED <-> SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt (server-webapp.rules) * 1:47657 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules) * 1:47658 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules) * 1:47659 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules) * 1:47660 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage edit.php command injection attempt (server-webapp.rules) * 1:47661 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail encryptMessage prefs.php command injection attempt (server-webapp.rules) * 1:47662 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub ASP script injection attempt (server-webapp.rules) * 1:47664 <-> ENABLED <-> SERVER-WEBAPP Dicoogle directory traversal attempt (server-webapp.rules) * 1:47666 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG malformed adaptive template pixel out-of-bounds read attempt (file-pdf.rules) * 1:47667 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG malformed adaptive template pixel out-of-bounds read attempt (file-pdf.rules) * 1:47668 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin WP with Spritz remote file include attempt (server-webapp.rules) * 1:47669 <-> DISABLED <-> SERVER-WEBAPP Wordpress plugin WP with Spritz directory traversal attempt (server-webapp.rules) * 1:47670 <-> DISABLED <-> SERVER-WEBAPP LSIS wXP arbitrary file upload attempt (server-webapp.rules) * 1:47671 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup EmailAlertsService.pm command injection attempt (server-webapp.rules) * 1:47672 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS logtable.php command injection attempt (server-webapp.rules) * 1:47673 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup NetworkInterfaceService.pm command injection attempt (server-webapp.rules) * 1:47674 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup EncryptionService.pm command injection attempt (server-webapp.rules) * 1:47675 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub SQL injection attempt (server-webapp.rules) * 1:47676 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub SQL injection attempt (server-webapp.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:47682 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules) * 1:47683 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusRegionNodePath out of bounds read attempt (file-other.rules) * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules) * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules) * 1:47689 <-> ENABLED <-> SERVER-APACHE Apache Struts java.net.Socket class access attempt (server-apache.rules) * 1:47690 <-> ENABLED <-> SERVER-APACHE Apache Struts java.lang.ProcessBuilder class access attempt (server-apache.rules) * 1:47691 <-> DISABLED <-> SERVER-APACHE Apache Struts ognl remote code execution attempt (server-apache.rules) * 1:47692 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Shrug2 outbound connection (malware-cnc.rules) * 1:47693 <-> DISABLED <-> SERVER-WEBAPP Manage Engine Recovery Manager cross site scripting attempt (server-webapp.rules) * 1:47694 <-> DISABLED <-> SERVER-WEBAPP Manage Engine Recovery Manager cross site scripting attempt (server-webapp.rules) * 1:47695 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Downloader.Powload (malware-cnc.rules) * 1:47696 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Downloader.Powload (malware-cnc.rules) * 1:47697 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Downloader.Powload (malware-cnc.rules) * 1:47699 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG malformed data out-of-bounds read attempt (file-pdf.rules) * 1:47700 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG malformed data out-of-bounds read attempt (file-pdf.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:47702 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ALPC task scheduler local privilege escalation attempt (os-windows.rules) * 1:47703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ALPC task scheduler local privilege escalation attempt (os-windows.rules) * 1:47708 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fallchill variant outbound connection (malware-cnc.rules) * 1:47712 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup CloudPortalService.pm command injection attempt (server-webapp.rules) * 1:47717 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:47718 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:47723 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.MysteryBot outbound connection (malware-cnc.rules) * 1:47724 <-> DISABLED <-> SERVER-OTHER Memcached DDoS attempt (server-other.rules) * 1:47725 <-> DISABLED <-> SERVER-OTHER Memcached DDoS attempt (server-other.rules) * 1:47726 <-> DISABLED <-> SERVER-OTHER Memcached DDoS attempt (server-other.rules) * 1:47730 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:47731 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:47732 <-> DISABLED <-> BROWSER-IE Microsoft Edge empty prototype use-after-free attempt (browser-ie.rules) * 1:47733 <-> DISABLED <-> BROWSER-IE Microsoft Edge empty prototype use-after-free attempt (browser-ie.rules) * 1:47734 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra engine use after free exploit attempt (browser-ie.rules) * 1:47735 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra engine use after free exploit attempt (browser-ie.rules) * 1:47736 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion memory corruption attempt (browser-ie.rules) * 1:47737 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion memory corruption attempt (browser-ie.rules) * 1:47738 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:47739 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:47740 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Device Guard bypass attempt (os-windows.rules) * 1:47741 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Device Guard bypass attempt (os-windows.rules) * 1:47742 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion code execution attempt (browser-ie.rules) * 1:47743 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion code execution attempt (browser-ie.rules) * 1:47744 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup CustomerPortalService.pm command injection attempt (server-webapp.rules) * 1:47745 <-> DISABLED <-> OS-WINDOWS Microsoft Windows predefined registry keys double free attempt (os-windows.rules) * 1:47746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows predefined registry keys double free attempt (os-windows.rules) * 1:47747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML use after free attempt (browser-ie.rules) * 1:47748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML use after free attempt (browser-ie.rules) * 1:47761 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe open redirect attempt (browser-ie.rules) * 1:47764 <-> ENABLED <-> FILE-IMAGE Microsoft Windows malformed TIFF remote code execution attempt (file-image.rules) * 1:47765 <-> ENABLED <-> FILE-IMAGE Microsoft Windows malformed TIFF remote code execution attempt (file-image.rules) * 1:47766 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.GandCrab outbound connection (malware-cnc.rules) * 1:47767 <-> DISABLED <-> SERVER-WEBAPP ClipBucket file_uploader command injection attempt (server-webapp.rules) * 1:47768 <-> DISABLED <-> SERVER-WEBAPP ClipBucket beats_uploader arbitrary PHP file upload attempt (server-webapp.rules) * 1:47769 <-> DISABLED <-> SERVER-WEBAPP ClipBucket photo_uploader arbitrary PHP file upload attempt (server-webapp.rules) * 1:47770 <-> DISABLED <-> SERVER-WEBAPP ClipBucket edit_account arbitrary PHP file upload attempt (server-webapp.rules) * 1:47771 <-> DISABLED <-> SERVER-WEBAPP ClipBucket vote_channel SQL injection attempt (server-webapp.rules) * 1:47772 <-> DISABLED <-> SERVER-WEBAPP ClipBucket commonAjax SQL injection attempt (server-webapp.rules) * 1:47773 <-> ENABLED <-> MALWARE-CNC Win32.Backdoor.Turla variant outbound connection (malware-cnc.rules) * 1:47774 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro malformed embedded TTF file memory corruption attempt (file-pdf.rules) * 1:47775 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro malformed embedded TTF file memory corruption attempt (file-pdf.rules) * 1:47776 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro malformed embedded TTF file memory corruption attempt (file-pdf.rules) * 1:47777 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro malformed embedded TTF file memory corruption attempt (file-pdf.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47788 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47789 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47790 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway cross site scripting attempt (server-webapp.rules) * 1:47791 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway cross site scripting attempt (server-webapp.rules) * 1:47792 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway cross site scripting attempt (server-webapp.rules) * 1:47793 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway cross site scripting attempt (server-webapp.rules) * 1:47794 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47795 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47796 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47797 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47798 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway XML external entity injection attempt (server-webapp.rules) * 1:47799 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47800 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt (server-webapp.rules) * 1:47810 <-> DISABLED <-> SERVER-WEBAPP Oracle Glassfish unauthenticated directory traversal attempt (server-webapp.rules) * 1:47812 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:47813 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (server-webapp.rules) * 1:47814 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (server-webapp.rules) * 1:47815 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet directory traversal attempt (server-webapp.rules) * 1:47816 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:47817 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47818 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47819 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47822 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan outbound attempt (malware-cnc.rules) * 1:47823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules) * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules) * 1:47829 <-> ENABLED <-> SERVER-OTHER JBoss Richfaces expression language injection attempt (server-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47831 <-> DISABLED <-> SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (server-webapp.rules) * 1:47832 <-> DISABLED <-> SERVER-WEBAPP WordPress Responsive Thumbnail Slider arbitrary PHP file upload attempt (server-webapp.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47836 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47843 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Adwind variant outbound connection (malware-cnc.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47850 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (os-windows.rules) * 1:47851 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (os-windows.rules) * 1:47852 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules) * 1:47853 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro HTML invalid pointer offset out-of-bounds read attempt (file-other.rules) * 1:47854 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules) * 1:47855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat HTML invalid pointer out-of-bounds read attempt (file-other.rules) * 1:47856 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules) * 1:47857 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file object out of bounds write attempt (file-image.rules) * 1:47858 <-> DISABLED <-> SERVER-WEBAPP Joomla CW Tags Searchtext SQL injection attempt (server-webapp.rules) * 1:47859 <-> DISABLED <-> SERVER-WEBAPP Joomla CW Tags Searchtext SQL injection attempt (server-webapp.rules) * 1:47860 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules) * 1:47861 <-> DISABLED <-> SERVER-WEBAPP Opsview Web Management Console testnotification command injection attempt (server-webapp.rules) * 1:47863 <-> DISABLED <-> SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt (server-webapp.rules) * 1:47864 <-> DISABLED <-> SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt (server-webapp.rules) * 1:47865 <-> DISABLED <-> SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt (server-webapp.rules) * 1:47866 <-> ENABLED <-> MALWARE-OTHER Html.Dropper.Xbash variant obfuscated powershell invocation (malware-other.rules) * 1:47867 <-> ENABLED <-> MALWARE-OTHER Html.Dropper.Xbash variant obfuscated powershell invocation (malware-other.rules) * 1:47868 <-> ENABLED <-> MALWARE-OTHER Img.Trojan.Xbash variant PNG file with an embedded Windows executable (malware-other.rules) * 1:47869 <-> ENABLED <-> MALWARE-OTHER Img.Trojan.Xbash variant PNG file with an embedded Windows executable (malware-other.rules) * 1:47870 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47871 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47872 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47873 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script (malware-other.rules) * 1:47874 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:47875 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF ALPHABLEND heap overflow attempt (file-image.rules) * 1:47876 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.AnubisCrypt variant outbound post detected (malware-cnc.rules) * 1:47877 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.AnubisCrypt variant outbound post detected (malware-cnc.rules) * 1:47881 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:47882 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:47883 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:47884 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF image conversion memory corruption attempt (file-other.rules) * 1:47885 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:47886 <-> DISABLED <-> FILE-OTHER Microsoft Windows JET Database Engine out-of-bounds write attempt (file-other.rules) * 1:47887 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules) * 1:47888 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows JET Database Engine ActiveX clsid access attempt (browser-plugins.rules) * 1:47889 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:47890 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:47891 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules) * 1:47892 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMFPlusPath object out of bounds read attempt (file-image.rules) * 1:47895 <-> DISABLED <-> BROWSER-PLUGINS Tor Browser 7.x NoScript secure mode bypass attempt (browser-plugins.rules) * 1:47896 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:47897 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon buffer overflow attempt (server-other.rules) * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules) * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules) * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules) * 1:47901 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CobInt outbound connection (malware-cnc.rules) * 1:47902 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CobInt outbound connection (malware-cnc.rules) * 1:47903 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CobInt outbound connection (malware-cnc.rules) * 1:47904 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CobInt outbound connection (malware-cnc.rules) * 1:47905 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CobInt outbound connection (malware-cnc.rules) * 1:47906 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CobInt outbound connection (malware-cnc.rules) * 1:47907 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47908 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMR_STRETCHDIBITS out-of-bounds write attempt (file-image.rules) * 1:47911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules) * 1:47912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader EMF file JPEG Huffman table heap overflow attempt (file-image.rules) * 1:47913 <-> ENABLED <-> POLICY-OTHER Magecart redirect page detected (policy-other.rules) * 1:47914 <-> ENABLED <-> POLICY-OTHER Magecart js page injection attempt (policy-other.rules) * 1:47915 <-> ENABLED <-> POLICY-OTHER Magecart js page injection attempt (policy-other.rules) * 1:47920 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules) * 1:47921 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules) * 1:47922 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules) * 1:47923 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF out of bounds read attempt (file-pdf.rules) * 1:47924 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules) * 1:47925 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript annotation object rotation use-after-free attempt (file-pdf.rules) * 1:47926 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules) * 1:47927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules) * 1:47928 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules) * 1:47929 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript endInitiatorMailOperation heap overflow attempt (file-pdf.rules) * 1:47930 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules) * 1:47931 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine heap overflow attempt (file-pdf.rules) * 1:47932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules) * 1:47933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D Engine untrusted pointer dereference attempt (file-image.rules) * 1:47934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant outbound connection (malware-cnc.rules) * 1:47935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules) * 1:47936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSDownloader variant download (malware-cnc.rules) * 1:47937 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules) * 1:47938 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader rendering engine use-after-free attempt (file-pdf.rules) * 1:47939 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:47940 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF+ GIF parsing out of bounds read attempt (file-image.rules) * 1:47941 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules) * 1:47942 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS heap overflow attempt (file-image.rules) * 1:47943 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:47944 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Distiller PostScript stack overflow attempt (file-image.rules) * 1:47945 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules) * 1:47946 <-> DISABLED <-> FILE-PDF Adobe Acrobat Distiller invalid Keywords tag double free attempt (file-pdf.rules) * 1:47947 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules) * 1:47948 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript Engine use after free attempt (file-pdf.rules) * 1:47949 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:47950 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:47951 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules) * 1:47952 <-> DISABLED <-> FILE-OTHER Adobe Distiller PostScript conversion heap overflow attempt (file-other.rules) * 1:47953 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules) * 1:47954 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules) * 1:47955 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules) * 1:47956 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF tag entry out of bounds read attempt (file-image.rules) * 1:47957 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules) * 1:47958 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawDriverString malformed GlyphCount value integer overflow attempt (file-other.rules) * 1:47959 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules) * 1:47960 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules) * 1:47961 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:47962 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusDrawBeziers out of bounds write attempt (file-other.rules) * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules) * 1:47965 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules) * 1:47966 <-> DISABLED <-> FILE-PDF Adobe Reader getProps Javascript heap overflow attempt (file-pdf.rules) * 1:47967 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules) * 1:47968 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules) * 1:47969 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules) * 1:47970 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPEG2000 out of bounds read attempt (file-pdf.rules) * 1:47971 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:47972 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:47973 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules) * 1:47974 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript engine use after free attempt (file-pdf.rules) * 1:47975 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules) * 1:47976 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF memory corruption attempt (file-other.rules) * 1:47977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules) * 1:47978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro heap overflow attempt (file-pdf.rules) * 1:47979 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:47980 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:47981 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:47982 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:47983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules) * 1:47984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out-of-bounds read attempt (file-other.rules) * 1:47985 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules) * 1:47986 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS out-of-bounds write attempt (file-other.rules) * 1:47987 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:47988 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:47989 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:47990 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:47991 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules) * 1:47992 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF engine type confusion attempt (file-image.rules) * 1:47993 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47994 <-> ENABLED <-> FILE-OTHER Acrobat Adobe Pro XPS out-of-bounds read attempt (file-other.rules) * 1:47995 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules) * 1:47996 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds write attempt (file-image.rules) * 1:47997 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules) * 1:47998 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF pointer out of bounds read attempt (file-image.rules) * 1:480 <-> DISABLED <-> PROTOCOL-ICMP PING speedera (protocol-icmp.rules) * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules) * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules) * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules) * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules) * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules) * 1:48011 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48012 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48013 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48014 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules) * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules) * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules) * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules) * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules) * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules) * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules) * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules) * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules) * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules) * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules) * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules) * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules) * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules) * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules) * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules) * 1:48045 <-> DISABLED <-> BROWSER-IE Microsoft Edge DomAttrModified use after free attempt (browser-ie.rules) * 1:48046 <-> DISABLED <-> BROWSER-IE Microsoft Edge DomAttrModified use after free attempt (browser-ie.rules) * 1:48047 <-> DISABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl.sys kernel memory information leak attempt (os-windows.rules) * 1:48048 <-> DISABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl.sys kernel memory information leak attempt (os-windows.rules) * 1:48049 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer import key use-after-free attempt (browser-ie.rules) * 1:48050 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer import key use-after-free attempt (browser-ie.rules) * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules) * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules) * 1:48053 <-> ENABLED <-> BROWSER-IE Microsoft Edge App-v vbs command attempt (browser-ie.rules) * 1:48054 <-> ENABLED <-> BROWSER-IE Microsoft Edge App-v vbs command attempt (browser-ie.rules) * 1:48056 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (os-windows.rules) * 1:48057 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows NTFS privilege escalation attempt (file-executable.rules) * 1:48058 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows NTFS privilege escalation attempt (file-executable.rules) * 1:48059 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed .themepack Theme API remote code execution attempt (file-other.rules) * 1:48060 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed .themepack Theme API remote code execution attempt (file-other.rules) * 1:48061 <-> DISABLED <-> SERVER-WEBAPP pfSense status_interfaces.php command injection attempt (server-webapp.rules) * 1:48062 <-> DISABLED <-> FILE-OTHER Microsoft Powershell XML instantiation constrained language mode bypass attempt (file-other.rules) * 1:48063 <-> DISABLED <-> FILE-OTHER Microsoft Powershell XML instantiation constrained language mode bypass attempt (file-other.rules) * 1:48064 <-> DISABLED <-> SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt (server-webapp.rules) * 1:48065 <-> DISABLED <-> SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt (server-webapp.rules) * 1:48070 <-> DISABLED <-> SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt (server-webapp.rules) * 1:48071 <-> DISABLED <-> SERVER-WEBAPP WP plugin Wechat Broadcast remote file inclusion attempt (server-webapp.rules) * 1:48072 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (os-windows.rules) * 1:48073 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys privilege escalation attempt (os-windows.rules) * 1:48074 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules) * 1:48075 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds read attempt (file-other.rules) * 1:48076 <-> DISABLED <-> PUA-ADWARE Win.Adware.Wajam variant outbound connection (pua-adware.rules) * 1:48077 <-> DISABLED <-> PUA-ADWARE Win.Adware.Wajam variant outbound connection (pua-adware.rules) * 1:48078 <-> DISABLED <-> PUA-ADWARE Win.Adware.OneSystemCare download attempt (pua-adware.rules) * 1:48079 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection (malware-cnc.rules) * 1:48080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection (malware-cnc.rules) * 1:48081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound connection (malware-cnc.rules) * 1:48082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent download attempt (malware-cnc.rules) * 1:48083 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48087 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48088 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48089 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48090 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48091 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48092 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirageFox variant outbound connection (malware-cnc.rules) * 1:48093 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MirageFox variant outbound connection (malware-cnc.rules) * 1:48094 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server directory traversal attempt (server-webapp.rules) * 1:48095 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server directory traversal attempt (server-webapp.rules) * 1:48096 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server directory traversal attempt (server-webapp.rules) * 1:48097 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt (server-webapp.rules) * 1:48098 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt (server-webapp.rules) * 1:48099 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt (server-webapp.rules) * 1:481 <-> DISABLED <-> PROTOCOL-ICMP TJPingPro1.1Build 2 Windows (protocol-icmp.rules) * 1:48100 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG Huffman table memory corruption attempt (file-pdf.rules) * 1:48101 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG Huffman table memory corruption attempt (file-pdf.rules) * 1:48102 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG Huffman table memory corruption attempt (file-pdf.rules) * 1:48103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JPEG Huffman table memory corruption attempt (file-pdf.rules) * 1:48104 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple arbitrary PHP file upload attempt (server-webapp.rules) * 1:48105 <-> ENABLED <-> FILE-MULTIMEDIA libvorbis VORBIS audio data out of bounds write attempt (file-multimedia.rules) * 1:48106 <-> ENABLED <-> FILE-MULTIMEDIA libvorbis VORBIS audio data out of bounds write attempt (file-multimedia.rules) * 1:48107 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules) * 1:48108 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file out-of-bounds write attempt (file-other.rules) * 1:48109 <-> DISABLED <-> SERVER-OTHER Aktakom oscilloscope denial of service attempt (server-other.rules) * 1:48110 <-> DISABLED <-> FILE-PDF Foxit Reader uninitialized pointer leak attempt (file-pdf.rules) * 1:48111 <-> DISABLED <-> FILE-PDF Foxit Reader text annotations use after free attempt (file-pdf.rules) * 1:48112 <-> DISABLED <-> FILE-PDF Foxit Reader uninitialized pointer leak attempt (file-pdf.rules) * 1:48113 <-> DISABLED <-> FILE-PDF Foxit Reader text annotations use after free attempt (file-pdf.rules) * 1:48114 <-> DISABLED <-> SERVER-OTHER Delta Industrial Automation Robot DRAStudio Arbitrary File Disclosure attempt (server-other.rules) * 1:48115 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ITranslator variant outbound connection (malware-cnc.rules) * 1:48116 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ITranslator variant outbound connection (malware-cnc.rules) * 1:48117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ITranslator variant outbound connection (malware-cnc.rules) * 1:48118 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ITranslator variant outbound connection (malware-cnc.rules) * 1:48119 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ITranslator variant outbound connection (malware-cnc.rules) * 1:48120 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ITranslator variant outbound connection (malware-cnc.rules) * 1:48121 <-> DISABLED <-> SERVER-OTHER LSIS wXP Denial of Service attempt (server-other.rules) * 1:48122 <-> ENABLED <-> FILE-OTHER Microsoft .NET Resources file remote code execution attempt (file-other.rules) * 1:48123 <-> ENABLED <-> FILE-OTHER Microsoft .NET Resources file remote code execution attempt (file-other.rules) * 1:48124 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules) * 1:48125 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF ImageConversion out-of-bounds write attempt (file-other.rules) * 1:48126 <-> DISABLED <-> SERVER-WEBAPP Joomba component Timetable Schedule 3.6.8 SQL injection attempt (server-webapp.rules) * 1:48127 <-> DISABLED <-> SERVER-OTHER Reliance SCADA Control Server Denial of Service attempt (server-other.rules) * 1:48128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:48129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:48130 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48131 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48132 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48133 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48134 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:48135 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat SGI parsing out of bounds read attempt (file-image.rules) * 1:48136 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SYLK file arbitrary code execution attempt (file-office.rules) * 1:48137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SYLK file arbitrary code execution attempt (file-office.rules) * 1:48138 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SYLK file arbitrary code execution attempt (file-office.rules) * 1:48139 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SYLK file arbitrary code execution attempt (file-office.rules) * 1:48140 <-> ENABLED <-> MALWARE-CNC Win.Downloader.XAgent variant outbound connection (malware-cnc.rules) * 1:48141 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48142 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48143 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt (server-webapp.rules) * 1:48144 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48145 <-> DISABLED <-> FILE-OTHER McAfee True Key dll-load exploit attempt (file-other.rules) * 1:48146 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip variant runtime detection (malware-backdoor.rules) * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48150 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules) * 1:48151 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48152 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic malicious file download (malware-cnc.rules) * 1:48153 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48154 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48155 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48156 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48157 <-> ENABLED <-> MALWARE-CNC JS.Trojan.Generic variant outbound connection (malware-cnc.rules) * 1:48158 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48159 <-> DISABLED <-> FILE-OTHER WECON LeviStudio UMP file stack buffer overflow attempt (file-other.rules) * 1:48160 <-> DISABLED <-> POLICY-OTHER Infrasightlabs vScopeServer admin user creation attempt (policy-other.rules) * 1:48161 <-> DISABLED <-> SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt (server-webapp.rules) * 1:48162 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48163 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox escape attempt (browser-ie.rules) * 1:48164 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:48165 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48166 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt (server-webapp.rules) * 1:48167 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48168 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48169 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48170 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48171 <-> DISABLED <-> SERVER-WEBAPP Joomla Component eXtroForms SQL injection attempt (server-webapp.rules) * 1:48172 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt (server-webapp.rules) * 1:48173 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt (server-webapp.rules) * 1:48174 <-> ENABLED <-> SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt (server-webapp.rules) * 1:48175 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GhostPuppet malicious document download attempt (malware-cnc.rules) * 1:48176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GhostPuppet malicious document download attempt (malware-cnc.rules) * 1:48177 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess SQL injection attempt (server-webapp.rules) * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules) * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:48191 <-> ENABLED <-> MALWARE-CNC Linux.Malware.Torii variant malicious file download (malware-cnc.rules) * 1:48192 <-> ENABLED <-> MALWARE-CNC Unix.Worm.Hakai outbound connection (malware-cnc.rules) * 1:48193 <-> DISABLED <-> SERVER-WEBAPP Joomba component AlphaIndex Dictionaries SQL injection attempt (server-webapp.rules) * 1:48194 <-> DISABLED <-> SERVER-WEBAPP Joomba component AlphaIndex Dictionaries SQL injection attempt (server-webapp.rules) * 1:48195 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Collection Factory SQL injection attempt (server-webapp.rules) * 1:48196 <-> DISABLED <-> SERVER-WEBAPP Joomla component Reverse Auction Factory SQL injection attempt (server-webapp.rules) * 1:48197 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Datper variant outbound request detected (malware-cnc.rules) * 1:48198 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Datper variant outbound request detected (malware-cnc.rules) * 1:48199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi variant outbound request detected (malware-cnc.rules) * 1:482 <-> DISABLED <-> PROTOCOL-ICMP PING WhatsupGold Windows (protocol-icmp.rules) * 1:48202 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules) * 1:48203 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Xamaria variant outbound connection (malware-cnc.rules) * 1:48205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Filter Manager Elevation Of Privilege attempt (os-windows.rules) * 1:48206 <-> DISABLED <-> SERVER-WEBAPP Netgear WNAP devices boardData command injection attempt (server-webapp.rules) * 1:48207 <-> DISABLED <-> SERVER-WEBAPP Netgear WNAP devices boardData command injection attempt (server-webapp.rules) * 1:48208 <-> DISABLED <-> SERVER-WEBAPP Netgear WNAP devices boardData command injection attempt (server-webapp.rules) * 1:48211 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48212 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro out-of-bounds write attempt (file-pdf.rules) * 1:48215 <-> DISABLED <-> SERVER-WEBAPP Webport SQL injection attempt (server-webapp.rules) * 1:48216 <-> DISABLED <-> SERVER-WEBAPP Webport SQL injection attempt (server-webapp.rules) * 1:48217 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules) * 1:48218 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader U3D engine memory corruption attempt (file-other.rules) * 1:48219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules) * 1:48220 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro JPEG Huffman table memory corruption attempt (file-image.rules) * 1:48221 <-> DISABLED <-> SERVER-OTHER Oracle MySQL uninitialized variable remote code execution attempt (server-other.rules) * 1:48222 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48223 <-> DISABLED <-> FILE-PDF Foxit Reader and PhantomPDF use after free exploitation attempt (file-pdf.rules) * 1:48224 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:48225 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sandbox escape attempt (browser-firefox.rules) * 1:48226 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JavaScript annotations use after free attempt (file-pdf.rules) * 1:48227 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JavaScript annotations use after free attempt (file-pdf.rules) * 1:48228 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC create_user.cgi command injection attempt (server-webapp.rules) * 1:48229 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC create_user.cgi command injection attempt (server-webapp.rules) * 1:48230 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC create_user.cgi command injection attempt (server-webapp.rules) * 1:48231 <-> DISABLED <-> SERVER-WEBAPP Apache Syncope XSL transform code injection attempt (server-webapp.rules) * 1:48232 <-> DISABLED <-> SERVER-WEBAPP Apache Syncope XSL transform code injection attempt (server-webapp.rules) * 1:48233 <-> DISABLED <-> SERVER-WEBAPP Apache Syncope information disclosure by orderBy (server-webapp.rules) * 1:48234 <-> DISABLED <-> SERVER-WEBAPP Apache Syncope information disclosure by fiql (server-webapp.rules) * 1:48235 <-> ENABLED <-> SERVER-OTHER NUUO NVRMini2 stack based buffer overflow attempt (server-other.rules) * 1:48236 <-> DISABLED <-> SERVER-WEBAPP Joomla Component Responsive Portfolio SQL injection attempt (server-webapp.rules) * 1:48237 <-> ENABLED <-> OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt (os-windows.rules) * 1:48238 <-> ENABLED <-> OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt (os-windows.rules) * 1:48241 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules) * 1:48242 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48243 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed EMF out of bounds read attempt (file-other.rules) * 1:48244 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48245 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48246 <-> DISABLED <-> SERVER-WEBAPP Supervene RazDC save_passwd.cgi command injection attempt (server-webapp.rules) * 1:48247 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48248 <-> DISABLED <-> FILE-PDF Foxit Reader TypedArray uninitialized memory disclosure attempt (file-pdf.rules) * 1:48249 <-> DISABLED <-> SERVER-OTHER GP ProEX WinGP Runtime directory traversal attempt (server-other.rules) * 1:48252 <-> DISABLED <-> SERVER-WEBAPP Idreamsoft iCMS admincp.php SQL injection attempt (server-webapp.rules) * 1:48256 <-> DISABLED <-> SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt (server-webapp.rules) * 1:48257 <-> DISABLED <-> SERVER-WEBAPP Imperva SecureSphere command injection attempt (server-webapp.rules) * 1:48258 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Octopus outbound connection attempt (malware-cnc.rules) * 1:48259 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Octopus outbound connection attempt (malware-cnc.rules) * 1:4826 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetRootDeviceInstance attempt (os-windows.rules) * 1:48260 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Octopus outbound connection attempt (malware-cnc.rules) * 1:48263 <-> ENABLED <-> SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt (server-webapp.rules) * 1:48264 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:48265 <-> DISABLED <-> PROTOCOL-VOIP SIP wildcard VIA address flood attempt (protocol-voip.rules) * 1:48266 <-> DISABLED <-> SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt (server-webapp.rules) * 1:48267 <-> DISABLED <-> SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt (server-webapp.rules) * 1:48268 <-> DISABLED <-> SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt (server-webapp.rules) * 1:48269 <-> DISABLED <-> SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt (server-webapp.rules) * 1:48270 <-> DISABLED <-> SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt (server-webapp.rules) * 1:48271 <-> DISABLED <-> SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt (server-webapp.rules) * 1:48272 <-> DISABLED <-> SERVER-WEBAPP Netgear Router admin password access attempt (server-webapp.rules) * 1:48273 <-> DISABLED <-> SERVER-WEBAPP Cockpit CMS media API directory traversal attempt (server-webapp.rules) * 1:48274 <-> DISABLED <-> SERVER-WEBAPP Cockpit CMS media API directory traversal attempt (server-webapp.rules) * 1:48275 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Gafgyt variant new bot registered (malware-cnc.rules) * 1:48276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Felixroot variant command-and-control communication attempt (malware-cnc.rules) * 1:48277 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Felixroot variant download attempt (malware-cnc.rules) * 1:48278 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Felixroot variant download attempt (malware-cnc.rules) * 1:48279 <-> ENABLED <-> MALWARE-CNC Rtf.Trojan.Felixroot variant download attempt (malware-cnc.rules) * 1:48280 <-> ENABLED <-> MALWARE-CNC Rtf.Trojan.Felixroot variant download attempt (malware-cnc.rules) * 1:48281 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Chalubo downloader connection (malware-cnc.rules) * 1:48282 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Chalubo outbound connection (malware-cnc.rules) * 1:48283 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Chalubo outbound connection (malware-cnc.rules) * 1:48284 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Chalubo outbound connection (malware-cnc.rules) * 1:48285 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Chalubo outbound connection (malware-cnc.rules) * 1:48286 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Chalubo outbound connection (malware-cnc.rules) * 1:48287 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FormBook variant outbound request detected (malware-cnc.rules) * 1:48288 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FormBook variant outbound request detected (malware-cnc.rules) * 1:48289 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules) * 1:48290 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules) * 1:48291 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules) * 1:48292 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawString out of bounds read attempt (file-other.rules) * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules) * 1:48295 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48296 <-> DISABLED <-> FILE-OTHER out-of-bounds write attempt with malicious MAR file detected (file-other.rules) * 1:48299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:483 <-> DISABLED <-> PROTOCOL-ICMP PING CyberKit 2.2 Windows (protocol-icmp.rules) * 1:48300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Telebot variant outbound connection (malware-cnc.rules) * 1:48303 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48304 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hex-escape obfuscation attempt (indicator-obfuscation.rules) * 1:48305 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48306 <-> ENABLED <-> INDICATOR-OBFUSCATION RTF file objdata hlsrc obfuscation attempt (indicator-obfuscation.rules) * 1:48307 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48308 <-> ENABLED <-> MALWARE-CNC Win.Doc.GrayEnergy malicious document download attempt (malware-cnc.rules) * 1:48309 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48310 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48311 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48312 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48313 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48314 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48315 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48316 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48317 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48318 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48319 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48320 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48321 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48322 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48323 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48324 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48325 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48326 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48327 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48328 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48329 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48330 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48331 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48332 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48333 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48334 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48335 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48336 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48337 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48338 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48339 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48340 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48341 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48342 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48343 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48344 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48345 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48346 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48347 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48348 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48349 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48350 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48351 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48352 <-> DISABLED <-> PROTOCOL-VOIP Known SIP scanner User-Agent detected (protocol-voip.rules) * 1:48353 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DnsService.pm command injection attempt (server-webapp.rules) * 1:48355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banking download attempt initiated (malware-cnc.rules) * 1:48359 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt (server-other.rules) * 1:48360 <-> ENABLED <-> BROWSER-IE Microsoft Edge JIT floating point value type confusion attempt (browser-ie.rules) * 1:48361 <-> ENABLED <-> BROWSER-IE Microsoft Edge JIT floating point value type confusion attempt (browser-ie.rules) * 1:48362 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:48363 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:48364 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:48365 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:48366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl.sys elevation of privilege attempt (os-windows.rules) * 1:48367 <-> DISABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl.sys elevation of privilege attempt (os-windows.rules) * 1:48368 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript Engine remote code execution attempt (browser-ie.rules) * 1:48369 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript Engine remote code execution attempt (browser-ie.rules) * 1:48370 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DirectX information disclosure attempt (browser-ie.rules) * 1:48371 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DirectX information disclosure attempt (browser-ie.rules) * 1:48372 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript Engine remote code execution attempt (browser-ie.rules) * 1:48373 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript Engine remote code execution attempt (browser-ie.rules) * 1:48374 <-> ENABLED <-> FILE-IMAGE Microsoft Graphics component WMF code execution attempt (file-image.rules) * 1:48375 <-> ENABLED <-> FILE-IMAGE Microsoft Graphics component WMF code execution attempt (file-image.rules) * 1:48376 <-> DISABLED <-> BROWSER-IE Microsoft Edge bailOnImplicitCall type confusion attempt (browser-ie.rules) * 1:48377 <-> DISABLED <-> BROWSER-IE Microsoft Edge bailOnImplicitCall type confusion attempt (browser-ie.rules) * 1:48378 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory entry remote code execution attempt (file-office.rules) * 1:48379 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory entry remote code execution attempt (file-office.rules) * 1:48380 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup SupportPortalService.pm command injection attempt (server-webapp.rules) * 1:48381 <-> DISABLED <-> SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (server-apache.rules) * 1:48382 <-> DISABLED <-> SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (server-apache.rules) * 1:48383 <-> DISABLED <-> SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (server-apache.rules) * 1:48384 <-> DISABLED <-> SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (server-apache.rules) * 1:48387 <-> ENABLED <-> BROWSER-IE Microsoft Edge information disclosure attempt (browser-ie.rules) * 1:48388 <-> ENABLED <-> BROWSER-IE Microsoft Edge information disclosure attempt (browser-ie.rules) * 1:48393 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k information disclosure attempt (os-windows.rules) * 1:48394 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k information disclosure attempt (os-windows.rules) * 1:48395 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound connection (malware-cnc.rules) * 1:48396 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound connection (malware-cnc.rules) * 1:48397 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy TLS server hello attempt (malware-cnc.rules) * 1:48398 <-> DISABLED <-> OS-WINDOWS Microsoft Windows potential Device Guard evasion via Jscript9 scripting engine attempt (os-windows.rules) * 1:48399 <-> DISABLED <-> OS-WINDOWS Microsoft Windows potential Device Guard evasion via Jscript9 scripting engine attempt (os-windows.rules) * 1:484 <-> DISABLED <-> PROTOCOL-ICMP PING Sniffer Pro/NetXRay network scan (protocol-icmp.rules) * 1:48400 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:48401 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds read attempt (file-flash.rules) * 1:48402 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:48403 <-> ENABLED <-> FILE-OFFICE Microsoft Outlook email rules file memory corruption attempt (file-office.rules) * 1:48404 <-> ENABLED <-> FILE-OFFICE Microsoft Outlook email rules file memory corruption attempt (file-office.rules) * 1:48405 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook rwz file memory corruption attempt (file-office.rules) * 1:48406 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook rwz file memory corruption attempt (file-office.rules) * 1:48407 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook rwz file memory corruption attempt (file-office.rules) * 1:48408 <-> ENABLED <-> FILE-OFFICE Microsoft Office Outlook rwz file memory corruption attempt (file-office.rules) * 1:48409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ioctlsocket information disclosure attempt (os-windows.rules) * 1:48410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel ioctlsocket information disclosure attempt (os-windows.rules) * 1:48411 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer oputilsServlet unauthorized API key disclosure attempt (server-webapp.rules) * 1:48412 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Firewall Analyzer setManaged SQL injection attempt (server-webapp.rules) * 1:48413 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48414 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48415 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt (server-webapp.rules) * 1:48416 <-> DISABLED <-> SERVER-WEBAPP WordPress wp_delete_attachment directory traversal attempt (server-webapp.rules) * 1:48417 <-> ENABLED <-> SERVER-WEBAPP PrestaShop PS_SAV_IMAP_URL command injection attempt (server-webapp.rules) * 1:48420 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bondupdater payload delivery attempt (malware-other.rules) * 1:48421 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bondupdater payload delivery attempt (malware-other.rules) * 1:48422 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:48423 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document malicious iframe code injection attempt (file-office.rules) * 1:48424 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word document malicious iframe code injection attempt (file-office.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:48427 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup DateTimeService.pm command injection attempt (server-webapp.rules) * 1:48428 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup GlobalViewService.pm command injection attempt (server-webapp.rules) * 1:48429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cannon outbound connection (malware-cnc.rules) * 1:48430 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cannon outbound connection (malware-cnc.rules) * 1:48431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound connection (malware-cnc.rules) * 1:48432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy outbound connection (malware-cnc.rules) * 1:48435 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OlympicDestroyer variant outbound connection (malware-cnc.rules) * 1:48436 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OlympicDestroyer variant outbound connection (malware-cnc.rules) * 1:48437 <-> ENABLED <-> MALWARE-CNC Win.Trojan.12percent ransomware generator download (malware-cnc.rules) * 1:48438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.12percent ransomware generator download (malware-cnc.rules) * 1:48439 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address/location detected (indicator-compromise.rules) * 1:48440 <-> ENABLED <-> EXPLOIT-KIT Qadars exploit kit attempt (exploit-kit.rules) * 1:48441 <-> DISABLED <-> BROWSER-PLUGINS Fourier Systems DaqLab ActiveX clsid access attempt (browser-plugins.rules) * 1:48442 <-> DISABLED <-> BROWSER-PLUGINS Fourier Systems DaqLab ActiveX clsid access attempt (browser-plugins.rules) * 1:48443 <-> DISABLED <-> SERVER-WEBAPP Nagios XI magpie_debug.php command argument injection attempt (server-webapp.rules) * 1:48444 <-> ENABLED <-> MALWARE-CNC Win.Malware.DNSpionage variant outbound connection (malware-cnc.rules) * 1:48445 <-> ENABLED <-> MALWARE-CNC Win.Malware.DNSpionage variant outbound connection (malware-cnc.rules) * 1:48446 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:48447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:48448 <-> DISABLED <-> SERVER-WEBAPP Drupal open redirect external URL injection attempt (server-webapp.rules) * 1:48449 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Exaramel outbound cnc connection (malware-cnc.rules) * 1:48461 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48462 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48463 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48464 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48465 <-> ENABLED <-> MALWARE-CNC Js.Worm.Bondat inbound connection attempt (malware-cnc.rules) * 1:48466 <-> ENABLED <-> MALWARE-CNC Win.Trojan.tRat variant outbound cnc connection (malware-cnc.rules) * 1:48467 <-> ENABLED <-> MALWARE-CNC Win.Trojan.tRat variant outbound cnc connection (malware-cnc.rules) * 1:48468 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.tRat variant inbound payload attempt (malware-other.rules) * 1:48469 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.tRat variant inbound payload attempt (malware-other.rules) * 1:48470 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48471 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48472 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48473 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48474 <-> DISABLED <-> SERVER-APACHE Apache Hadoop YARN ResourceManager arbitrary command execution attempt (server-apache.rules) * 1:48476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48477 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48478 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48480 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48481 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48482 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48483 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48484 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cmdsubsys.php command injection attempt (server-webapp.rules) * 1:48485 <-> DISABLED <-> SERVER-WEBAPP Loytec LWEB-900 directory traversal attempt (server-webapp.rules) * 1:48486 <-> DISABLED <-> SERVER-WEBAPP Wordpress Portable phpMyAdmin plugin authentication bypass attempt (server-webapp.rules) * 1:48487 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48488 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48489 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48490 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48496 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48497 <-> DISABLED <-> MALWARE-CNC 4th Stage Oilrig CNC connection attempt (malware-cnc.rules) * 1:48498 <-> DISABLED <-> MALWARE-CNC 2nd Stage Oilrig CNC connection attempt (malware-cnc.rules) * 1:48499 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeusPanda outbound cnc connection (malware-cnc.rules) * 1:48500 <-> ENABLED <-> SERVER-OTHER Kubernetes API Server bypass attempt (server-other.rules) * 1:48501 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules) * 1:48502 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules) * 1:48503 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hancitor outbound cnc connection (malware-cnc.rules) * 1:48504 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeusPanda outbound cnc connection (malware-cnc.rules) * 1:48505 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection attempt (malware-cnc.rules) * 1:48506 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeusPanda outbound connection attempt (malware-cnc.rules) * 1:48507 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeusPanda outbound connection attempt (malware-cnc.rules) * 1:48508 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusPanda outbound connection attempt (malware-cnc.rules) * 1:48509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Browser Chakra script type confusion exploit attempt (browser-ie.rules) * 1:48510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Browser Chakra script type confusion exploit attempt (browser-ie.rules) * 1:48511 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro PDF file use-after-free attempt (file-pdf.rules) * 1:48512 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro PDF file use-after-free attempt (file-pdf.rules) * 1:48513 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:48514 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:48515 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine memory corruption attempt (browser-ie.rules) * 1:48516 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine memory corruption attempt (browser-ie.rules) * 1:48517 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra engine memory corruption attempt (browser-ie.rules) * 1:48518 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra engine memory corruption attempt (browser-ie.rules) * 1:48519 <-> DISABLED <-> BROWSER-IE Microsoft Edge buffer overflow attempt (browser-ie.rules) * 1:48520 <-> DISABLED <-> BROWSER-IE Microsoft Edge buffer overflow attempt (browser-ie.rules) * 1:48531 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript execution policy bypass attempt (browser-ie.rules) * 1:48532 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript execution policy bypass attempt (browser-ie.rules) * 1:48533 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Jscript.Encode out-of-bounds read attempt (browser-ie.rules) * 1:48534 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Jscript.Encode out-of-bounds read attempt (browser-ie.rules) * 1:48535 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48536 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48537 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48538 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48539 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48540 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48541 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48542 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48543 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48544 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess 7.0 ActiveX clsid access attempt (browser-plugins.rules) * 1:48545 <-> DISABLED <-> SERVER-OTHER LSIS XP-Manager denial of service attempt (server-other.rules) * 1:48546 <-> DISABLED <-> BROWSER-WEBKIT WebKit RegEx engine optimization arbitrary code execution attempt (browser-webkit.rules) * 1:48547 <-> DISABLED <-> BROWSER-WEBKIT WebKit RegEx engine optimization arbitrary code execution attempt (browser-webkit.rules) * 1:48548 <-> ENABLED <-> SERVER-OTHER Kubernetes API Server bypass attempt (server-other.rules) * 1:48549 <-> ENABLED <-> SERVER-WEBAPP Apache Superset python pickle library remote code execution attempt (server-webapp.rules) * 1:48550 <-> ENABLED <-> SERVER-WEBAPP Apache Superset python pickle library remote code execution attempt (server-webapp.rules) * 1:48551 <-> ENABLED <-> SERVER-WEBAPP Apache Superset python pickle library remote code execution attempt (server-webapp.rules) * 1:48552 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult outbound connection (malware-cnc.rules) * 1:48553 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file download request (file-identify.rules) * 1:48554 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48555 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48556 <-> ENABLED <-> FILE-IDENTIFY Omron CX-Supervisor project file file attachment detected (file-identify.rules) * 1:48557 <-> DISABLED <-> FILE-OTHER Omron CX-Supervisor malicious project file download attempt (file-other.rules) * 1:48558 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules) * 1:48559 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Powermud variant outbound connection (malware-cnc.rules) * 1:48560 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Powermud variant outbound connection (malware-cnc.rules) * 1:48561 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Powermud variant outbound connection (malware-cnc.rules) * 1:48562 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Powermud variant outbound connection (malware-cnc.rules) * 1:48563 <-> DISABLED <-> SERVER-WEBAPP Pilz PASvisu arbitrary file upload attempt (server-webapp.rules) * 1:48564 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox javascript type confusion code execution attempt (browser-firefox.rules) * 1:48565 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox javascript type confusion code execution attempt (browser-firefox.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48568 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48569 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell download (malware-tools.rules) * 1:48570 <-> DISABLED <-> MALWARE-TOOLS JexBoss webshell commands sent in X-JEX headers (malware-tools.rules) * 1:48571 <-> DISABLED <-> MALWARE-TOOLS JexBoss User-Agent detected (malware-tools.rules) * 1:48572 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.Fastcash download attempt (malware-other.rules) * 1:48573 <-> DISABLED <-> SERVER-WEBAPP WordPress arbitrary file deletion attempt (server-webapp.rules) * 1:48574 <-> DISABLED <-> INDICATOR-COMPROMISE malicious jquery.js load attempt (indicator-compromise.rules) * 1:48575 <-> DISABLED <-> INDICATOR-COMPROMISE malicious jquery.js load attempt (indicator-compromise.rules) * 1:48576 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:48577 <-> DISABLED <-> PROTOCOL-SCADA PNIO-CM Connect Operation (protocol-scada.rules) * 1:48578 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader xfa use after free attempt (file-pdf.rules) * 1:48579 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader xfa use after free attempt (file-pdf.rules) * 1:48580 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS ODTTF out-of-bounds read attempt (file-other.rules) * 1:48581 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS ODTTF out-of-bounds read attempt (file-other.rules) * 1:48582 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader removeLinks use after free attempt (file-pdf.rules) * 1:48583 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader removeLinks use after free attempt (file-pdf.rules) * 1:48584 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48585 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48586 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds write attempt (file-other.rules) * 1:48587 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds write attempt (file-other.rules) * 1:48588 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Cannon payload download attempt (malware-cnc.rules) * 1:48589 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Cannon payload download attempt (malware-cnc.rules) * 1:48590 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound cnc connection (malware-cnc.rules) * 1:48591 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Cannon payload download attempt (malware-cnc.rules) * 1:48592 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound cnc connection (malware-cnc.rules) * 1:48593 <-> DISABLED <-> PROTOCOL-VOIP SIP over SCTP wildcard VIA address attempt (protocol-voip.rules) * 1:48594 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro XSLT out-of-bounds read attempt (file-pdf.rules) * 1:48595 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro XSLT out-of-bounds read attempt (file-pdf.rules) * 1:48596 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out-of-bounds read attempt (browser-ie.rules) * 1:48597 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out-of-bounds read attempt (browser-ie.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48601 <-> ENABLED <-> FILE-OFFICE Microsoft Office Powerpoint use after free attempt (file-office.rules) * 1:48602 <-> ENABLED <-> FILE-OFFICE Microsoft Office Powerpoint use after free attempt (file-office.rules) * 1:48604 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48605 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48606 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k NtGdiCreateDIBitmapInternal memory corruption attempt (os-windows.rules) * 1:48607 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k NtGdiCreateDIBitmapInternal memory corruption attempt (os-windows.rules) * 1:48608 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS ODTTF out-of-bounds read attempt (file-other.rules) * 1:48609 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS ODTTF out-of-bounds read attempt (file-other.rules) * 1:48610 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48611 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48612 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows kernel use-after-free attempt (file-executable.rules) * 1:48613 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows kernel use-after-free attempt (file-executable.rules) * 1:48622 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro malformed XPS JPEG out of bounds read attempt (file-other.rules) * 1:48623 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48624 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro integer overflow vulnerability attempt (file-other.rules) * 1:48625 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox method array.prototype.push remote code execution attempt (browser-firefox.rules) * 1:48627 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48628 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:48629 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48630 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out-of-bounds read attempt (file-other.rules) * 1:48631 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48632 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF XFA node use-after-free attempt (file-pdf.rules) * 1:48633 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48634 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF EMR_CREATEMONOBRUSH out-of-bounds write attempt (file-other.rules) * 1:48636 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48637 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:48640 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules) * 1:48641 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out-of-bounds read attempt (file-other.rules) * 1:48642 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules) * 1:48643 <-> ENABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds read attempt (file-other.rules) * 1:48645 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file font-load out-of-bounds read attempt (file-other.rules) * 1:48646 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file font-load out-of-bounds read attempt (file-other.rules) * 1:48647 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .bbs tcp dns query (indicator-compromise.rules) * 1:48648 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .bbs dns query (indicator-compromise.rules) * 1:48649 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .chan tcp dns query (indicator-compromise.rules) * 1:48650 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .chan dns query (indicator-compromise.rules) * 1:48651 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .cyb tcp dns query (indicator-compromise.rules) * 1:48652 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .cyb dns query (indicator-compromise.rules) * 1:48653 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .dyn tcp dns query (indicator-compromise.rules) * 1:48654 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .dyn dns query (indicator-compromise.rules) * 1:48655 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .geek tcp dns query (indicator-compromise.rules) * 1:48656 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .geek dns query (indicator-compromise.rules) * 1:48657 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .gopher tcp dns query (indicator-compromise.rules) * 1:48658 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .gopher dns query (indicator-compromise.rules) * 1:48659 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .indy tcp dns query (indicator-compromise.rules) * 1:48660 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .indy dns query (indicator-compromise.rules) * 1:48661 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .libre tcp dns query (indicator-compromise.rules) * 1:48662 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .libre dns query (indicator-compromise.rules) * 1:48663 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .neo tcp dns query (indicator-compromise.rules) * 1:48664 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .neo dns query (indicator-compromise.rules) * 1:48665 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .null tcp dns query (indicator-compromise.rules) * 1:48666 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .null dns query (indicator-compromise.rules) * 1:48667 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .o tcp dns A query (indicator-compromise.rules) * 1:48668 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .o dns A query (indicator-compromise.rules) * 1:48669 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .oss tcp dns query (indicator-compromise.rules) * 1:48670 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .oss dns query (indicator-compromise.rules) * 1:48671 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .oz tcp dns A query (indicator-compromise.rules) * 1:48672 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .oz dns A query (indicator-compromise.rules) * 1:48673 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .parody tcp dns query (indicator-compromise.rules) * 1:48674 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .parody dns query (indicator-compromise.rules) * 1:48675 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .pirate tcp dns query (indicator-compromise.rules) * 1:48676 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .pirate dns query (indicator-compromise.rules) * 1:48677 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .free tcp dns query (indicator-compromise.rules) * 1:48678 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .free dns query (indicator-compromise.rules) * 1:48679 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .bazar tcp dns query (indicator-compromise.rules) * 1:48680 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .bazar dns query (indicator-compromise.rules) * 1:48681 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .coin tcp dns query (indicator-compromise.rules) * 1:48682 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .coin dns query (indicator-compromise.rules) * 1:48683 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .emc tcp dns query (indicator-compromise.rules) * 1:48684 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .emc dns query (indicator-compromise.rules) * 1:48685 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .lib tcp dns query (indicator-compromise.rules) * 1:48686 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .lib dns query (indicator-compromise.rules) * 1:48687 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .fur tcp dns query (indicator-compromise.rules) * 1:48688 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .fur dns query (indicator-compromise.rules) * 1:48693 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:48694 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:48695 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:48696 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:48697 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:48698 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript remote code execution attempt (browser-ie.rules) * 1:48699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine downgrade detected (browser-ie.rules) * 1:48700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine downgrade detected (browser-ie.rules) * 1:48701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:48702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:48703 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48704 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48705 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48706 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48707 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap overflow attempt (file-pdf.rules) * 1:48708 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap overflow attempt (file-pdf.rules) * 1:48709 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file image-load out-of-bounds read attempt (file-other.rules) * 1:48710 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file image-load out-of-bounds read attempt (file-other.rules) * 1:48711 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48712 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48713 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .glue dns query (indicator-compromise.rules) * 1:48714 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .glue tcp dns query (indicator-compromise.rules) * 1:48715 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Ramnit payload drop attempt (malware-other.rules) * 1:48716 <-> ENABLED <-> MALWARE-OTHER Js.Trojan.MagentoCore infected page detected (malware-other.rules) * 1:48717 <-> ENABLED <-> MALWARE-OTHER Js.Trojan.MagentoCore infected page detected (malware-other.rules) * 1:48718 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Occamy inbound payload attempt (malware-other.rules) * 1:48719 <-> ENABLED <-> MALWARE-OTHER Js.Trojan.Coinminer variant infected page detected (malware-other.rules) * 1:48720 <-> ENABLED <-> MALWARE-OTHER Js.Trojan.Coinminer variant infected page detected (malware-other.rules) * 1:48721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48724 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Occamy variant outbound connection (malware-cnc.rules) * 1:48725 <-> DISABLED <-> SERVER-WEBAPP SmarterStats remote code execution attempt (server-webapp.rules) * 1:48726 <-> DISABLED <-> SERVER-WEBAPP SmarterStats remote code execution attempt (server-webapp.rules) * 1:48727 <-> DISABLED <-> SERVER-WEBAPP SmarterStats remote code execution attempt (server-webapp.rules) * 1:48728 <-> DISABLED <-> SERVER-WEBAPP SmarterStats remote code execution attempt (server-webapp.rules) * 1:48729 <-> DISABLED <-> SERVER-WEBAPP SmarterStats remote code execution attempt (server-webapp.rules) * 1:48730 <-> DISABLED <-> SERVER-WEBAPP SmarterStats remote code execution attempt (server-webapp.rules) * 1:48731 <-> DISABLED <-> SERVER-WEBAPP SmarterStats remote code execution attempt (server-webapp.rules) * 1:48732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zekapab variant outbound connection (malware-cnc.rules) * 1:48733 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:48734 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:48735 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:48736 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:48737 <-> DISABLED <-> SERVER-WEBAPP MailCleaner managetracing searchAction command injection attempt (server-webapp.rules) * 1:48738 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro memory corruption attempt (file-pdf.rules) * 1:48739 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro memory corruption attempt (file-pdf.rules) * 1:48740 <-> DISABLED <-> SERVER-WEBAPP Tridium Niagara default administrator account login attempt (server-webapp.rules) * 1:48741 <-> ENABLED <-> MALWARE-OTHER Js.Trojan.Agent variant inbound payload attempt (malware-other.rules) * 1:48742 <-> ENABLED <-> MALWARE-OTHER Js.Trojan.Agent variant inbound payload attempt (malware-other.rules) * 1:48743 <-> ENABLED <-> MALWARE-OTHER Js.Trojan.Agent variant inbound payload attempt (malware-other.rules) * 1:48744 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TEW-673GRU apply.cgi start_arpping command injection attempt (server-webapp.rules) * 1:48745 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:48746 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS TTF out-of-bounds read attempt (file-other.rules) * 1:48748 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48749 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro out of bounds read attempt (file-other.rules) * 1:48750 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48751 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript resolveNode use-after-free attempt (file-pdf.rules) * 1:48752 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode use after free attempt (file-pdf.rules) * 1:48753 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode use after free attempt (file-pdf.rules) * 1:48754 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:48755 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:48756 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript extractContents use after free attempt (file-pdf.rules) * 1:48757 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript extractContents use after free attempt (file-pdf.rules) * 1:48758 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS memory corruption attempt (file-other.rules) * 1:48759 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS memory corruption attempt (file-other.rules) * 1:48760 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusFillPath out of bounds read attempt (file-other.rules) * 1:48761 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EmfPlusFillPath out of bounds read attempt (file-other.rules) * 1:48764 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48766 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48767 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant payload download attempt (malware-cnc.rules) * 1:48768 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows data sharing service privilege escalation attempt (file-executable.rules) * 1:48769 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows data sharing service privilege escalation attempt (file-executable.rules) * 1:48770 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:48771 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:48772 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:48773 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:48774 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out of bounds read attempt (file-other.rules) * 1:48775 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro XPS file out of bounds read attempt (file-other.rules) * 1:48776 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (os-windows.rules) * 1:48777 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (os-windows.rules) * 1:48778 <-> ENABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules) * 1:48779 <-> ENABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules) * 1:48780 <-> ENABLED <-> BROWSER-IE Microsoft Edge object manipulation use-after-free attempt (browser-ie.rules) * 1:48781 <-> ENABLED <-> BROWSER-IE Microsoft Edge object manipulation use-after-free attempt (browser-ie.rules) * 1:48782 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ProgID arbitrary code execution attempt (browser-ie.rules) * 1:48783 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ProgID arbitrary code execution attempt (browser-ie.rules) * 1:48784 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Shamoon propagation via SMB2 transfer attempt (malware-other.rules) * 1:48785 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:48786 <-> DISABLED <-> SERVER-OTHER SQLite FTS integer overflow attempt (server-other.rules) * 1:48787 <-> ENABLED <-> OS-WINDOWS Microsoft Windows COM Desktop Broker sandbox escape attempt (os-windows.rules) * 1:48788 <-> ENABLED <-> OS-WINDOWS Microsoft Windows COM Desktop Broker sandbox escape attempt (os-windows.rules) * 1:48789 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel out of bounds read attempt (os-windows.rules) * 1:48790 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel out of bounds read attempt (os-windows.rules) * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:48792 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:48793 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (os-windows.rules) * 1:48794 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Data Sharing Service privilege escalation attempt (os-windows.rules) * 1:48795 <-> DISABLED <-> OS-WINDOWS Microsoft XmlDocument privilege escalation attempt (os-windows.rules) * 1:48796 <-> DISABLED <-> OS-WINDOWS Microsoft XmlDocument privilege escalation attempt (os-windows.rules) * 1:48797 <-> DISABLED <-> OS-WINDOWS Microsoft XmlDocument privilege escalation attempt (os-windows.rules) * 1:48798 <-> DISABLED <-> OS-WINDOWS Microsoft XmlDocument privilege escalation attempt (os-windows.rules) * 1:48799 <-> ENABLED <-> OS-WINDOWS Microsoft Windows arbitrary file read attempt (os-windows.rules) * 1:48800 <-> ENABLED <-> OS-WINDOWS Microsoft Windows arbitrary file read attempt (os-windows.rules) * 1:48801 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:48802 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:48803 <-> ENABLED <-> MALWARE-OTHER samsam.exe file name detected (malware-other.rules) * 1:48804 <-> DISABLED <-> MALWARE-OTHER Ransomware SamSam variant detected (malware-other.rules) * 1:48805 <-> ENABLED <-> MALWARE-OTHER Ransomware SamSam variant detected (malware-other.rules) * 1:48806 <-> ENABLED <-> MALWARE-OTHER Ransomware SamSam variant detected (malware-other.rules) * 1:48807 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 AcquireCredentialsHandle privilege escalation attempt (os-windows.rules) * 1:48808 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 AcquireCredentialsHandle privilege escalation attempt (os-windows.rules) * 1:48809 <-> ENABLED <-> OS-WINDOWS Microsoft Edge session boundary violation attempt (os-windows.rules) * 1:48810 <-> ENABLED <-> OS-WINDOWS Microsoft Edge session boundary violation attempt (os-windows.rules) * 1:48811 <-> ENABLED <-> MALWARE-OTHER SamSam associated file (malware-other.rules) * 1:48812 <-> ENABLED <-> MALWARE-OTHER Ransomware SamSam variant detected (malware-other.rules) * 1:48813 <-> ENABLED <-> MALWARE-OTHER Ransomware SamSam variant detected (malware-other.rules) * 1:48814 <-> ENABLED <-> MALWARE-OTHER Ransomware SamSam variant detected (malware-other.rules) * 1:48815 <-> DISABLED <-> SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (server-webapp.rules) * 1:48816 <-> ENABLED <-> FILE-PDF Adobe Acrobat javascript based security bypass attempt (file-pdf.rules) * 1:48817 <-> ENABLED <-> FILE-PDF Adobe Acrobat javascript based security bypass attempt (file-pdf.rules) * 1:48818 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48819 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent variant inbound payload download (malware-cnc.rules) * 1:48820 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Criakl variant outbound connection (malware-cnc.rules) * 1:48821 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Uppercut variant outbound connection (malware-cnc.rules) * 1:48822 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Uppercut inbound payload download (malware-cnc.rules) * 1:48823 <-> DISABLED <-> POLICY-OTHER C-More Programming Simulator denial of service attempt (policy-other.rules) * 1:48824 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture use after free attempt (file-other.rules) * 1:48825 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture use after free attempt (file-other.rules) * 1:48826 <-> ENABLED <-> SERVER-WEBAPP Delta Industrial Automation Robot DRAStudio directory traversal attempt (server-webapp.rules) * 1:48827 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro use after free attempt (file-pdf.rules) * 1:48828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro use after free attempt (file-pdf.rules) * 1:48829 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .o tcp dns AAAA query (indicator-compromise.rules) * 1:48830 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .o tcp dns TXT query (indicator-compromise.rules) * 1:48831 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .o dns AAAA query (indicator-compromise.rules) * 1:48832 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .o dns TXT query (indicator-compromise.rules) * 1:48833 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .oz tcp dns AAAA query (indicator-compromise.rules) * 1:48834 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .oz tcp dns TXT query (indicator-compromise.rules) * 1:48835 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .oz dns AAAA query (indicator-compromise.rules) * 1:48836 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious .oz dns TXT query (indicator-compromise.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:48838 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48839 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48840 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt (server-webapp.rules) * 1:48841 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48842 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48843 <-> DISABLED <-> SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt (server-webapp.rules) * 1:48844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48845 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48846 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48847 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.WindTail outbound connection (malware-cnc.rules) * 1:48848 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48849 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript ANAuthenticateResource use-after-free attempt (file-pdf.rules) * 1:48856 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.L0rdix binary download attempt (malware-other.rules) * 1:48857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send client settings attempt (malware-cnc.rules) * 1:48858 <-> ENABLED <-> MALWARE-CNC Win.Trojan.L0rdix send system log attempt (malware-cnc.rules) * 1:48859 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48860 <-> ENABLED <-> MALWARE-CNC MuddyWater variant malicious document download attempt (malware-cnc.rules) * 1:48861 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48862 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48863 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48864 <-> DISABLED <-> INDICATOR-OBFUSCATION Potential Z-WASP malicious URL obfuscation attempt (indicator-obfuscation.rules) * 1:48865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48869 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48870 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules) * 1:48872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48873 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48874 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48875 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48876 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48878 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48879 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48880 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48881 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48884 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48888 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48889 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48890 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48891 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48892 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48893 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48896 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48897 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48898 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48899 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:489 <-> DISABLED <-> PROTOCOL-FTP no password (protocol-ftp.rules) * 1:4890 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer IAVIStream & IAVIFile Proxy ActiveX object access (browser-plugins.rules) * 1:48900 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager reporting.aspx SQL injection attempt (server-webapp.rules) * 1:48901 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48902 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48903 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48904 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48905 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48906 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48907 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:4891 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer cfw Class ActiveX object access (browser-plugins.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:4892 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MTSEvents Class ActiveX object access (browser-plugins.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:4893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Trident HTMLEditor ActiveX object access (browser-plugins.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48937 <-> DISABLED <-> FILE-IMAGE Imagemagick XBM tranformation information leak attempt (file-image.rules) * 1:48938 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48939 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:4894 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSEnumVariant ActiveX object access (browser-plugins.rules) * 1:48940 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48941 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48942 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48943 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48944 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48945 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:4895 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeInfo ActiveX object access (browser-plugins.rules) * 1:4896 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeLib ActiveX object access (browser-plugins.rules) * 1:48963 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules) * 1:48964 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler privileged file overwrite attempt (os-windows.rules) * 1:48965 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48966 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48967 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48968 <-> DISABLED <-> FILE-PDF Adobe Reader PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:48969 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules) * 1:4897 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSOAInterface ActiveX object access (browser-plugins.rules) * 1:48970 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules) * 1:48971 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file remote code execution attempt (file-other.rules) * 1:48972 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF file remote code execution attempt (file-other.rules) * 1:48973 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules) * 1:48974 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF calculate tag use-after-free attempt (file-pdf.rules) * 1:4898 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PSTypeComp ActiveX object access (browser-plugins.rules) * 1:48982 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.MongoLock outbound connection (malware-cnc.rules) * 1:48983 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.MongoLock inbound connection (malware-cnc.rules) * 1:48984 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII request (protocol-scada.rules) * 1:48985 <-> DISABLED <-> PROTOCOL-SCADA PCOM Init Device ASCII request (protocol-scada.rules) * 1:48986 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII request (protocol-scada.rules) * 1:48987 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII request (protocol-scada.rules) * 1:48988 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII request (protocol-scada.rules) * 1:48989 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII request (protocol-scada.rules) * 1:4899 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISupportErrorInfo Interface ActiveX object access (browser-plugins.rules) * 1:48990 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII request (protocol-scada.rules) * 1:48991 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII request (protocol-scada.rules) * 1:48992 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII request (protocol-scada.rules) * 1:48993 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Longs ASCII request (protocol-scada.rules) * 1:48994 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII request (protocol-scada.rules) * 1:48995 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII request (protocol-scada.rules) * 1:48996 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Longs ASCII request (protocol-scada.rules) * 1:48997 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII request (protocol-scada.rules) * 1:48998 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII request (protocol-scada.rules) * 1:48999 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII request (protocol-scada.rules) * 1:490 <-> DISABLED <-> SERVER-MAIL battle-mail traffic (server-mail.rules) * 1:4900 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Outlook Progress Ctl ActiveX object access (browser-plugins.rules) * 1:49000 <-> DISABLED <-> PROTOCOL-SCADA PCOM Stop Device ASCII request (protocol-scada.rules) * 1:49001 <-> DISABLED <-> PROTOCOL-SCADA PCOM Start Device ASCII request (protocol-scada.rules) * 1:49002 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Longs ASCII request (protocol-scada.rules) * 1:49003 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII request (protocol-scada.rules) * 1:49004 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII request (protocol-scada.rules) * 1:49005 <-> DISABLED <-> PROTOCOL-SCADA PCOM Reset Device ASCII request (protocol-scada.rules) * 1:49006 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Longs ASCII request (protocol-scada.rules) * 1:49007 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII request (protocol-scada.rules) * 1:49008 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary request (protocol-scada.rules) * 1:49009 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set UnitID ASCII reply (protocol-scada.rules) * 1:4901 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR Allocator Presenter 9 ActiveX object access (browser-plugins.rules) * 1:49010 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get RTC ASCII reply (protocol-scada.rules) * 1:49011 <-> DISABLED <-> PROTOCOL-SCADA PCOM Identification ASCII reply (protocol-scada.rules) * 1:49012 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary request (protocol-scada.rules) * 1:49013 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get UnitID ASCII reply (protocol-scada.rules) * 1:49014 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary request (protocol-scada.rules) * 1:49015 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary request (protocol-scada.rules) * 1:49016 <-> DISABLED <-> PROTOCOL-SCADA PCOM Set RTC ASCII reply (protocol-scada.rules) * 1:49017 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Inputs ASCII reply (protocol-scada.rules) * 1:49018 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Bits ASCII reply (protocol-scada.rules) * 1:49019 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Longs ASCII reply (protocol-scada.rules) * 1:4902 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Mixing Renderer 9 ActiveX object access (browser-plugins.rules) * 1:49020 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read System Integers ASCII reply (protocol-scada.rules) * 1:49021 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Ouputs ASCII reply (protocol-scada.rules) * 1:49022 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Bits ASCII reply (protocol-scada.rules) * 1:49023 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Memory Integers ASCII reply (protocol-scada.rules) * 1:49024 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Bits ASCII reply (protocol-scada.rules) * 1:49025 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Integers ASCII reply (protocol-scada.rules) * 1:49026 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write System Bits ASCII reply (protocol-scada.rules) * 1:49027 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Ouputs ASCII reply (protocol-scada.rules) * 1:49028 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Memory Integers ASCII reply (protocol-scada.rules) * 1:49029 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Longs ASCII reply (protocol-scada.rules) * 1:4903 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VMR ImageSync 9 ActiveX object access (browser-plugins.rules) * 1:49030 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Operands binary reply (protocol-scada.rules) * 1:49031 <-> DISABLED <-> PROTOCOL-SCADA PCOM Get PLC Name binary reply (protocol-scada.rules) * 1:49032 <-> DISABLED <-> PROTOCOL-SCADA PCOM Write Data Table binary reply (protocol-scada.rules) * 1:49033 <-> DISABLED <-> PROTOCOL-SCADA PCOM Read Data Table binary reply (protocol-scada.rules) * 1:49034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qakbot malicious executable download attempt (malware-cnc.rules) * 1:49035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qakbot malicious executable download attempt (malware-cnc.rules) * 1:49036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA engine memory corruption attempt (file-pdf.rules) * 1:49037 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA engine memory corruption attempt (file-pdf.rules) * 1:49038 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file email address remote code execution attempt (file-other.rules) * 1:49039 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file email address remote code execution attempt (file-other.rules) * 1:4904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Alias ActiveX object access (browser-plugins.rules) * 1:49040 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt (indicator-compromise.rules) * 1:49041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt (os-windows.rules) * 1:49042 <-> DISABLED <-> PUA-ADWARE Osx.Adware.FairyTail variant outbound connection detected (pua-adware.rules) * 1:49043 <-> DISABLED <-> PUA-ADWARE Osx.Adware.Genieo variant outbound connection detected (pua-adware.rules) * 1:49044 <-> DISABLED <-> PUA-ADWARE Osx.Adware.MacSearch variant outbound connection detected (pua-adware.rules) * 1:49048 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:49049 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules) * 1:4905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Object ActiveX object access (browser-plugins.rules) * 1:49050 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC S7-1500 remote denial of service attempt (protocol-scada.rules) * 1:49051 <-> DISABLED <-> SERVER-OTHER Ewon router default credential login attempt (server-other.rules) * 1:49052 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49053 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49054 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49055 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49056 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49057 <-> DISABLED <-> SERVER-OTHER Moxa router default credential login attempt (server-other.rules) * 1:49058 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49059 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:4906 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Interface Definition ActiveX object access (browser-plugins.rules) * 1:49060 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49061 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49062 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49063 <-> DISABLED <-> SERVER-OTHER Sierra Wireless router default credential login attempt (server-other.rules) * 1:49064 <-> DISABLED <-> SERVER-OTHER Westermo router default credential login attempt (server-other.rules) * 1:49065 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner getSystemState attempt (server-other.rules) * 1:49066 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49067 <-> DISABLED <-> SERVER-OTHER Robot Operating System aztarna scanner fingerprinting attempt (server-other.rules) * 1:49068 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:49069 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper GandCrab ramsomware download attempt (malware-cnc.rules) * 1:4907 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Collection Definition ActiveX object access (browser-plugins.rules) * 1:49070 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49071 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant detected (malware-other.rules) * 1:49072 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Anatova variant network share encryption attempt (malware-other.rules) * 1:49073 <-> DISABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49074 <-> DISABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49075 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49076 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49077 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49078 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49079 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:4908 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Method Definition ActiveX object access (browser-plugins.rules) * 1:49080 <-> ENABLED <-> FILE-OTHER Microsoft Windows device metadata file directory traversal attempt (file-other.rules) * 1:49081 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript out-of-bounds read (file-pdf.rules) * 1:49082 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript out-of-bounds read (file-pdf.rules) * 1:49083 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules) * 1:49084 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules) * 1:49085 <-> ENABLED <-> FILE-OTHER Ghostscript PostScript remote code execution attempt (file-other.rules) * 1:49086 <-> ENABLED <-> FILE-OTHER Ghostscript PostScript remote code execution attempt (file-other.rules) * 1:4909 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Property Definition ActiveX object access (browser-plugins.rules) * 1:49090 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:49091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dragonok variant post-compromise outbound connection detected (malware-cnc.rules) * 1:49092 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dragonok variant post-compromise outbound connection detected (malware-cnc.rules) * 1:49093 <-> DISABLED <-> SERVER-WEBAPP Coaster CMS stored cross site scripting attempt (server-webapp.rules) * 1:49094 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Quickr ActiveX clsid access attempt (browser-plugins.rules) * 1:49095 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Quickr ActiveX clsid access attempt (browser-plugins.rules) * 1:49096 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Quickr ActiveX clsid access attempt (browser-plugins.rules) * 1:49097 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Quickr ActiveX clsid access attempt (browser-plugins.rules) * 1:49098 <-> DISABLED <-> SERVER-WEBAPP Joomla Easy Shop local file inclusion attempt (server-webapp.rules) * 1:491 <-> DISABLED <-> PROTOCOL-FTP Bad login (protocol-ftp.rules) * 1:4910 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Relationship Definition ActiveX object access (browser-plugins.rules) * 1:49100 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server NTLM relay attack attempt (server-other.rules) * 1:49101 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules) * 1:49102 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules) * 1:49103 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules) * 1:49104 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules) * 1:49105 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules) * 1:49106 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules) * 1:49107 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules) * 1:49108 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules) * 1:49109 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules) * 1:4911 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Type Library ActiveX object access (browser-plugins.rules) * 1:49110 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules) * 1:49111 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency miner download attempt (pua-other.rules) * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49113 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules) * 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49115 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules) * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules) * 1:49118 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:49119 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:4912 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Root ActiveX object access (browser-plugins.rules) * 1:49120 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules) * 1:49121 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules) * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:49126 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules) * 1:49127 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules) * 1:49128 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:49129 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:4913 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Workspace ActiveX object access (browser-plugins.rules) * 1:49130 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion exploit attempt (browser-ie.rules) * 1:49131 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion exploit attempt (browser-ie.rules) * 1:49132 <-> ENABLED <-> FILE-OFFICE Microsoft Excel information disclosure attempt (file-office.rules) * 1:49133 <-> ENABLED <-> FILE-OFFICE Microsoft Excel information disclosure attempt (file-office.rules) * 1:49134 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:49135 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:49136 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine remote code execution attempt (browser-ie.rules) * 1:49137 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine remote code execution attempt (browser-ie.rules) * 1:49138 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:49139 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:4914 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Repository Script Definition ActiveX object access (browser-plugins.rules) * 1:49140 <-> ENABLED <-> BROWSER-IE Microsoft Edge ArrayBuffer out of bounds write attempt (browser-ie.rules) * 1:49141 <-> ENABLED <-> BROWSER-IE Microsoft Edge ArrayBuffer out of bounds write attempt (browser-ie.rules) * 1:49142 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49143 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49144 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion exploit attempt (browser-ie.rules) * 1:49145 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion exploit attempt (browser-ie.rules) * 1:49146 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB named pipe buffer overflow attempt (os-windows.rules) * 1:49147 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:49148 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:49149 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly type confusion exploit attempt (browser-ie.rules) * 1:4915 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shortcut Handler ActiveX object access (browser-plugins.rules) * 1:49150 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly type confusion exploit attempt (browser-ie.rules) * 1:49151 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:49152 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:49153 <-> ENABLED <-> BROWSER-IE Microsoft Edge Promise object context switch use-after-free attempt (browser-ie.rules) * 1:49154 <-> ENABLED <-> BROWSER-IE Microsoft Edge Promise object context switch use-after-free attempt (browser-ie.rules) * 1:49155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer information disclosure attempt (browser-ie.rules) * 1:49156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer information disclosure attempt (browser-ie.rules) * 1:49157 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:49158 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:49159 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules) * 1:4916 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (browser-ie.rules) * 1:49160 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules) * 1:49161 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:49162 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:49163 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows NtTraceControl function use (indicator-compromise.rules) * 1:49164 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows NtTraceControl function use (indicator-compromise.rules) * 1:49165 <-> ENABLED <-> BROWSER-IE Microsoft Edge buffer manipulation out-of-bounds read attempt (browser-ie.rules) * 1:49166 <-> ENABLED <-> BROWSER-IE Microsoft Edge buffer manipulation out-of-bounds read attempt (browser-ie.rules) * 1:49167 <-> ENABLED <-> BROWSER-IE Microsoft Edge variable length manipulation type confusion attempt (browser-ie.rules) * 1:49168 <-> ENABLED <-> BROWSER-IE Microsoft Edge variable length manipulation type confusion attempt (browser-ie.rules) * 1:49169 <-> ENABLED <-> BROWSER-IE Microsoft Edge isSealed object buffer overrun attempt (browser-ie.rules) * 1:4917 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (browser-ie.rules) * 1:49170 <-> ENABLED <-> BROWSER-IE Microsoft Edge isSealed object buffer overrun attempt (browser-ie.rules) * 1:49171 <-> DISABLED <-> OS-WINDOWS NTLM authentication relay attempt (os-windows.rules) * 1:49172 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:49173 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:49174 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules) * 1:49175 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules) * 1:49176 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules) * 1:49177 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB remote code execution attempt (os-windows.rules) * 1:49178 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSLT information disclosure attempt (file-pdf.rules) * 1:49179 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSLT information disclosure attempt (file-pdf.rules) * 1:4918 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (os-windows.rules) * 1:49180 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k SendMessageTimeout kernel information leak attempt (os-windows.rules) * 1:49181 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k SendMessageTimeout kernel information leak attempt (os-windows.rules) * 1:49182 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:49183 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:49184 <-> DISABLED <-> INDICATOR-COMPROMISE PEAR Archive_Tar PHP object injection attempt (indicator-compromise.rules) * 1:49185 <-> DISABLED <-> INDICATOR-COMPROMISE PEAR Archive_Tar PHP object injection attempt (indicator-compromise.rules) * 1:49186 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HtmlLayout styling use after free attempt (browser-ie.rules) * 1:49187 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HtmlLayout styling use after free attempt (browser-ie.rules) * 1:49188 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.SpeakUp (malware-cnc.rules) * 1:49191 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Virtual Appliance Manager undocumented credential use attempt (server-webapp.rules) * 1:49192 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA engine memory corruption attempt (file-pdf.rules) * 1:49193 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA engine memory corruption attempt (file-pdf.rules) * 1:49194 <-> ENABLED <-> PUA-OTHER XMR-Stak cryptocurrency mining pool connection attempt (pua-other.rules) * 1:49195 <-> DISABLED <-> SERVER-OTHER Multiple products runc arbitrary code execution attempt (server-other.rules) * 1:49196 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript defineProperty memory corruption attempt (file-pdf.rules) * 1:49197 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript defineProperty memory corruption attempt (file-pdf.rules) * 1:49199 <-> DISABLED <-> FILE-OTHER Microsoft Windows Contact file arbitrary code execution attempt (file-other.rules) * 1:492 <-> DISABLED <-> PROTOCOL-TELNET login failed (protocol-telnet.rules) * 1:49200 <-> DISABLED <-> FILE-OTHER Microsoft Windows VCF arbitrary code execution attempt (file-other.rules) * 1:49201 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript memory corruption attempt (file-pdf.rules) * 1:49202 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript memory corruption attempt (file-pdf.rules) * 1:49203 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read attempt (file-pdf.rules) * 1:49204 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read attempt (file-pdf.rules) * 1:49207 <-> ENABLED <-> MALWARE-CNC PHP.PEAR.Backdoor malicious script download attempt (malware-cnc.rules) * 1:49208 <-> ENABLED <-> MALWARE-CNC PHP.PEAR.Backdoor malicious script download attempt (malware-cnc.rules) * 1:49211 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript engine use after free attempt (file-pdf.rules) * 1:49212 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript engine use after free attempt (file-pdf.rules) * 1:49213 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript engine out-of-bounds read attempt (file-pdf.rules) * 1:49214 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript engine out-of-bounds read attempt (file-pdf.rules) * 1:49215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Keymarble malicious executable download attempt (malware-cnc.rules) * 1:49216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Keymarble malicious executable download attempt (malware-cnc.rules) * 1:49217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Keymarble malicious executable download attempt (malware-cnc.rules) * 1:49218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Keymarble malicious executable download attempt (malware-cnc.rules) * 1:49219 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Brusha malicious payload download attempt (malware-cnc.rules) * 1:49220 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Brusha malicious payload download attempt (malware-cnc.rules) * 1:49221 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Brusha malicious payload download attempt (malware-cnc.rules) * 1:49222 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Brusha malicious payload download attempt (malware-cnc.rules) * 1:49223 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Brusha malicious payload download attempt (malware-cnc.rules) * 1:49224 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Brusha malicious payload download attempt (malware-cnc.rules) * 1:49225 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TIF orientation out of bounds read attempt (file-pdf.rules) * 1:49226 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TIF orientation out of bounds read attempt (file-pdf.rules) * 1:49227 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript engine use after free attempt (file-pdf.rules) * 1:49228 <-> ENABLED <-> FILE-PDF Adobe Acrobat JavaScript engine use after free attempt (file-pdf.rules) * 1:49229 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds write attempt (file-pdf.rules) * 1:49230 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds write attempt (file-pdf.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49233 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript untrusted pointer dereference attempt detected (file-pdf.rules) * 1:49234 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript untrusted pointer dereference attempt detected (file-pdf.rules) * 1:49235 <-> ENABLED <-> FILE-PDF JavaScript XFA engine use after free attempt (file-pdf.rules) * 1:49236 <-> ENABLED <-> FILE-PDF JavaScript XFA engine use after free attempt (file-pdf.rules) * 1:49242 <-> DISABLED <-> FILE-OTHER Adobe Acrobat PostScript parsing type confusion attempt (file-other.rules) * 1:49243 <-> DISABLED <-> FILE-OTHER Adobe Acrobat PostScript parsing type confusion attempt (file-other.rules) * 1:49244 <-> DISABLED <-> FILE-OTHER Adobe Acrobat PostScript parsing arbitrary code execution attempt (file-other.rules) * 1:49245 <-> DISABLED <-> FILE-OTHER Adobe Acrobat PostScript parsing arbitrary code execution attempt (file-other.rules) * 1:49246 <-> ENABLED <-> FILE-OTHER Adobe Acrobat JavaScript engine security bypass attempt (file-other.rules) * 1:49247 <-> ENABLED <-> FILE-OTHER Adobe Acrobat JavaScript engine security bypass attempt (file-other.rules) * 1:49248 <-> DISABLED <-> SERVER-WEBAPP WordPress login reconnaissance attempt (server-webapp.rules) * 1:49249 <-> DISABLED <-> SERVER-WEBAPP WordPress login reconnaissance attempt (server-webapp.rules) * 1:49250 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:49251 <-> ENABLED <-> FILE-PDF Adobe Acrobat Pro out of bounds write attempt (file-pdf.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:49253 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:49254 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word styleWithEffects use-after-free attempt (file-office.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49256 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49257 <-> DISABLED <-> SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt (server-webapp.rules) * 1:49258 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out of bounds read attempt (file-other.rules) * 1:49259 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out of bounds read attempt (file-other.rules) * 1:49260 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49261 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49262 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed embedded idx file out of bounds read attempt (file-pdf.rules) * 1:49263 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed embedded idx file out of bounds read attempt (file-pdf.rules) * 1:49264 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF file stack overflow attempt (file-pdf.rules) * 1:49265 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF file stack overflow attempt (file-pdf.rules) * 1:49266 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:49267 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader use after free attempt (file-pdf.rules) * 1:49268 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro use-after-free attempt (file-other.rules) * 1:49269 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro use-after-free attempt (file-other.rules) * 1:49270 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out of bounds write attempt (file-other.rules) * 1:49271 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out of bounds write attempt (file-other.rules) * 1:49272 <-> ENABLED <-> FILE-PDF Adobe Reader XFA engine untrusted pointer dereference attempt (file-pdf.rules) * 1:49273 <-> ENABLED <-> FILE-PDF Adobe Reader XFA engine untrusted pointer dereference attempt (file-pdf.rules) * 1:49274 <-> ENABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:49275 <-> ENABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:49276 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49277 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49278 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:49279 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:49280 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules) * 1:49281 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro HTML use-after-free attempt (file-other.rules) * 1:49282 <-> DISABLED <-> SERVER-WEBAPP Magecart inbound scan for vulnerable plugin attempt (server-webapp.rules) * 1:49283 <-> ENABLED <-> FILE-PDF Adobe Acrobat use after free attempt (file-pdf.rules) * 1:49284 <-> ENABLED <-> FILE-PDF Adobe Acrobat use after free attempt (file-pdf.rules) * 1:49285 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules) * 1:49286 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules) * 1:49287 <-> DISABLED <-> INDICATOR-COMPROMISE avi file without matching file magic (indicator-compromise.rules) * 1:49288 <-> DISABLED <-> INDICATOR-COMPROMISE avi file without matching file magic (indicator-compromise.rules) * 1:49289 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:49290 <-> ENABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:49291 <-> DISABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:49292 <-> DISABLED <-> FILE-OTHER WinRAR ACE remote code execution attempt (file-other.rules) * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules) * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules) * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules) * 1:493 <-> DISABLED <-> APP-DETECT psyBNC access (app-detect.rules) * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules) * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules) * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules) * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules) * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules) * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules) * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules) * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules) * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules) * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules) * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules) * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules) * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules) * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules) * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules) * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules) * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules) * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules) * 1:49326 <-> DISABLED <-> SERVER-WEBAPP Rockwell Automation Allen-Bradley PowerMonitor 1000 cross site scripting attempt (server-webapp.rules) * 1:49327 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Crytekk variant post-compromise outbound connection detected (malware-cnc.rules) * 1:49328 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Crytekk variant post-compromise outbound connection detected (malware-cnc.rules) * 1:49329 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Crytekk variant post-compromise outbound connection detected (malware-cnc.rules) * 1:49330 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Crytekk variant post-compromise outbound connection detected (malware-cnc.rules) * 1:49331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Arescrypt malicious ransomware download attempt (malware-cnc.rules) * 1:49332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Arescrypt malicious ransomware download attempt (malware-cnc.rules) * 1:49333 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DHCP Server remote code execution attempt (os-windows.rules) * 1:49337 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion arbitrary file upload attempt (server-other.rules) * 1:49338 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion arbitrary file upload attempt (server-other.rules) * 1:49351 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FrameworkPoS variant outbound connection attempt (malware-cnc.rules) * 1:49352 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FrameworkPoS malicious executable download attempt (malware-cnc.rules) * 1:49353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FrameworkPoS malicious executable download attempt (malware-cnc.rules) * 1:49354 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules) * 1:49355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown variant outbound connection (malware-cnc.rules) * 1:49356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules) * 1:49357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules) * 1:49358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules) * 1:49359 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KerrDown download attempt (malware-cnc.rules) * 1:49360 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules) * 1:49361 <-> ENABLED <-> BROWSER-CHROME Google Chrome FileReader use after free attempt (browser-chrome.rules) * 1:49364 <-> ENABLED <-> BROWSER-IE Microsoft Edge reference count memory corruption attempt (browser-ie.rules) * 1:49365 <-> ENABLED <-> BROWSER-IE Microsoft Edge reference count memory corruption attempt (browser-ie.rules) * 1:49366 <-> DISABLED <-> INDICATOR-COMPROMISE Windows SMBv1 information disclosure attempt (indicator-compromise.rules) * 1:49367 <-> DISABLED <-> INDICATOR-COMPROMISE Windows SMBv2 information disclosure attempt (indicator-compromise.rules) * 1:49368 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49369 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49371 <-> ENABLED <-> BROWSER-IE Microsoft Edge security feature bypass attempt (browser-ie.rules) * 1:49372 <-> ENABLED <-> BROWSER-IE Microsoft Edge security feature bypass attempt (browser-ie.rules) * 1:49374 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:49375 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:49377 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:49378 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:49379 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:49380 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49381 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49382 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49383 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49384 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:49385 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:49386 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49387 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49388 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49389 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49390 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:49391 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:49392 <-> DISABLED <-> OS-WINDOWS Microsoft Windows mailslot kernel information leak attempt (os-windows.rules) * 1:49393 <-> DISABLED <-> OS-WINDOWS Microsoft Windows mailslot kernel information leak attempt (os-windows.rules) * 1:49394 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49395 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49396 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:49397 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:49398 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:49399 <-> ENABLED <-> SERVER-WEBAPP Adobe ColdFusion unauthorized serialized object attempt (server-webapp.rules) * 1:494 <-> DISABLED <-> INDICATOR-COMPROMISE command completed (indicator-compromise.rules) * 1:49400 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:49401 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:49402 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT kernel null pointer dereference attempt (os-windows.rules) * 1:49403 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT kernel null pointer dereference attempt (os-windows.rules) * 1:49404 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (file-multimedia.rules) * 1:49405 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess 8.3.2 Dashboard SQL injection attempt (server-webapp.rules) * 1:49406 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess 8.3.2 Dashboard SQL injection attempt (server-webapp.rules) * 1:49407 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess 8.3.2 Dashboard SQL injection attempt (server-webapp.rules) * 1:49408 <-> DISABLED <-> SERVER-WEBAPP Simple Scada directory traversal attempt (server-webapp.rules) * 1:49409 <-> DISABLED <-> FILE-OTHER Elipse Software Elipse32 dll-load exploit attempt (file-other.rules) * 1:49410 <-> DISABLED <-> FILE-OTHER Elipse Software Elipse32 dll-load exploit attempt (file-other.rules) * 1:49411 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FrameworkPoS anti-debugging long dns query attempt (malware-cnc.rules) * 1:49413 <-> DISABLED <-> SERVER-WEBAPP Samsung Integrated Management System Data Management Server SQL injection attempt (server-webapp.rules) * 1:49414 <-> DISABLED <-> SERVER-WEBAPP Samsung Integrated Management System Data Management Server SQL injection attempt (server-webapp.rules) * 1:49415 <-> DISABLED <-> SERVER-WEBAPP Samsung Integrated Management System Data Management Server SQL injection attempt (server-webapp.rules) * 1:49416 <-> DISABLED <-> SERVER-OTHER Samsung Integrated Management System Data Management Server hardcoded credentials attempt (server-other.rules) * 1:49417 <-> DISABLED <-> SERVER-OTHER Samsung Integrated Management System Data Management Server hardcoded credentials attempt (server-other.rules) * 1:49418 <-> DISABLED <-> SERVER-WEBAPP Orange LiveBox unauthorized credentials access attempt (server-webapp.rules) * 1:49421 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:49422 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:49423 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (file-other.rules) * 1:49424 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Danabot download attempt (malware-cnc.rules) * 1:49425 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Danabot download attempt (malware-cnc.rules) * 1:49426 <-> DISABLED <-> PROTOCOL-FTP GP-Pro EX HMI WinGP Runtime Arbitrary File Disclosure attempt (protocol-ftp.rules) * 1:49427 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:49428 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:49429 <-> DISABLED <-> SERVER-WEBAPP MyBB Bans List Extension cross site scripting attempt (server-webapp.rules) * 1:49430 <-> DISABLED <-> SERVER-WEBAPP MyBB Bans List Extension cross site scripting attempt (server-webapp.rules) * 1:49431 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:49432 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:49433 <-> DISABLED <-> SERVER-WEBAPP Sitecom Home Storage Center directory traversal attempt (server-webapp.rules) * 1:49434 <-> DISABLED <-> SERVER-WEBAPP Sitecom Home Storage Center directory traversal attempt (server-webapp.rules) * 1:49435 <-> DISABLED <-> SERVER-WEBAPP Sitecom Home Storage Center directory traversal attempt (server-webapp.rules) * 1:49436 <-> DISABLED <-> POLICY-OTHER Linksys WAP610N command injection attempt (policy-other.rules) * 1:49437 <-> DISABLED <-> FILE-OTHER Schneider Electric GP-Pro EX ParseAPI heap buffer overflow attempt (file-other.rules) * 1:49438 <-> DISABLED <-> SERVER-OTHER QNX Neutrino qconn unauthenticated command execution attempt (server-other.rules) * 1:49439 <-> DISABLED <-> SERVER-OTHER Interactive Graphical SCADA System arbitrary file read attempt (server-other.rules) * 1:49440 <-> DISABLED <-> SERVER-OTHER SCADA DataRate remote code execution attempt (server-other.rules) * 1:49441 <-> DISABLED <-> SERVER-OTHER SCADA DataRate remote code execution attempt (server-other.rules) * 1:49444 <-> DISABLED <-> BROWSER-PLUGINS Phoenix Contact Think & Do ISSymbol ActiveX clsid access attempt (browser-plugins.rules) * 1:49445 <-> DISABLED <-> BROWSER-PLUGINS Phoenix Contact Think & Do ISSymbol ActiveX clsid access attempt (browser-plugins.rules) * 1:49446 <-> DISABLED <-> BROWSER-PLUGINS Phoenix Contact Think & Do ISSymbol ActiveX clsid access attempt (browser-plugins.rules) * 1:49447 <-> DISABLED <-> BROWSER-PLUGINS Phoenix Contact Think & Do ISSymbol ActiveX clsid access attempt (browser-plugins.rules) * 1:49448 <-> DISABLED <-> SERVER-WEBAPP WordPress comment cross site request forgery attempt (server-webapp.rules) * 1:49449 <-> DISABLED <-> SERVER-OTHER ASP webshell upload attempt (server-other.rules) * 1:49450 <-> DISABLED <-> SERVER-OTHER CFM webshell upload attempt (server-other.rules) * 1:49451 <-> DISABLED <-> SERVER-OTHER ASP webshell upload attempt (server-other.rules) * 1:49452 <-> DISABLED <-> SERVER-OTHER Perl webshell upload attempt (server-other.rules) * 1:49453 <-> DISABLED <-> SERVER-OTHER CFM webshell upload attempt (server-other.rules) * 1:49454 <-> DISABLED <-> SERVER-OTHER CFM webshell upload attempt (server-other.rules) * 1:49455 <-> DISABLED <-> SERVER-OTHER Perl webshell upload attempt (server-other.rules) * 1:49456 <-> DISABLED <-> SERVER-OTHER PHP webshell upload attempt (server-other.rules) * 1:49457 <-> DISABLED <-> SERVER-OTHER PHP webshell upload attempt (server-other.rules) * 1:49458 <-> ENABLED <-> SERVER-OTHER PHP webshell upload attempt (server-other.rules) * 1:49459 <-> DISABLED <-> SERVER-OTHER Perl webshell upload attempt (server-other.rules) * 1:49460 <-> DISABLED <-> SERVER-OTHER ASP webshell upload attempt (server-other.rules) * 1:49461 <-> DISABLED <-> POLICY-OTHER D-Link DIR-615 remote unauthenticated password modification attempt (policy-other.rules) * 1:49462 <-> DISABLED <-> POLICY-OTHER D-Link DIR-615 remote unauthenticated password modification attempt (policy-other.rules) * 1:49463 <-> DISABLED <-> SERVER-WEBAPP Joomla CW Articles Attachments SQL injection attempt (server-webapp.rules) * 1:49464 <-> DISABLED <-> SERVER-WEBAPP Joomla CW Articles Attachments SQL injection attempt (server-webapp.rules) * 1:49465 <-> DISABLED <-> SERVER-WEBAPP Joomla CW Articles Attachments SQL injection attempt (server-webapp.rules) * 1:49466 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49467 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49470 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49471 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49473 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49474 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49475 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RisingSun variant outbound connection (malware-cnc.rules) * 1:49477 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.RisingSun variant download attempt (malware-cnc.rules) * 1:49478 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.RisingSun variant download attempt (malware-cnc.rules) * 1:49479 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.RisingSun variant download attempt (malware-cnc.rules) * 1:49480 <-> DISABLED <-> SERVER-OTHER IBM solidDB denial of service attempt (server-other.rules) * 1:49481 <-> DISABLED <-> SERVER-OTHER Sagem Fast 3304-V1 denial of service attempt (server-other.rules) * 1:49482 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:49483 <-> DISABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:49484 <-> DISABLED <-> SERVER-OTHER Western Digital MyNet unauthenticated configuration disclosure attempt (server-other.rules) * 1:49485 <-> DISABLED <-> SERVER-OTHER IBM solidDB denial of service attempt (server-other.rules) * 1:49486 <-> DISABLED <-> FILE-OTHER Snapd dirty_sock exploit download attempt (file-other.rules) * 1:49487 <-> DISABLED <-> FILE-OTHER Snapd dirty_sock exploit download attempt (file-other.rules) * 1:49488 <-> DISABLED <-> FILE-OTHER Snapd dirty_sock exploit download attempt (file-other.rules) * 1:49489 <-> DISABLED <-> FILE-OTHER Snapd dirty_sock exploit download attempt (file-other.rules) * 1:49490 <-> DISABLED <-> SERVER-WEBAPP QNAP Zip Upload command injection attempt (server-webapp.rules) * 1:49491 <-> DISABLED <-> SERVER-WEBAPP QNAP Zip Upload command injection attempt (server-webapp.rules) * 1:49492 <-> DISABLED <-> SERVER-WEBAPP QNAP Zip Upload command injection attempt (server-webapp.rules) * 1:49493 <-> DISABLED <-> SERVER-WEBAPP QNAP Zip Upload command injection attempt (server-webapp.rules) * 1:49494 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:49495 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:49496 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:49497 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:49498 <-> ENABLED <-> SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (server-webapp.rules) * 1:49499 <-> ENABLED <-> SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (server-webapp.rules) * 1:495 <-> DISABLED <-> INDICATOR-COMPROMISE command error (indicator-compromise.rules) * 1:49500 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:49501 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:49502 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:49503 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:49504 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro saveFilteredXML out-of-bounds read attempt (file-pdf.rules) * 1:49505 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro saveFilteredXML out-of-bounds read attempt (file-pdf.rules) * 1:49506 <-> DISABLED <-> POLICY-OTHER Thomson TWG850-4 unauthenticated backup download attempt (policy-other.rules) * 1:49507 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shade malicious executable download attempt (malware-cnc.rules) * 1:49508 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shade malicious executable download attempt (malware-cnc.rules) * 1:49512 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49513 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49514 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49515 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49516 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49517 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49518 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49519 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49520 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49521 <-> DISABLED <-> POLICY-OTHER Sagem Fast Router default credentials login attempt (policy-other.rules) * 1:49522 <-> DISABLED <-> SERVER-WEBAPP Magecart infected page outbound request attempt (server-webapp.rules) * 1:49523 <-> DISABLED <-> SERVER-WEBAPP Zyxel ZyWALL information disclosure attempt (server-webapp.rules) * 1:49524 <-> DISABLED <-> SERVER-WEBAPP TPLink TD W8151N SQL injection attempt (server-webapp.rules) * 1:49525 <-> DISABLED <-> SERVER-WEBAPP TPLink TD W8151N SQL injection attempt (server-webapp.rules) * 1:49526 <-> DISABLED <-> SERVER-WEBAPP TPLink TD W8151N SQL injection attempt (server-webapp.rules) * 1:49527 <-> DISABLED <-> SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (server-webapp.rules) * 1:49528 <-> DISABLED <-> SERVER-WEBAPP WordPress SocialWarfare plugin stored cross site scripting attempt (server-webapp.rules) * 1:49529 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner download attempt (indicator-compromise.rules) * 1:49530 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner download attempt (indicator-compromise.rules) * 1:49531 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner download attempt (indicator-compromise.rules) * 1:49532 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner download attempt (indicator-compromise.rules) * 1:49533 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Yatron variant outbound connection (malware-cnc.rules) * 1:49534 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Yatron variant outbound connection (malware-cnc.rules) * 1:49535 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Yatron payload download attempt (malware-other.rules) * 1:49536 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Yatron payload download attempt (malware-other.rules) * 1:49537 <-> DISABLED <-> SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt (server-webapp.rules) * 1:49538 <-> DISABLED <-> SERVER-WEBAPP elFinder PHP connector command injection attempt (server-webapp.rules) * 1:49539 <-> ENABLED <-> SERVER-OTHER WordPress wp_user_roles configuration change attempt (server-other.rules) * 1:49540 <-> ENABLED <-> SERVER-OTHER WordPress wp_user_roles configuration change attempt (server-other.rules) * 1:49541 <-> DISABLED <-> POLICY-OTHER WordPress Easy WP SMTP plugin log file access attempt (policy-other.rules) * 1:49542 <-> DISABLED <-> POLICY-OTHER WordPress Easy WP SMTP plugin config settings import attempt (policy-other.rules) * 1:49543 <-> DISABLED <-> POLICY-OTHER WordPress Easy WP SMTP plugin config settings export attempt (policy-other.rules) * 1:49544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedID variant post-config websocket outbound connection attempt (malware-cnc.rules) * 1:49545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedID variant certificate exchange attempt (malware-cnc.rules) * 1:49546 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedID variant certificate exchange attempt (malware-cnc.rules) * 1:49547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedID variant certificate exchange attempt (malware-cnc.rules) * 1:49548 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules) * 1:49549 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedID variant certificate exchange attempt (malware-cnc.rules) * 1:49550 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedID variant certificate exchange attempt (malware-cnc.rules) * 1:49551 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedID variant certificate exchange attempt (malware-cnc.rules) * 1:49552 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedID variant certificate exchange attempt (malware-cnc.rules) * 1:49553 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant payload download attempt (malware-cnc.rules) * 1:49554 <-> DISABLED <-> SERVER-OTHER OpenMRS getExactPatients.action information disclosure attempt (server-other.rules) * 1:49555 <-> DISABLED <-> INDICATOR-COMPROMISE AutoBase Studio project remote code execution attempt (indicator-compromise.rules) * 1:49556 <-> DISABLED <-> INDICATOR-COMPROMISE AutoBase Studio project remote code execution attempt (indicator-compromise.rules) * 1:49557 <-> ENABLED <-> SERVER-WEBAPP Apache Solr jmx.serviceUrl remote code execution attempt (server-webapp.rules) * 1:49558 <-> DISABLED <-> FILE-PDF Cool PDF Reader buffer overflow attempt (file-pdf.rules) * 1:49559 <-> DISABLED <-> FILE-PDF Cool PDF Reader buffer overflow attempt (file-pdf.rules) * 1:49560 <-> DISABLED <-> FILE-PDF Cool PDF Reader buffer overflow attempt (file-pdf.rules) * 1:49561 <-> DISABLED <-> FILE-PDF Cool PDF Reader buffer overflow attempt (file-pdf.rules) * 1:49562 <-> DISABLED <-> FILE-PDF Cool PDF Reader buffer overflow attempt (file-pdf.rules) * 1:49563 <-> DISABLED <-> FILE-PDF Cool PDF Reader buffer overflow attempt (file-pdf.rules) * 1:49564 <-> DISABLED <-> FILE-PDF Cool PDF Reader buffer overflow attempt (file-pdf.rules) * 1:49565 <-> DISABLED <-> FILE-PDF Cool PDF Reader buffer overflow attempt (file-pdf.rules) * 1:49566 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedAmmyy variant outbound connection (malware-cnc.rules) * 1:49567 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.FlawedAmmyy download attempt (malware-cnc.rules) * 1:49568 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.FlawedAmmyy download attempt (malware-cnc.rules) * 1:49569 <-> ENABLED <-> MALWARE-OTHER PowerShell invocation with ExecutionPolicy Bypass attempt (malware-other.rules) * 1:49570 <-> DISABLED <-> MALWARE-OTHER Windows Management Instrumentation manipulation attempt (malware-other.rules) * 1:49571 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fakewmi variant outbound connection attempt (malware-cnc.rules) * 1:49572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fakewmi variant outbound connection attempt (malware-cnc.rules) * 1:49573 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:49574 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:49575 <-> DISABLED <-> FILE-IMAGE SketchUp BMP RLE8 parsing buffer overflow attempt (file-image.rules) * 1:49576 <-> DISABLED <-> FILE-IMAGE SketchUp BMP RLE8 parsing buffer overflow attempt (file-image.rules) * 1:49577 <-> DISABLED <-> SERVER-WEBAPP ElectronJS Exodus remote code execution attempt (server-webapp.rules) * 1:49578 <-> DISABLED <-> SERVER-WEBAPP ElectronJS Exodus remote code execution attempt (server-webapp.rules) * 1:49579 <-> DISABLED <-> SERVER-WEBAPP ElectronJS Exodus remote code execution attempt (server-webapp.rules) * 1:49580 <-> DISABLED <-> SERVER-WEBAPP ElectronJS Exodus remote code execution attempt (server-webapp.rules) * 1:49581 <-> DISABLED <-> SERVER-WEBAPP ElectronJS Exodus remote code execution attempt (server-webapp.rules) * 1:49582 <-> DISABLED <-> SERVER-WEBAPP ElectronJS Exodus remote code execution attempt (server-webapp.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49587 <-> DISABLED <-> SERVER-WEBAPP CMSsite 1.0 SQL injection attempt (server-webapp.rules) * 1:49592 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SectorA05 outbound connection attempt (malware-cnc.rules) * 1:49593 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SectorA05 outbound connection attempt (malware-cnc.rules) * 1:49594 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SectorA05 outbound connection attempt (malware-cnc.rules) * 1:49595 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SectorA05 outbound connection attempt (malware-cnc.rules) * 1:49596 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlobeImposter malicious executable download attempt (malware-cnc.rules) * 1:49597 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlobeImposter malicious executable download attempt (malware-cnc.rules) * 1:49598 <-> DISABLED <-> SERVER-WEBAPP Fiberhome AN5506-04-F RP2669 cross site scripting attempt (server-webapp.rules) * 1:49599 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt detected (file-pdf.rules) * 1:49600 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt detected (file-pdf.rules) * 1:49601 <-> DISABLED <-> SERVER-OTHER Century Star SCADA directory traversal attempt (server-other.rules) * 1:49602 <-> DISABLED <-> SERVER-OTHER Century Star SCADA directory traversal attempt (server-other.rules) * 1:49603 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager SQL injection attempt (server-webapp.rules) * 1:49604 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager SQL injection attempt (server-webapp.rules) * 1:49605 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager SQL injection attempt (server-webapp.rules) * 1:49617 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49618 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49620 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49621 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49622 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49625 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49626 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49627 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49628 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49629 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49630 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49631 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49632 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49633 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49634 <-> DISABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49635 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple Showtime2 Module arbitrary PHP file upload attempt (server-webapp.rules) * 1:49636 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49637 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49638 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49639 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49640 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49641 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49642 <-> DISABLED <-> SERVER-WEBAPP Multiple PACS Server directory traversal attempt (server-webapp.rules) * 1:49643 <-> DISABLED <-> SERVER-WEBAPP Multiple PACS Server directory traversal attempt (server-webapp.rules) * 1:49644 <-> DISABLED <-> SERVER-WEBAPP Multiple PACS Server directory traversal attempt (server-webapp.rules) * 1:49645 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49646 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49647 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49650 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49651 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49652 <-> DISABLED <-> SERVER-OTHER ipTime G104BE directory traversal attempt (server-other.rules) * 1:49653 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rietspoof variant outbound connection (malware-cnc.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49657 <-> DISABLED <-> INDICATOR-COMPROMISE php web shell upload attempt (indicator-compromise.rules) * 1:49658 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA font size out-of-bounds read attempt (file-pdf.rules) * 1:49659 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA font size out-of-bounds read attempt (file-pdf.rules) * 1:49660 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA font size out-of-bounds read attempt (file-pdf.rules) * 1:49661 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA font size out-of-bounds read attempt (file-pdf.rules) * 1:49662 <-> DISABLED <-> SERVER-WEBAPP CMSsite 1.0 SQL injection attempt (server-webapp.rules) * 1:49663 <-> DISABLED <-> SERVER-WEBAPP CMSsite 1.0 SQL injection attempt (server-webapp.rules) * 1:49664 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TSCookie variant outbound connection (malware-cnc.rules) * 1:49665 <-> DISABLED <-> SERVER-WEBAPP DirectAdmin admin account creation attempt (server-webapp.rules) * 1:49666 <-> ENABLED <-> SQL HTTP URI blind injection attempt (sql.rules) * 1:49667 <-> DISABLED <-> SERVER-WEBAPP Flexpaper and Flowpaper command injection attempt (server-webapp.rules) * 1:49668 <-> DISABLED <-> SERVER-WEBAPP Flexpaper and Flowpaper deletion of configuration file attempt (server-webapp.rules) * 1:49669 <-> DISABLED <-> SERVER-WEBAPP Flexpaper and Flowpaper potential arbitrary file deletion attempt (server-webapp.rules) * 1:49670 <-> ENABLED <-> SERVER-OTHER Hashicorp Consul services API remote code execution attempt (server-other.rules) * 1:49671 <-> ENABLED <-> INDICATOR-COMPROMISE Script execution from TOR attempt (indicator-compromise.rules) * 1:49672 <-> DISABLED <-> SERVER-OTHER PHP gdImageColorMatch heap buffer overflow file upload attempt (server-other.rules) * 1:49673 <-> DISABLED <-> SERVER-OTHER PHP gdImageColorMatch heap buffer overflow file download attempt (server-other.rules) * 1:49674 <-> DISABLED <-> FILE-OTHER PHP use after free attempt (file-other.rules) * 1:49675 <-> DISABLED <-> FILE-OTHER PHP use after free attempt (file-other.rules) * 1:49676 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Lockergoga binary download attempt (malware-cnc.rules) * 1:49677 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Lockergoga binary download attempt (malware-cnc.rules) * 1:49678 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Lockergoga binary download attempt (malware-cnc.rules) * 1:49679 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Lockergoga binary download attempt (malware-cnc.rules) * 1:49680 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Lockergoga binary download attempt (malware-cnc.rules) * 1:49681 <-> ENABLED <-> MALWARE-CNC Android.Trojan.Banking outbound beacon attempt (malware-cnc.rules) * 1:49682 <-> ENABLED <-> MALWARE-CNC Android.Trojan.Banking command-and-control communication attempt (malware-cnc.rules) * 1:49683 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules) * 1:49686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:49687 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:49688 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows kernel user after free attempt (file-executable.rules) * 1:49689 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows kernel user after free attempt (file-executable.rules) * 1:49690 <-> ENABLED <-> INDICATOR-SHELLCODE KernelFuzzer system call 64 bit (indicator-shellcode.rules) * 1:49691 <-> ENABLED <-> INDICATOR-SHELLCODE KernelFuzzer system call 64 bit (indicator-shellcode.rules) * 1:49692 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LUAFV driver privilege escalation attempt (os-windows.rules) * 1:49693 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LUAFV driver privilege escalation attempt (os-windows.rules) * 1:49694 <-> DISABLED <-> OS-WINDOWS Windows CSRSS privilege escalation attempt (os-windows.rules) * 1:49695 <-> DISABLED <-> OS-WINDOWS Windows CSRSS privilege escalation attempt (os-windows.rules) * 1:49696 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LUAFV privilege escalation attempt (os-windows.rules) * 1:49697 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LUAFV privilege escalation attempt (os-windows.rules) * 1:49698 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49699 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:497 <-> DISABLED <-> INDICATOR-COMPROMISE file copied ok (indicator-compromise.rules) * 1:49700 <-> ENABLED <-> FILE-OFFICE Microsoft Powerpoint graphics component remote code execution attempt (file-office.rules) * 1:49701 <-> ENABLED <-> FILE-OFFICE Microsoft Powerpoint graphics component remote code execution attempt (file-office.rules) * 1:49702 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49703 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtSetCachedSigningLevel Device Guard bypass attempt (os-windows.rules) * 1:49705 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtSetCachedSigningLevel Device Guard bypass attempt (os-windows.rules) * 1:49706 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49707 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49708 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49709 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49710 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49711 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49712 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI component use after free attempt (os-windows.rules) * 1:49713 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI component use after free attempt (os-windows.rules) * 1:49714 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail Contact Management add.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:49715 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail Contact Management add.php directory traversal attempt (server-webapp.rules) * 1:49716 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49717 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49718 <-> ENABLED <-> OS-WINDOWS Microsoft windows LUAFV privilege escalation attempt (os-windows.rules) * 1:49719 <-> ENABLED <-> OS-WINDOWS Microsoft windows LUAFV privilege escalation attempt (os-windows.rules) * 1:49720 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LuafvPostReadWrite privilege escalation attempt (os-windows.rules) * 1:49721 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LuafvPostReadWrite privilege escalation attempt (os-windows.rules) * 1:49722 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49723 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:49724 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xwo variant outbound connection attempt (malware-cnc.rules) * 1:49725 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:49726 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:49727 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49728 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49729 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49730 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49731 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49732 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49733 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49734 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49735 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49736 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49737 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49738 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49739 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49740 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49741 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49742 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49743 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49744 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49745 <-> ENABLED <-> FILE-OFFICE Microsoft Office directory traversal attempt (file-office.rules) * 1:49746 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (os-windows.rules) * 1:49747 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (os-windows.rules) * 1:49748 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LUAFV privilege escalation attempt (os-windows.rules) * 1:49749 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LUAFV privilege escalation attempt (os-windows.rules) * 1:49750 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:49751 <-> ENABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:49752 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free attempt (browser-ie.rules) * 1:49753 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free attempt (browser-ie.rules) * 1:49754 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules) * 1:49755 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Kernel information disclosure attempt (os-windows.rules) * 1:49758 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:49759 <-> DISABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX function call attempt (browser-plugins.rules) * 1:49762 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AppXSVC privilege escalation attempt (os-windows.rules) * 1:49763 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AppXSVC privilege escalation attempt (os-windows.rules) * 1:49764 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AppXSVC privilege escalation attempt (os-windows.rules) * 1:49765 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AppXSVC privilege escalation attempt (os-windows.rules) * 1:49766 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Cr1ptT0r download attempt (malware-other.rules) * 1:49767 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Cr1ptT0r download attempt (malware-other.rules) * 1:49768 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-320L ShareCenter PHP code injection attempt (server-webapp.rules) * 1:49769 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-320L ShareCenter PHP code injection attempt (server-webapp.rules) * 1:49770 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Imminent variant download attempt (malware-other.rules) * 1:49771 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Imminent variant download attempt (malware-other.rules) * 1:49772 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Imminent variant inbound response (malware-cnc.rules) * 1:49773 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Imminent variant outbound connection (malware-cnc.rules) * 1:49774 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Imminent variant outbound connection (malware-cnc.rules) * 1:49775 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:49776 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:49777 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye variant outbound cnc connection (malware-cnc.rules) * 1:49778 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye variant outbound cnc connection (malware-cnc.rules) * 1:49779 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HawkEye variant outbound cnc connection (malware-cnc.rules) * 1:49781 <-> DISABLED <-> FILE-OTHER Go binary dll-load exploit attempt (file-other.rules) * 1:49782 <-> DISABLED <-> FILE-OTHER Go binary dll-load exploit attempt (file-other.rules) * 1:49783 <-> DISABLED <-> FILE-OTHER Go binary dll-load exploit attempt (file-other.rules) * 1:49784 <-> DISABLED <-> FILE-OTHER Go binary dll-load exploit attempt (file-other.rules) * 1:49785 <-> DISABLED <-> FILE-OTHER Go binary dll-load exploit attempt (file-other.rules) * 1:49786 <-> DISABLED <-> FILE-OTHER Go binary bll-load exploit attempt (file-other.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49790 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49791 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49792 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49793 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49794 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:49795 <-> ENABLED <-> SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (server-webapp.rules) * 1:49796 <-> ENABLED <-> SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (server-webapp.rules) * 1:49799 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MHTML XXE external entity attempt (browser-ie.rules) * 1:498 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned root (indicator-compromise.rules) * 1:49800 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MHTML XXE external entity attempt (browser-ie.rules) * 1:49805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:49807 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49808 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49809 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49810 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:49811 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object property memory corruption attempt (browser-ie.rules) * 1:49817 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49818 <-> DISABLED <-> SERVER-WEBAPP Trend Micro DDEI directory traversal attempt (server-webapp.rules) * 1:49819 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:4982 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Adodb.Stream ActiveX object access (browser-plugins.rules) * 1:49820 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49821 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49822 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49823 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49824 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49825 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49826 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49827 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49828 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49829 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49830 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49831 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49832 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49833 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49834 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49835 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49836 <-> DISABLED <-> SERVER-WEBAPP DoD IT Solutions Homey BnB script SQL injection attempt (server-webapp.rules) * 1:49837 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49838 <-> DISABLED <-> SERVER-WEBAPP Tpshop remote file include attempt (server-webapp.rules) * 1:49839 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:4984 <-> DISABLED <-> SQL sa brute force failed login unicode attempt (sql.rules) * 1:49840 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49841 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49842 <-> DISABLED <-> SERVER-WEBAPP LG-Ericsson iPECS NMS 30M directory traversal attempt (server-webapp.rules) * 1:49845 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49847 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49848 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:49849 <-> DISABLED <-> SERVER-WEBAPP All in One Video Downloader SQL injection attempt (server-webapp.rules) * 1:4985 <-> DISABLED <-> SERVER-WEBAPP Twiki rdiff rev command injection attempt (server-webapp.rules) * 1:4986 <-> DISABLED <-> SERVER-WEBAPP Twiki view rev command injection attempt (server-webapp.rules) * 1:49860 <-> DISABLED <-> POLICY-OTHER TP-Link TL-WA850RE remote reboot attempt (policy-other.rules) * 1:49861 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:49862 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:49863 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:49864 <-> DISABLED <-> FILE-OTHER Multiple Products XML external entity information disclosure attempt (file-other.rules) * 1:49865 <-> DISABLED <-> FILE-OTHER Multiple Products XML external entity information disclosure attempt (file-other.rules) * 1:49868 <-> DISABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules) * 1:49869 <-> DISABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules) * 1:4987 <-> DISABLED <-> SERVER-WEBAPP Twiki viewfile rev command injection attempt (server-webapp.rules) * 1:49870 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:49871 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:49872 <-> DISABLED <-> SERVER-OTHER Drager X-Dock dxmanager denial of service attempt (server-other.rules) * 1:49873 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:49874 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:49875 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:49876 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:49877 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:49878 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:4988 <-> DISABLED <-> SERVER-WEBAPP Barracuda IMG.PL directory traversal attempt (server-webapp.rules) * 1:49880 <-> DISABLED <-> SERVER-OTHER Corosync 2.3+ with sha1 integer overflow attempt detected (server-other.rules) * 1:49881 <-> DISABLED <-> SERVER-OTHER Corosync 2.3+ with md5 integer overflow attempt detected (server-other.rules) * 1:49882 <-> DISABLED <-> SERVER-OTHER Corosync 2.3+ with sha256 integer overflow attempt detected (server-other.rules) * 1:49883 <-> DISABLED <-> SERVER-OTHER Corosync 2.3+ with sha384 integer overflow attempt detected (server-other.rules) * 1:49884 <-> DISABLED <-> SERVER-OTHER Corosync 2.3+ with sha512 integer overflow attempt detected (server-other.rules) * 1:49885 <-> ENABLED <-> SERVER-APACHE Apache Struts2 remote code execution attempt (server-apache.rules) * 1:49886 <-> DISABLED <-> BROWSER-IE Microsoft Windows IOleCvt interface use attempt (browser-ie.rules) * 1:49887 <-> DISABLED <-> BROWSER-IE Microsoft Windows IOleCvt interface use attempt (browser-ie.rules) * 1:49888 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.Emotet malicious dropper download attempt (malware-other.rules) * 1:49889 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.Emotet malicious dropper download attempt (malware-other.rules) * 1:4989 <-> DISABLED <-> SERVER-MSSQL heap-based overflow attempt (server-mssql.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49898 <-> ENABLED <-> SERVER-WEBAPP Zimbra SSRF privilege escalation attempt (server-webapp.rules) * 1:49899 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt (server-webapp.rules) * 1:4990 <-> DISABLED <-> SERVER-MSSQL heap-based overflow attempt (server-mssql.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:49904 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules) * 1:49905 <-> DISABLED <-> BROWSER-PLUGINS Tom Sawyer GET extension ActiveX function call access attempt (browser-plugins.rules) * 1:49913 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader file download request (malware-cnc.rules) * 1:49914 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules) * 1:49915 <-> ENABLED <-> MALWARE-CNC Win.Downloader.JasperLoader outbound connection (malware-cnc.rules) * 1:49916 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader update request (malware-cnc.rules) * 1:49917 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules) * 1:49918 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength appendItem use after free attempt (browser-firefox.rules) * 1:49919 <-> DISABLED <-> SERVER-WEBAPP generic session fixation attempt (server-webapp.rules) * 1:49920 <-> DISABLED <-> SERVER-WEBAPP generic cross site scripting via url attempt (server-webapp.rules) * 1:49921 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules) * 1:49922 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules) * 1:49923 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center userRequest command injection attempt (server-webapp.rules) * 1:49924 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules) * 1:49925 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules) * 1:49926 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center tsmRequest command injection attempt (server-webapp.rules) * 1:49927 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS Point of Sale Driver stack buffer overflow attempt (browser-plugins.rules) * 1:49928 <-> DISABLED <-> SERVER-WEBAPP Multiple products HTML5 ping DDoS attempt (server-webapp.rules) * 1:49929 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:49930 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:49931 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:49932 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:49933 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules) * 1:49934 <-> ENABLED <-> MALWARE-OTHER Xls.Dropper.RogueRobin file download attempt (malware-other.rules) * 1:49935 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules) * 1:49936 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.RogueRobin executable file download attempt (malware-other.rules) * 1:49937 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules) * 1:49938 <-> DISABLED <-> SERVER-WEBAPP Tenda Wireless N150 Router cross-site request forgery attempt (server-webapp.rules) * 1:49940 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:49941 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection attempt (malware-cnc.rules) * 1:49942 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49943 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49944 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49945 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49946 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:49950 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:49951 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer TextData object use after free attempt (browser-ie.rules) * 1:49952 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules) * 1:49953 <-> DISABLED <-> MALWARE-CNC Win.Downloader.AutoIt outbound connection (malware-cnc.rules) * 1:49954 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer compromised website (malware-cnc.rules) * 1:49955 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer compromised website (malware-cnc.rules) * 1:49956 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer outbound connection (malware-cnc.rules) * 1:49957 <-> ENABLED <-> MALWARE-CNC Js.Trojan.Agent JS Sniffer compromised website (malware-cnc.rules) * 1:49958 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Clop download attempt (malware-other.rules) * 1:49959 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Clop download attempt (malware-other.rules) * 1:49960 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Clop download attempt (malware-other.rules) * 1:49961 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Clop download attempt (malware-other.rules) * 1:49962 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:49963 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:49964 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client domain search integer underflow attempt (os-windows.rules) * 1:49965 <-> ENABLED <-> SERVER-WEBAPP Atlassian confluence widget remote code execution attempt (server-webapp.rules) * 1:49966 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (server-webapp.rules) * 1:49967 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (server-webapp.rules) * 1:49968 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:49969 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49970 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49971 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49972 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49973 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49974 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49975 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49976 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:49980 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Gateway arbitrary code execution attempt (server-other.rules) * 1:49981 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Gateway arbitrary code execution attempt (server-other.rules) * 1:49988 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules) * 1:49989 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules) * 1:49991 <-> DISABLED <-> SERVER-WEBAPP WordPress WooCommerce Checkout Manager Plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:50001 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Gateway arbitrary command execution attempt (server-other.rules) * 1:50002 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Gateway arbitrary command execution attempt (server-other.rules) * 1:50003 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server RFC server registration attempt (server-other.rules) * 1:50004 <-> DISABLED <-> BROWSER-IE Javascript CollectGarbage use-after-free attempt (browser-ie.rules) * 1:50005 <-> DISABLED <-> BROWSER-IE Javascript CollectGarbage use-after-free attempt (browser-ie.rules) * 1:50008 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper SectorB06 malicious rtf dropper download attempt (malware-cnc.rules) * 1:50009 <-> ENABLED <-> MALWARE-CNC Win.Doc.Dropper SectorB06 malicious rtf dropper download attempt (malware-cnc.rules) * 1:50010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SectorB06 malicious executable download attempt (malware-cnc.rules) * 1:50011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SectorB06 malicious executable download attempt (malware-cnc.rules) * 1:50012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SectorB06 malicious executable download attempt (malware-cnc.rules) * 1:50013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SectorB06 malicious executable download attempt (malware-cnc.rules) * 1:50014 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50015 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50016 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50017 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50018 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50019 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50020 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50021 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50022 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50023 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50024 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50025 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50026 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:50027 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules) * 1:50028 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules) * 1:50029 <-> DISABLED <-> PUA-ADWARE Osx.Adware.TotalAdviseSearch variant download attempt (pua-adware.rules) * 1:50030 <-> DISABLED <-> SERVER-WEBAPP Dojo Toolkit SDK cross site scripting attempt (server-webapp.rules) * 1:50031 <-> DISABLED <-> SERVER-WEBAPP Dojo Toolkit SDK cross site scripting attempt (server-webapp.rules) * 1:50032 <-> DISABLED <-> SERVER-WEBAPP Dojo Toolkit SDK cross site scripting attempt (server-webapp.rules) * 1:50033 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit updateReferencedText use-after-free attempt (browser-webkit.rules) * 1:50034 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit updateReferencedText use-after-free attempt (browser-webkit.rules) * 1:50041 <-> ENABLED <-> SERVER-WEBAPP Jenkins CI Server ASTTest code execution attempt (server-webapp.rules) * 1:50042 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50043 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Fareit variant binary download attempt (malware-other.rules) * 1:50044 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50045 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.FormBook variant binary download attempt (malware-other.rules) * 1:50046 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50047 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.GenKryptik variant binary download attempt (malware-other.rules) * 1:50048 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Fareit variant outbound connection (malware-cnc.rules) * 1:50049 <-> ENABLED <-> MALWARE-CNC Win.Dropper.FormBook variant outbound connection (malware-cnc.rules) * 1:50050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50051 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pirpi malicious executable download attempt (malware-cnc.rules) * 1:50054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.HTran malicious executable download attempt (malware-cnc.rules) * 1:50056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50062 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer malicious executable download attempt (malware-cnc.rules) * 1:50064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer variant outbound connection (malware-cnc.rules) * 1:50065 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules) * 1:50066 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Robinhood variant file transfer attempt (malware-other.rules) * 1:50067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrackXTSR variant outbound response attempt (malware-cnc.rules) * 1:50068 <-> ENABLED <-> OS-WINDOWS Microsoft Windows arbitrary registry access privilege escalation attempt (os-windows.rules) * 1:50069 <-> ENABLED <-> OS-WINDOWS Microsoft Windows arbitrary registry access privilege escalation attempt (os-windows.rules) * 1:50070 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50071 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50072 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50073 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50074 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50075 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50076 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50077 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50078 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50079 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50080 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50081 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50082 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:50083 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:50084 <-> DISABLED <-> OS-WINDOWS Windows Kernel Registry Virtualization privilege escalation attempt (os-windows.rules) * 1:50085 <-> DISABLED <-> OS-WINDOWS Windows Kernel Registry Virtualization privilege escalation attempt (os-windows.rules) * 1:50086 <-> DISABLED <-> FILE-OFFICE Microsoft Windows GDI EMR_POLYTEXTOUTW out-of-bounds read attempt (file-office.rules) * 1:50087 <-> DISABLED <-> FILE-OFFICE Microsoft Windows GDI EMR_POLYTEXTOUTW out-of-bounds read attempt (file-office.rules) * 1:50088 <-> ENABLED <-> FILE-IMAGE Microsoft Windows OLE Load Picture remote code execution attempt (file-image.rules) * 1:50089 <-> ENABLED <-> FILE-IMAGE Microsoft Windows OLE Load Picture remote code execution attempt (file-image.rules) * 1:50090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS elevation of privilege attempt (os-windows.rules) * 1:50091 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS elevation of privilege attempt (os-windows.rules) * 1:50092 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Filensfer connection attempt (malware-cnc.rules) * 1:50093 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:50094 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:50095 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner self-signed certificate attempt (indicator-compromise.rules) * 1:50096 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner toolkit download attempt (indicator-compromise.rules) * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:50098 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:50099 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:50100 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner SMTP attack attempt (indicator-compromise.rules) * 1:50101 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner MSSQL attack attempt (indicator-compromise.rules) * 1:50102 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner LDAP attack attempt (indicator-compromise.rules) * 1:50103 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner SMB negotiation attack attempt (indicator-compromise.rules) * 1:50104 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner SMB negotiation attack attempt (indicator-compromise.rules) * 1:50105 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner SMB negotiation attack attempt (indicator-compromise.rules) * 1:50106 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner SMB attack attempt (indicator-compromise.rules) * 1:50107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound cnc connection (malware-cnc.rules) * 1:50108 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound cnc connection (malware-cnc.rules) * 1:50109 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound cnc connection (malware-cnc.rules) * 1:50112 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Agent ransom note transfer over SMB (malware-other.rules) * 1:50113 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.MegaLocker ransom note transfer over SMB (malware-other.rules) * 1:50115 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Error Reporting elevation of privilege attempt (os-windows.rules) * 1:50116 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Error Reporting elevation of privilege attempt (os-windows.rules) * 1:50119 <-> DISABLED <-> FILE-OTHER Windows GDI font out-of-bounds read attempt (file-other.rules) * 1:50120 <-> DISABLED <-> FILE-OTHER Windows GDI font out-of-bounds read attempt (file-other.rules) * 1:50121 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (os-windows.rules) * 1:50122 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TrueType font parsing integer underflow attempt (os-windows.rules) * 1:50123 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules) * 1:50124 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules) * 1:50125 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kpot variant outbound connection (malware-cnc.rules) * 1:50127 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveXObject javascript obfuscation attempt (indicator-obfuscation.rules) * 1:50128 <-> DISABLED <-> INDICATOR-OBFUSCATION ActiveXObject javascript obfuscation attempt (indicator-obfuscation.rules) * 1:50129 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:50130 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:50137 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RDP MS_T120 channel bind attempt (os-windows.rules) * 1:50138 <-> ENABLED <-> MALWARE-CNC Win.Dropper.ELECTRICFISH variant outbound connection (malware-cnc.rules) * 1:50139 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50140 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50141 <-> ENABLED <-> FILE-OTHER Adobe Acrobat type confusion attempt (file-other.rules) * 1:50142 <-> ENABLED <-> FILE-OTHER Adobe Acrobat type confusion attempt (file-other.rules) * 1:50143 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50144 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50145 <-> DISABLED <-> SERVER-WEBAPP CAS Server LDAP authentication bypass attempt (server-webapp.rules) * 1:50146 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChachaDDoS outbound connection (malware-cnc.rules) * 1:50147 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChachaDDoS outbound connection (malware-cnc.rules) * 1:50148 <-> DISABLED <-> SERVER-WEBAPP SirsiDynix e-Library cross site scripting attempt (server-webapp.rules) * 1:50149 <-> DISABLED <-> SERVER-WEBAPP SirsiDynix e-Library cross site scripting attempt (server-webapp.rules) * 1:50150 <-> ENABLED <-> FILE-PDF Adobe Acrobat use after free attempt (file-pdf.rules) * 1:50151 <-> ENABLED <-> FILE-PDF Adobe Acrobat use after free attempt (file-pdf.rules) * 1:50152 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:50153 <-> ENABLED <-> FILE-PDF Adobe Acrobat integer overflow attempt (file-pdf.rules) * 1:50154 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader variant outbound connection (malware-cnc.rules) * 1:50155 <-> ENABLED <-> MALWARE-CNC Win.Download.JasperLoader variant initial stage download request (malware-cnc.rules) * 1:50156 <-> ENABLED <-> MALWARE-CNC Win.Malware.JasperLoader variant outbound connection (malware-cnc.rules) * 1:50157 <-> ENABLED <-> MALWARE-CNC Win.Download.JasperLoader variant file download request (malware-cnc.rules) * 1:50158 <-> ENABLED <-> MALWARE-CNC Win.Download.JasperLoader variant file download request (malware-cnc.rules) * 1:50159 <-> ENABLED <-> MALWARE-CNC Win.Download.JasperLoader variant initial stage download request (malware-cnc.rules) * 1:50160 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit SVGTextLayoutAttributes use-after-free attempt (browser-webkit.rules) * 1:50161 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit SVGTextLayoutAttributes use-after-free attempt (browser-webkit.rules) * 1:50162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler _SchRpcRegisterTask privilege escalation attempt (os-windows.rules) * 1:50163 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Task Scheduler _SchRpcRegisterTask privilege escalation attempt (os-windows.rules) * 1:50164 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Winnti variant outbound connection (malware-cnc.rules) * 1:50165 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Winnti variant outbound ICMP connection (malware-cnc.rules) * 1:50166 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Winnti malicious executable download attempt (malware-cnc.rules) * 1:50167 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Winnti malicious executable download attempt (malware-cnc.rules) * 1:50168 <-> ENABLED <-> SERVER-WEBAPP Atlassian Confluence Data Center and Server directory traversal attempt (server-webapp.rules) * 1:50169 <-> ENABLED <-> SERVER-WEBAPP Atlassian Confluence Data Center and Server directory traversal attempt (server-webapp.rules) * 1:50170 <-> ENABLED <-> SERVER-WEBAPP Atlassian Confluence Data Center and Server directory traversal attempt (server-webapp.rules) * 1:50171 <-> ENABLED <-> MALWARE-CNC Php.Webshell.Backdoor inbound connection attempt (malware-cnc.rules) * 1:50172 <-> DISABLED <-> SERVER-WEBAPP Allied Telesis 8100L cross site scripting attempt (server-webapp.rules) * 1:50173 <-> DISABLED <-> SERVER-WEBAPP Allied Telesis 8100L cross site scripting attempt (server-webapp.rules) * 1:50174 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI component use after free attempt (os-windows.rules) * 1:50175 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI component use after free attempt (os-windows.rules) * 1:50176 <-> DISABLED <-> SERVER-OTHER Horos DICOM Medical Image Viewer stack overflow attempt (server-other.rules) * 1:50177 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50178 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50179 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50180 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buckeye malicious executable download attempt (malware-cnc.rules) * 1:50182 <-> DISABLED <-> INDICATOR-SCAN PHP backdoor scan attempt (indicator-scan.rules) * 1:50183 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox escape attempt (browser-ie.rules) * 1:50184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer sandbox escape attempt (browser-ie.rules) * 1:50185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:50190 <-> DISABLED <-> OS-LINUX Debian apt remote code execution attempt (os-linux.rules) * 1:50191 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit updateMinimumColumnHeight use-after-free attempt (browser-webkit.rules) * 1:50192 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit updateMinimumColumnHeight use-after-free attempt (browser-webkit.rules) * 1:50193 <-> DISABLED <-> POLICY-OTHER Intel AMT IDE Redirection session establishment attempt (policy-other.rules) * 1:50194 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50195 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50196 <-> DISABLED <-> POLICY-OTHER Intel AMT KVM connection attempt (policy-other.rules) * 1:50197 <-> DISABLED <-> POLICY-OTHER Intel AMT WebUI configuration attempt (policy-other.rules) * 1:50198 <-> DISABLED <-> OS-WINDOWS Windows DACL privilege escalation attempt (os-windows.rules) * 1:50199 <-> DISABLED <-> OS-WINDOWS Windows DACL privilege escalation attempt (os-windows.rules) * 1:50200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules) * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules) * 1:50202 <-> DISABLED <-> INDICATOR-COMPROMISE Peppa Pig botnet outbound scan attempt (indicator-compromise.rules) * 1:50203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant outbound connection (malware-cnc.rules) * 1:50204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant outbound connection (malware-cnc.rules) * 1:50205 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50206 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50207 <-> ENABLED <-> OS-WINDOWS Windows Installer bypass privilege escalation attempt (os-windows.rules) * 1:50208 <-> ENABLED <-> OS-WINDOWS Windows Installer bypass privilege escalation attempt (os-windows.rules) * 1:50209 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50210 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50211 <-> ENABLED <-> FILE-PDF Adobe Acrobat use after free attempt (file-pdf.rules) * 1:50212 <-> ENABLED <-> FILE-PDF Adobe Acrobat use after free attempt (file-pdf.rules) * 1:50213 <-> ENABLED <-> FILE-OTHER Adobe Acrobat use after free attempt (file-other.rules) * 1:50214 <-> ENABLED <-> FILE-OTHER Adobe Acrobat use after free attempt (file-other.rules) * 1:50215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reaver malicious executable download attempt (malware-cnc.rules) * 1:50216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reaver variant outbound connection attempt (malware-cnc.rules) * 1:50217 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reaver malicious executable download attempt (malware-cnc.rules) * 1:50218 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reaver malicious executable download attempt (malware-cnc.rules) * 1:50219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reaver malicious executable download attempt (malware-cnc.rules) * 1:50220 <-> ENABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:50221 <-> ENABLED <-> FILE-PDF Adobe Acrobat untrusted pointer dereference attempt (file-pdf.rules) * 1:50222 <-> ENABLED <-> FILE-OTHER Adobe Acrobat use after free attempt (file-other.rules) * 1:50223 <-> ENABLED <-> FILE-OTHER Adobe Acrobat use after free attempt (file-other.rules) * 1:50224 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50225 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50226 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50227 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50228 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50229 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50230 <-> ENABLED <-> FILE-OTHER Adobe Acrobat malformed font file use after free attempt (file-other.rules) * 1:50231 <-> ENABLED <-> FILE-OTHER Adobe Acrobat malformed font file use after free attempt (file-other.rules) * 1:50232 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out-of-bounds read attempt (file-other.rules) * 1:50233 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out-of-bounds read attempt (file-other.rules) * 1:50234 <-> ENABLED <-> FILE-OTHER Adobe Acrobat type confusion attempt (file-other.rules) * 1:50235 <-> ENABLED <-> FILE-OTHER Adobe Acrobat type confusion attempt (file-other.rules) * 1:50236 <-> ENABLED <-> FILE-OTHER Adobe Acrobat PostScript file parsing TBuildCharDict use after free attempt (file-other.rules) * 1:50237 <-> ENABLED <-> FILE-OTHER Adobe Acrobat PostScript file parsing TBuildCharDict use after free attempt (file-other.rules) * 1:50238 <-> ENABLED <-> FILE-PDF Adobe Acrobat use after free attempt (file-pdf.rules) * 1:50239 <-> ENABLED <-> FILE-PDF Adobe Acrobat use after free attempt (file-pdf.rules) * 1:50240 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out-of-bounds read attempt (file-other.rules) * 1:50241 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out-of-bounds read attempt (file-other.rules) * 1:50242 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50243 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50244 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50245 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50246 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat out-of-bounds write attempt (file-image.rules) * 1:50247 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat out-of-bounds write attempt (file-image.rules) * 1:50248 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out-of-bounds read attempt (file-other.rules) * 1:50249 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out-of-bounds read attempt (file-other.rules) * 1:50250 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50251 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50252 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat out-of-bounds write attempt (file-image.rules) * 1:50253 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat out-of-bounds write attempt (file-image.rules) * 1:50254 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50255 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds write attempt (file-pdf.rules) * 1:50256 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out-of-bounds read attempt (file-other.rules) * 1:50257 <-> ENABLED <-> FILE-OTHER Adobe Acrobat out-of-bounds read attempt (file-other.rules) * 1:50258 <-> ENABLED <-> MALWARE-CNC Win.Downloader.TeamBot outbound cnc connection (malware-cnc.rules) * 1:50259 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeamBot outbound cnc connection (malware-cnc.rules) * 1:50260 <-> ENABLED <-> MALWARE-CNC Win.Downloader.TeamBot additional payload download attempt (malware-cnc.rules) * 1:50261 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeamBot outbound cnc connection (malware-cnc.rules) * 1:50262 <-> ENABLED <-> MALWARE-CNC Win.Downloader.TeamBot additional payload download attempt (malware-cnc.rules) * 1:50263 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeamBot outbound cnc connection (malware-cnc.rules) * 1:50264 <-> ENABLED <-> MALWARE-CNC Win.Downloader.TeamBot outbound cnc connection (malware-cnc.rules) * 1:50267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50271 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50272 <-> ENABLED <-> FILE-PDF Adobe Acrobat out-of-bounds read attempt (file-pdf.rules) * 1:50275 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:50276 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Chopper webshell inbound request attempt (malware-backdoor.rules) * 1:50277 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Chopper webshell inbound request attempt (malware-backdoor.rules) * 1:50278 <-> ENABLED <-> MALWARE-BACKDOOR MultiOS.Backdoor.Agent webshell implant attempt (malware-backdoor.rules) * 1:50279 <-> ENABLED <-> MALWARE-OTHER Doc.Trojan.Xshell variant download attempt (malware-other.rules) * 1:50280 <-> ENABLED <-> MALWARE-OTHER Doc.Trojan.Xshell variant download attempt (malware-other.rules) * 1:50281 <-> ENABLED <-> MALWARE-CNC Unix.Miner.Decred variant outbound connection (malware-cnc.rules) * 1:50282 <-> ENABLED <-> MALWARE-CNC Unix.Miner.Decred variant outbound connection (malware-cnc.rules) * 1:50283 <-> ENABLED <-> MALWARE-CNC Unix.Miner.Decred variant outbound connection (malware-cnc.rules) * 1:50284 <-> ENABLED <-> MALWARE-CNC Unix.Miner.Decred variant outbound connection (malware-cnc.rules) * 1:50285 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Decred additional payload download attempt (malware-other.rules) * 1:50286 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Decred additional payload download attempt (malware-other.rules) * 1:50287 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Decred additional payload download attempt (malware-other.rules) * 1:50288 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Decred additional payload download attempt (malware-other.rules) * 1:50289 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Decred additional payload download attempt (malware-other.rules) * 1:50290 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Decred additional payload download attempt (malware-other.rules) * 1:50291 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Decred additional payload download attempt (malware-other.rules) * 1:50292 <-> ENABLED <-> MALWARE-OTHER Unix.Miner.Decred additional payload download attempt (malware-other.rules) * 1:50293 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit updateDescendantDependentFlags use-after-free attempt (browser-webkit.rules) * 1:50294 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit updateDescendantDependentFlags use-after-free attempt (browser-webkit.rules) * 1:50297 <-> ENABLED <-> FILE-PDF Adobe Acrobat execCalculate use after free attempt (file-pdf.rules) * 1:50298 <-> ENABLED <-> FILE-PDF Adobe Acrobat execCalculate use after free attempt (file-pdf.rules) * 1:50299 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Convert Plus unauthenticated administrator account creation attempt (server-webapp.rules) * 1:50300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50301 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TRITON attack tool outbound connection (malware-cnc.rules) * 1:50304 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50305 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50306 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50307 <-> DISABLED <-> SERVER-WEBAPP OpenDreamBox 2.0.0 Plugin WebAdmin command injection attempt (server-webapp.rules) * 1:50308 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50309 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50310 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50311 <-> DISABLED <-> SERVER-WEBAPP Dell KACE K1000 command injection attempt (server-webapp.rules) * 1:50312 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50313 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50314 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50315 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO5 Travel router command injection attempt (server-webapp.rules) * 1:50316 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50317 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50318 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50319 <-> DISABLED <-> SERVER-WEBAPP Asus DSL-N12E_C1 1.1.2.3_345 command injection attempt (server-webapp.rules) * 1:50321 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50322 <-> DISABLED <-> SERVER-WEBAPP MiCasaVerde VeraLite remote code execution attempt (server-webapp.rules) * 1:50323 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50324 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50325 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50326 <-> DISABLED <-> SERVER-WEBAPP Crestron AM platform command injection attempt (server-webapp.rules) * 1:50327 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50328 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50329 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50330 <-> DISABLED <-> SERVER-WEBAPP LG SuperSignEz CMS command injection attempt (server-webapp.rules) * 1:50331 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50332 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50333 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50334 <-> DISABLED <-> SERVER-WEBAPP Asustor ADM command injection attempt (server-webapp.rules) * 1:50336 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50337 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50338 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50339 <-> ENABLED <-> SERVER-WEBAPP GoAhead IP Camera set_ftp.cgi command injection attempt (server-webapp.rules) * 1:50340 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50341 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50342 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50343 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric U.Motion Builder command injection attempt (server-webapp.rules) * 1:50344 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50345 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50346 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50347 <-> ENABLED <-> SERVER-WEBAPP VMWare NSX SD-WAN Edge command injection attempt (server-webapp.rules) * 1:50348 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DNSpionage variant download attempt (malware-other.rules) * 1:50349 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DNSpionage variant download attempt (malware-other.rules) * 1:50350 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DNSpionage variant download attempt (malware-other.rules) * 1:50351 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Karkoff variant download attempt (malware-other.rules) * 1:50352 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Karkoff binary download attempt (malware-other.rules) * 1:50353 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DNSpionage variant download attempt (malware-other.rules) * 1:50354 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Karkoff variant download attempt (malware-other.rules) * 1:50355 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Karkoff binary download attempt (malware-other.rules) * 1:50356 <-> ENABLED <-> SERVER-MAIL Exim remote command execution attempt (server-mail.rules) * 1:50357 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50358 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50359 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra scripting engine memory corruption attempt (browser-ie.rules) * 1:50360 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra scripting engine memory corruption attempt (browser-ie.rules) * 1:50361 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:50362 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:50363 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtGdiExtFloodFill memory corruption attempt (os-windows.rules) * 1:50364 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k NtGdiExtFloodFill memory corruption attempt (os-windows.rules) * 1:50365 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DComposition privilege escalation attempt (os-windows.rules) * 1:50366 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DComposition privilege escalation attempt (os-windows.rules) * 1:50367 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:50368 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:50369 <-> ENABLED <-> OS-WINDOWS Microsoft Windows user profile service elevation of privilege attempt (os-windows.rules) * 1:50370 <-> ENABLED <-> OS-WINDOWS Microsoft Windows user profile service elevation of privilege attempt (os-windows.rules) * 1:50371 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:50372 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:50373 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50374 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50375 <-> ENABLED <-> OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (os-windows.rules) * 1:50376 <-> ENABLED <-> OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (os-windows.rules) * 1:50377 <-> ENABLED <-> MALWARE-OTHER Doc.Downloader.Agent variant download attempt (malware-other.rules) * 1:50378 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Sodinokibi variant download attempt (malware-other.rules) * 1:50379 <-> ENABLED <-> MALWARE-OTHER Doc.Downloader.Agent variant download attempt (malware-other.rules) * 1:50380 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PlugX variant outbound connection (malware-cnc.rules) * 1:50381 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:50382 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:50383 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Quasar variant outbound connection (malware-cnc.rules) * 1:50384 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:50385 <-> DISABLED <-> POLICY-OTHER Remote Command Executor remote administration tool use attempt (policy-other.rules) * 1:50386 <-> ENABLED <-> MALWARE-CNC MultiOS.Backdoor.Antak webshell access attempt (malware-cnc.rules) * 1:50387 <-> ENABLED <-> MALWARE-CNC MultiOS.Backdoor.Antak webshell communication attempt (malware-cnc.rules) * 1:50388 <-> ENABLED <-> MALWARE-CNC MultiOS.Backdoor.Antak webshell communication attempt (malware-cnc.rules) * 1:50389 <-> ENABLED <-> MALWARE-CNC MultiOS.Backdoor.Termite communication attempt (malware-cnc.rules) * 1:50390 <-> ENABLED <-> INDICATOR-COMPROMISE SMBRelay tool use attempt (indicator-compromise.rules) * 1:50391 <-> ENABLED <-> INDICATOR-COMPROMISE SMBRelay tool use attempt (indicator-compromise.rules) * 1:50392 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP command injection attempt (server-webapp.rules) * 1:50393 <-> DISABLED <-> FILE-PDF Microsoft Speech API remote code execution attempt (file-pdf.rules) * 1:50394 <-> DISABLED <-> FILE-PDF Microsoft Speech API remote code execution attempt (file-pdf.rules) * 1:50395 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra memory corruption attempt (browser-ie.rules) * 1:50396 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra memory corruption attempt (browser-ie.rules) * 1:50397 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50398 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50399 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50400 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50401 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50402 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50403 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50404 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50405 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50406 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50407 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50408 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50409 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.OilRig jason bruteforcing tool download attempt (malware-tools.rules) * 1:50410 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.OilRig jason bruteforcing tool download attempt (malware-tools.rules) * 1:50411 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:50412 <-> DISABLED <-> OS-WINDOWS Windows Common Log File System Driver privilege escalation attempt (os-windows.rules) * 1:50413 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:50414 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ALPC privilege escalation attempt (os-windows.rules) * 1:50415 <-> DISABLED <-> SERVER-WEBAPP Infomir Ministra authentication bypass attempt (server-webapp.rules) * 1:50416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:50417 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:50418 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:50419 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:50420 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:50421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:50422 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:50423 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:50424 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - BURAN - Win.Trojan.Buran (malware-cnc.rules) * 1:50425 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buran malicious Buran ransomware download attempt (malware-cnc.rules) * 1:50426 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Buran malicious Buran ransomware download attempt (malware-cnc.rules) * 1:50428 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server authenticated arbitrary JSP file upload attempt (server-webapp.rules) * 1:50429 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Reptilicus variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50430 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Reptilicus variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50431 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Reptilicus variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50432 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Reptilicus variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50433 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Reptilicus variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50434 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Reptilicus variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50435 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.iSpyoo variant post-compromise outbound connection (malware-cnc.rules) * 1:50436 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.iSpyoo variant post-compromise outbound connection (malware-cnc.rules) * 1:50437 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.iSpyoo variant post-compromise outbound connection (malware-cnc.rules) * 1:50438 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.iSpyoo variant post-compromise outbound connection (malware-cnc.rules) * 1:50439 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.iSpyoo variant post-compromise outbound connection (malware-cnc.rules) * 1:50440 <-> ENABLED <-> MALWARE-CNC Win.Malware.Ramnit inbound VERIFY_HOST response (malware-cnc.rules) * 1:50441 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50442 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50443 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50444 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules) * 1:50445 <-> ENABLED <-> MALWARE-CNC Win.Downloader.TeamBot additional payload download attempt (malware-cnc.rules) * 1:50446 <-> ENABLED <-> MALWARE-CNC Win.Downloader.TeamBot outbound cnc connection (malware-cnc.rules) * 1:50447 <-> DISABLED <-> POLICY-OTHER HTTP request by IPv4 address attempt (policy-other.rules) * 1:50448 <-> ENABLED <-> FILE-PDF Adobe Acrobat double free attempt (file-pdf.rules) * 1:50449 <-> ENABLED <-> FILE-PDF Adobe Acrobat double free attempt (file-pdf.rules) * 1:50450 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SymCrypt modular inverse algorithm denial of service attempt (os-windows.rules) * 1:50451 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:50452 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:50453 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical width overflow attempt (file-image.rules) * 1:50454 <-> DISABLED <-> FILE-IMAGE Directshow GIF logical height overflow attempt (file-image.rules) * 1:50455 <-> ENABLED <-> SERVER-WEBAPP IBM WebSphere Application Server remote code execution attempt (server-webapp.rules) * 1:50456 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.HiddenWasp trojan variant outbound connection (malware-cnc.rules) * 1:50457 <-> ENABLED <-> MALWARE-TOOLS Unix.Downloader.HiddenWasp initial deployment script download attempt (malware-tools.rules) * 1:50458 <-> ENABLED <-> MALWARE-TOOLS Unix.Downloader.HiddenWasp initial deployment script download attempt (malware-tools.rules) * 1:50459 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:50460 <-> DISABLED <-> FILE-JAVA Oracle Java AtomicReferenceFieldUpdater remote code execution attempt (file-java.rules) * 1:50461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:50462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malicious cce value following a PtgMemFunc token (file-office.rules) * 1:50463 <-> ENABLED <-> INDICATOR-COMPROMISE Mimikatz use via SMB attempt (indicator-compromise.rules) * 1:50464 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner NetServer enumeration attempt (indicator-compromise.rules) * 1:50465 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner SMB negotiation attack attempt (indicator-compromise.rules) * 1:50466 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner SMB negotiation attack attempt (indicator-compromise.rules) * 1:50467 <-> ENABLED <-> INDICATOR-COMPROMISE Mimikatz use via SMB attempt (indicator-compromise.rules) * 1:50468 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner SMB negotiation attack attempt (indicator-compromise.rules) * 1:50473 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50474 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:50475 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell access attempt (malware-backdoor.rules) * 1:50476 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell transfer attempt (malware-backdoor.rules) * 1:50477 <-> ENABLED <-> MALWARE-BACKDOOR JSP Web shell transfer attempt (malware-backdoor.rules) * 1:50478 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:50479 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.CoinMiner dropper transfer attempt (malware-tools.rules) * 1:50480 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Catwatchful variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50481 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Catwatchful variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50482 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Catwatchful variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50483 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Catwatchful client app variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50484 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.Catwatchful client app variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50490 <-> DISABLED <-> SERVER-WEBAPP TYPO3 PharStreamWrapper Package directory traversal attempt (server-webapp.rules) * 1:50491 <-> DISABLED <-> SERVER-WEBAPP TYPO3 PharStreamWrapper Package directory traversal attempt (server-webapp.rules) * 1:50493 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.AppSpy variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50494 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.AppSpy variant post-compromise outbound connection detected (malware-cnc.rules) * 1:50495 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Waterbug variant malicious VBScript download attempt (malware-other.rules) * 1:50496 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Waterbug variant malicious VBScript download attempt (malware-other.rules) * 1:50497 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterbug variant outbound connection (malware-cnc.rules) * 1:50498 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Netwire variant payload download attempt (malware-cnc.rules) * 1:50499 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Mokes variant outbound cnc connection (malware-cnc.rules) * 1:505 <-> DISABLED <-> SERVER-OTHER Insecure TIMBUKTU Password (server-other.rules) * 1:50500 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Netwire variant payload download attempt (malware-cnc.rules) * 1:50501 <-> ENABLED <-> MALWARE-CNC Win.Coinminer.Vools variant outbound connection (malware-cnc.rules) * 1:50504 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails Active Storage deserialization remote code execution attempt (server-webapp.rules) * 1:50505 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:50506 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:50507 <-> ENABLED <-> MALWARE-BACKDOOR WebShellOrb PHP shell outbound connection attempt (malware-backdoor.rules) * 1:50508 <-> ENABLED <-> MALWARE-BACKDOOR WebShellOrb PHP shell upload attempt (malware-backdoor.rules) * 1:50509 <-> ENABLED <-> EXPLOIT-KIT Spelevo Exploit Kit landing page detected (exploit-kit.rules) * 1:50510 <-> ENABLED <-> EXPLOIT-KIT Spelevo Exploit Kit landing page detected (exploit-kit.rules) * 1:50511 <-> ENABLED <-> EXPLOIT-KIT Spelevo Exploit Kit browser exploit page detected (exploit-kit.rules) * 1:50517 <-> ENABLED <-> INDICATOR-COMPROMISE undocumented SMB dialect request attempt (indicator-compromise.rules) * 1:50518 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:50519 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules) * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules) * 1:50522 <-> DISABLED <-> SERVER-WEBAPP Infomir Ministra PHP object injection attempt (server-webapp.rules) * 1:50523 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant outbound connection (malware-cnc.rules) * 1:50524 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant outbound connection (malware-cnc.rules) * 1:50525 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant outbound connection (malware-cnc.rules) * 1:50526 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant payload download attempt (malware-cnc.rules) * 1:50527 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant payload download attempt (malware-cnc.rules) * 1:50528 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant payload download attempt (malware-cnc.rules) * 1:50529 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant outbound connection (malware-cnc.rules) * 1:50530 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant outbound connection (malware-cnc.rules) * 1:50531 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant outbound attempt (malware-cnc.rules) * 1:50532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scranos variant outbound connection (malware-cnc.rules) * 1:50533 <-> ENABLED <-> SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (server-webapp.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50538 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU status message (protocol-scada.rules) * 1:50539 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU identify message (protocol-scada.rules) * 1:50540 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU rename message (protocol-scada.rules) * 1:50541 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getNameList message (protocol-scada.rules) * 1:50542 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU read message (protocol-scada.rules) * 1:50543 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU write message (protocol-scada.rules) * 1:50544 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU defineScatteredAccess message (protocol-scada.rules) * 1:50545 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU defineNamedVariableList message (protocol-scada.rules) * 1:50546 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getVariableAccessAttributes message (protocol-scada.rules) * 1:50547 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU defineNamedVariable message (protocol-scada.rules) * 1:50548 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteVariableAccess message (protocol-scada.rules) * 1:50549 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getScatteredAccessAttributes message (protocol-scada.rules) * 1:50550 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getNamedVariableListAttributes message (protocol-scada.rules) * 1:50551 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteNamedVariableList message (protocol-scada.rules) * 1:50552 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU defineNamedType message (protocol-scada.rules) * 1:50553 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getNamedTypeAttributes message (protocol-scada.rules) * 1:50554 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteNamedType message (protocol-scada.rules) * 1:50555 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU input message (protocol-scada.rules) * 1:50556 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU output message (protocol-scada.rules) * 1:50557 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU takeControl message (protocol-scada.rules) * 1:50558 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU relinquishControl message (protocol-scada.rules) * 1:50559 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU defineSemaphore message (protocol-scada.rules) * 1:50560 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteSemaphore message (protocol-scada.rules) * 1:50561 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU reportSemaphoreStatus message (protocol-scada.rules) * 1:50562 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU reportPoolSemaphoreStatus message (protocol-scada.rules) * 1:50563 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU reportSemaphoreEntryStatus message (protocol-scada.rules) * 1:50564 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU initiateDownloadSequence message (protocol-scada.rules) * 1:50565 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU downloadSegment message (protocol-scada.rules) * 1:50566 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU terminateDownloadSequence message (protocol-scada.rules) * 1:50567 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU initiateUploadSequence message (protocol-scada.rules) * 1:50568 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU uploadSegment message (protocol-scada.rules) * 1:50569 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU terminateUploadSequence message (protocol-scada.rules) * 1:50570 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU DomainDownload message (protocol-scada.rules) * 1:50571 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU loadDomainContent message (protocol-scada.rules) * 1:50572 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU storeDomainContent message (protocol-scada.rules) * 1:50573 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU DomainUpload message (protocol-scada.rules) * 1:50574 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getDomainAttributes message (protocol-scada.rules) * 1:50575 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteProgramInvocation message (protocol-scada.rules) * 1:50576 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU createProgramInvocation message (protocol-scada.rules) * 1:50577 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteDomain message (protocol-scada.rules) * 1:50578 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU stop message (protocol-scada.rules) * 1:50579 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU start message (protocol-scada.rules) * 1:50580 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU resume message (protocol-scada.rules) * 1:50581 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU reset message (protocol-scada.rules) * 1:50582 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU kill message (protocol-scada.rules) * 1:50583 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getProgramInvocationAttributes message (protocol-scada.rules) * 1:50584 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU obtainFile message (protocol-scada.rules) * 1:50585 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU defineEventCondition message (protocol-scada.rules) * 1:50586 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU triggerEvent message (protocol-scada.rules) * 1:50587 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU alterEventConditionMonitoring message (protocol-scada.rules) * 1:50588 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getEventConditionAttributes message (protocol-scada.rules) * 1:50589 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU reportEventConditionStatus message (protocol-scada.rules) * 1:50590 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteEventAction message (protocol-scada.rules) * 1:50591 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteEventCondition message (protocol-scada.rules) * 1:50592 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU defineEventAction message (protocol-scada.rules) * 1:50593 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU reportEventActionStatus message (protocol-scada.rules) * 1:50594 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getEventActionAttributes message (protocol-scada.rules) * 1:50595 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU defineEventEnrollment message (protocol-scada.rules) * 1:50596 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU reportEventEnrollmentStatus message (protocol-scada.rules) * 1:50597 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteEventEnrollment message (protocol-scada.rules) * 1:50598 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getEventEnrollmentAttributes message (protocol-scada.rules) * 1:50599 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU alterEventEnrollment message (protocol-scada.rules) * 1:50600 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU acknowledgeEventNotification message (protocol-scada.rules) * 1:50601 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getAlarmSummary message (protocol-scada.rules) * 1:50602 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getAlarmEnrollmentSummary message (protocol-scada.rules) * 1:50603 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU readJournal message (protocol-scada.rules) * 1:50604 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU writeJournal message (protocol-scada.rules) * 1:50605 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU initializeJournal message (protocol-scada.rules) * 1:50606 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU reportJournalStatus message (protocol-scada.rules) * 1:50607 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU deleteJournal message (protocol-scada.rules) * 1:50608 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU getCapabilityList message (protocol-scada.rules) * 1:50609 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU createJournal message (protocol-scada.rules) * 1:50610 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU fileClose message (protocol-scada.rules) * 1:50611 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU fileOpen message (protocol-scada.rules) * 1:50612 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU fileRename message (protocol-scada.rules) * 1:50613 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU fileDirectory message (protocol-scada.rules) * 1:50614 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU fileDelete message (protocol-scada.rules) * 1:50615 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU fileRead message (protocol-scada.rules) * 1:50616 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Necurs DNS compromise attempt (malware-other.rules) * 1:50617 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Necurs DNS compromise attempt (malware-other.rules) * 1:50618 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Necurs DNS compromise attempt (malware-other.rules) * 1:50619 <-> ENABLED <-> OS-WINDOWS Executable DICOM 10 file download attempt (os-windows.rules) * 1:50620 <-> ENABLED <-> OS-WINDOWS Executable DICOM 10 file download attempt (os-windows.rules) * 1:50621 <-> ENABLED <-> MALWARE-CNC Win.Coinminer.Vools variant outbound connection (malware-cnc.rules) * 1:50625 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Transaction heap groom attempt (os-windows.rules) * 1:50626 <-> ENABLED <-> OS-WINDOWS Microsoft Windows raw WriteAndX InData pointer adjustment attempt (os-windows.rules) * 1:50627 <-> ENABLED <-> OS-WINDOWS Microsoft SMB Trans secondary out of bounds write attempt (os-windows.rules) * 1:50628 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Trans Secondary kernel address write attempt (os-windows.rules) * 1:50629 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bemstour download attempt (malware-other.rules) * 1:50630 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bemstour download attempt (malware-other.rules) * 1:50631 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bemstour download attempt (malware-other.rules) * 1:50632 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Bemstour download attempt (malware-other.rules) * 1:50633 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM tampering attempt (os-windows.rules) * 1:50634 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Matrix variant outbound connection (malware-cnc.rules) * 1:50635 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Matrix variant download attempt (malware-cnc.rules) * 1:50636 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Matrix variant download attempt (malware-cnc.rules) * 1:50638 <-> DISABLED <-> SERVER-WEBAPP WIFICAM Wireless IP Camera command injection attempt (server-webapp.rules) * 1:50639 <-> DISABLED <-> SERVER-WEBAPP WIFICAM Wireless IP Camera command injection attempt (server-webapp.rules) * 1:50640 <-> DISABLED <-> SERVER-WEBAPP WIFICAM Wireless IP Camera command injection attempt (server-webapp.rules) * 1:50641 <-> DISABLED <-> SERVER-WEBAPP WIFICAM Wireless IP Camera command injection attempt (server-webapp.rules) * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:50644 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant download attempt (malware-other.rules) * 1:50645 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant download attempt (malware-other.rules) * 1:50646 <-> ENABLED <-> SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (server-webapp.rules) * 1:50647 <-> ENABLED <-> SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (server-webapp.rules) * 1:50648 <-> ENABLED <-> SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (server-webapp.rules) * 1:50649 <-> ENABLED <-> SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (server-webapp.rules) * 1:50654 <-> DISABLED <-> SERVER-WEBAPP Sitefinity WCMS cross site scripting attempt (server-webapp.rules) * 1:50655 <-> DISABLED <-> SERVER-WEBAPP Sitefinity WCMS cross site scripting attempt (server-webapp.rules) * 1:50656 <-> DISABLED <-> SERVER-WEBAPP Sitefinity WCMS cross-site scripting attempt (server-webapp.rules) * 1:50657 <-> DISABLED <-> SERVER-WEBAPP Sitefinity WCMS cross site scripting attempt (server-webapp.rules) * 1:50658 <-> DISABLED <-> SERVER-WEBAPP Sitefinity WCMS arbitrary file upload attempt (server-webapp.rules) * 1:50659 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:50660 <-> DISABLED <-> POLICY-OTHER Oracle WebLogic Server blacklisted class use attempt (policy-other.rules) * 1:50661 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server remote code execution attempt (server-webapp.rules) * 1:50662 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:50663 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:50664 <-> ENABLED <-> OS-WINDOWS Microsoft Windows COM object privilege escalation attempt (os-windows.rules) * 1:50665 <-> ENABLED <-> OS-WINDOWS Microsoft Windows COM object privilege escalation attempt (os-windows.rules) * 1:50666 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:50667 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:50668 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50669 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:50670 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k null pointer dereference attempt (os-windows.rules) * 1:50671 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k null pointer dereference attempt (os-windows.rules) * 1:50672 <-> ENABLED <-> OS-WINDOWS Microsoft Windows splwow64 privilege escalation attempt (os-windows.rules) * 1:50673 <-> ENABLED <-> OS-WINDOWS Microsoft Windows splwow64 privilege escalation attempt (os-windows.rules) * 1:50674 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RPCSS privilege escalation attempt (os-windows.rules) * 1:50675 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RPCSS privilege escalation attempt (os-windows.rules) * 1:50676 <-> DISABLED <-> OS-WINDOWS Windows Remote Desktop Protocol Client information disclosure attempt (os-windows.rules) * 1:50677 <-> DISABLED <-> OS-WINDOWS Windows Remote Desktop Protocol Client information disclosure attempt (os-windows.rules) * 1:50678 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k use after free attempt (os-windows.rules) * 1:50679 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k use after free attempt (os-windows.rules) * 1:50680 <-> ENABLED <-> FILE-OFFICE Microsoft Excel information disclosure attempt (file-office.rules) * 1:50681 <-> ENABLED <-> FILE-OFFICE Microsoft Excel information disclosure attempt (file-office.rules) * 1:50682 <-> ENABLED <-> OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (os-windows.rules) * 1:50683 <-> ENABLED <-> OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (os-windows.rules) * 1:50684 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF embedded OLE evasion attempt (file-office.rules) * 1:50685 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF embedded OLE evasion attempt (file-office.rules) * 1:50686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swizzor variant outbound connection attempt (malware-cnc.rules) * 1:50687 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:50688 <-> DISABLED <-> FILE-MULTIMEDIA Quicktime MJPEG Frame stsd Atom Heap Overflow attempt (file-multimedia.rules) * 1:50689 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RoyalRoad APT campaign outbound connection (malware-cnc.rules) * 1:50690 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:50691 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:50692 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:50693 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor RTF evasion attempt (file-office.rules) * 1:50694 <-> ENABLED <-> MALWARE-OTHER Microsoft Office Equation Editor remote code execution attempt (malware-other.rules) * 1:50695 <-> ENABLED <-> MALWARE-OTHER Microsoft Office Equation Editor remote code execution attempt (malware-other.rules) * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules) * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules) * 1:50698 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beapy variant payload download attempt (malware-cnc.rules) * 1:50699 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beapy variant outbound cnc connection (malware-cnc.rules) * 1:507 <-> DISABLED <-> PUA-OTHER PCAnywhere Attempted Administrator Login (pua-other.rules) * 1:50700 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beapy variant outbound cnc connection (malware-cnc.rules) * 1:50701 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beapy variant payload download attempt (malware-cnc.rules) * 1:50702 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beapy variant outbound cnc connection (malware-cnc.rules) * 1:50703 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beapy variant outbound cnc connection (malware-cnc.rules) * 1:50704 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:50705 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:50706 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:50707 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SChannel CertificateVerify buffer overflow attempt (os-windows.rules) * 1:50708 <-> DISABLED <-> SERVER-WEBAPP WordPress Rencontre plugin cross site scripting attempt (server-webapp.rules) * 1:50709 <-> DISABLED <-> SERVER-WEBAPP WordPress Rencontre plugin SQL injection attempt (server-webapp.rules) * 1:50710 <-> DISABLED <-> SERVER-WEBAPP WordPress Rencontre plugin SQL injection attempt (server-webapp.rules) * 1:50711 <-> DISABLED <-> SERVER-WEBAPP WordPress Rencontre plugin SQL injection attempt (server-webapp.rules) * 1:50712 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Trickbot sample download attempt (malware-other.rules) * 1:50713 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Trickbot sample download attempt (malware-other.rules) * 1:50714 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Trickbot self-signed certificate exchange attempt (malware-other.rules) * 1:50715 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot sample download attempt (malware-cnc.rules) * 1:50716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Plurox variant outbound connection (malware-cnc.rules) * 1:50717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Plurox variant outbound connection (malware-cnc.rules) * 1:50718 <-> DISABLED <-> FILE-OTHER Apple Quicktime JPEG2000 length integer underflow attempt (file-other.rules) * 1:50719 <-> DISABLED <-> FILE-OTHER Apple Quicktime JPEG2000 video integer underflow attempt (file-other.rules) * 1:50720 <-> DISABLED <-> FILE-OTHER Apple Quicktime JPEG2000 video integer underflow attempt (file-other.rules) * 1:50721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed NTLMv2 authentication message attempt (os-windows.rules) * 1:50722 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid dref atom length buffer overflow attempt (file-other.rules) * 1:50723 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid dref atom length buffer overflow attempt (file-other.rules) * 1:50724 <-> DISABLED <-> SERVER-WEBAPP Zoom Client information disclosure attempt (server-webapp.rules) * 1:50725 <-> DISABLED <-> SERVER-WEBAPP Zoom Client information disclosure attempt (server-webapp.rules) * 1:50726 <-> DISABLED <-> SERVER-WEBAPP Zoom Client information disclosure attempt (server-webapp.rules) * 1:50727 <-> DISABLED <-> SERVER-WEBAPP Zoom Client information disclosure attempt (server-webapp.rules) * 1:50728 <-> DISABLED <-> SERVER-WEBAPP Zoom Client information disclosure attempt (server-webapp.rules) * 1:50729 <-> DISABLED <-> SERVER-WEBAPP Zoom Client information disclosure attempt (server-webapp.rules) * 1:50732 <-> DISABLED <-> SERVER-WEBAPP CyberArk Enterprise Password Vault XML external entity injection attempt (server-webapp.rules) * 1:50733 <-> DISABLED <-> SERVER-WEBAPP CyberArk Enterprise Password Vault XML external entity injection attempt (server-webapp.rules) * 1:50734 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50735 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50736 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50737 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Anubis variant outbound connection (malware-cnc.rules) * 1:50740 <-> DISABLED <-> POLICY-OTHER WordPress Ad Inserter plugin PHP code execution attempt (policy-other.rules) * 1:50741 <-> DISABLED <-> POLICY-OTHER WordPress Ad Inserter debug feature access attempt (policy-other.rules) * 1:50742 <-> DISABLED <-> POLICY-OTHER DNS over HTTPS query attempt (policy-other.rules) * 1:50743 <-> DISABLED <-> POLICY-OTHER DNS over HTTPS query attempt (policy-other.rules) * 1:50744 <-> DISABLED <-> POLICY-OTHER DNS over HTTPS query attempt (policy-other.rules) * 1:50748 <-> DISABLED <-> SERVER-WEBAPP Seowonintech diagnostic.cgi command injection attempt (server-webapp.rules) * 1:50749 <-> DISABLED <-> SERVER-WEBAPP Seowonintech diagnostic.cgi command injection attempt (server-webapp.rules) * 1:50750 <-> DISABLED <-> SERVER-WEBAPP Seowonintech diagnostic.cgi command injection attempt (server-webapp.rules) * 1:50751 <-> DISABLED <-> SERVER-WEBAPP Seowonintech diagnostic.cgi command injection attempt (server-webapp.rules) * 1:50752 <-> DISABLED <-> SERVER-WEBAPP Seowonintech system_config.cgi local file include attempt (server-webapp.rules) * 1:50753 <-> DISABLED <-> SERVER-WEBAPP Seowonintech system_config.cgi local file include attempt (server-webapp.rules) * 1:50754 <-> DISABLED <-> SERVER-WEBAPP Seowonintech system_config.cgi local file include attempt (server-webapp.rules) * 1:50761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50762 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50763 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50764 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:50766 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:50767 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:50768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:50769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:50771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult outbound connection (malware-cnc.rules) * 1:50772 <-> ENABLED <-> SERVER-WEBAPP Schneider Electric quantum modicon ethernet module unauthenticated password change attempt (server-webapp.rules) * 1:50773 <-> DISABLED <-> SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (server-webapp.rules) * 1:50776 <-> DISABLED <-> SERVER-WEBAPP Oracle Business Intelligence remote jsp file include attempt (server-webapp.rules) * 1:50777 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:50778 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:50779 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Quantum modicon ethernet module unauthenticated password reset attempt (server-webapp.rules) * 1:50780 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio DBProcessCall remote connection open attempt (policy-other.rules) * 1:50781 <-> DISABLED <-> SERVER-OTHER InduSoft Web Studio remote code execution attempt (server-other.rules) * 1:50794 <-> ENABLED <-> PUA-OTHER Unix.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50795 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50796 <-> ENABLED <-> PUA-OTHER Win.Trojan.CoinMiner attempted download (pua-other.rules) * 1:50798 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt (file-image.rules) * 1:50799 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SoftCell variant outbound connection (malware-cnc.rules) * 1:508 <-> DISABLED <-> SERVER-OTHER gopher proxy (server-other.rules) * 1:50800 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ratsnif variant outbound connection (malware-cnc.rules) * 1:50801 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ratsnif variant download attempt (malware-other.rules) * 1:50802 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ratsnif variant download attempt (malware-other.rules) * 1:50808 <-> ENABLED <-> MALWARE-CNC Unix.Backdoor.Godlua variant outbound connection (malware-cnc.rules) * 1:50809 <-> ENABLED <-> MALWARE-CNC Unix.Backdoor.Godlua variant outbound connection (malware-cnc.rules) * 1:50810 <-> ENABLED <-> MALWARE-CNC Unix.Backdoor.Godlua variant outbound connection (malware-cnc.rules) * 1:50811 <-> ENABLED <-> MALWARE-CNC Unix.Backdoor.Godlua variant outbound connection (malware-cnc.rules) * 1:50812 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50813 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50814 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50815 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50818 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50819 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50820 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50821 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50822 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50823 <-> DISABLED <-> FILE-OFFICE Microsoft Office Project file parsing arbitrary memory access attempt (file-office.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50830 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50831 <-> DISABLED <-> SERVER-OTHER ISC DHCP command injection attempt (server-other.rules) * 1:50832 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50833 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50834 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50835 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50836 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50837 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50838 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50839 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50840 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50841 <-> DISABLED <-> FILE-OTHER TAR multiple antivirus evasion attempt (file-other.rules) * 1:50846 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50847 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra scripting engine type confusion attempt (browser-ie.rules) * 1:50848 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50849 <-> DISABLED <-> FILE-OTHER Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated font attempt (file-other.rules) * 1:50850 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50851 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.EvilGnome variant download attempt (malware-other.rules) * 1:50852 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50853 <-> DISABLED <-> FILE-OTHER Apple DMG ffs_mountfs integer overflow exploit attempt (file-other.rules) * 1:50854 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:50855 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50856 <-> DISABLED <-> BROWSER-PLUGINS AOL.YGPPicEdit ActiveX clsid access (browser-plugins.rules) * 1:50858 <-> ENABLED <-> SERVER-WEBAPP Siemens TIA Administrator authentication bypass attempt (server-webapp.rules) * 1:50859 <-> DISABLED <-> SERVER-MAIL Postfix IPv6 Relaying Security Issue (server-mail.rules) * 1:50860 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN buffer overflow attempt (server-webapp.rules) * 1:50861 <-> DISABLED <-> SERVER-WEBAPP Palo Alto GlobalProtect SSL VPN remote code execution attempt (server-webapp.rules) * 1:50862 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50863 <-> DISABLED <-> FILE-PDF Soda PDF denial of service attempt (file-pdf.rules) * 1:50870 <-> ENABLED <-> APP-DETECT Quagga password challenge detected (app-detect.rules) * 1:50871 <-> DISABLED <-> SERVER-OTHER Quagga telnet CLI buffer overflow attempt (server-other.rules) * 1:50872 <-> DISABLED <-> OS-WINDOWS Microsoft Fax Cover Page Editor heap corruption attempt (os-windows.rules) * 1:50873 <-> DISABLED <-> OS-WINDOWS Microsoft Fax Cover Page Editor heap corruption attempt (os-windows.rules) * 1:50874 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:50875 <-> ENABLED <-> FILE-IDENTIFY Fax Cover Page file magic detected (file-identify.rules) * 1:50876 <-> DISABLED <-> SERVER-WEBAPP WordPress Statistics cross site scripting attempt (server-webapp.rules) * 1:50877 <-> DISABLED <-> SERVER-WEBAPP WordPress Statistics cross site scripting attempt (server-webapp.rules) * 1:50878 <-> DISABLED <-> SERVER-WEBAPP WordPress Statistics cross site scripting attempt (server-webapp.rules) * 1:50879 <-> DISABLED <-> SERVER-WEBAPP WordPress Statistics cross site scripting attempt (server-webapp.rules) * 1:50880 <-> DISABLED <-> SERVER-WEBAPP awstats.pl configdir command injection attempt (server-webapp.rules) * 1:50881 <-> DISABLED <-> SERVER-WEBAPP awstats.pl configdir command injection attempt (server-webapp.rules) * 1:50882 <-> DISABLED <-> SERVER-WEBAPP awstats.pl configdir command injection attempt (server-webapp.rules) * 1:50883 <-> DISABLED <-> SERVER-APACHE Apache 2 mod_ssl Connection Abort denial of service attempt (server-apache.rules) * 1:50884 <-> DISABLED <-> FILE-OTHER Microsoft Windows GDI EMF parsing arbitrary code execution attempt (file-other.rules) * 1:50885 <-> DISABLED <-> FILE-OTHER Microsoft Windows GDI EMF parsing arbitrary code execution attempt (file-other.rules) * 1:50886 <-> DISABLED <-> SERVER-WEBAPP HPE System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:50887 <-> DISABLED <-> SERVER-WEBAPP HPE System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:50888 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font index remote code execution attempt (file-other.rules) * 1:50889 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font index remote code execution attempt (file-other.rules) * 1:50890 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:50892 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt (file-multimedia.rules) * 1:50893 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt (file-multimedia.rules) * 1:50894 <-> DISABLED <-> FILE-OFFICE Microsoft Word malformed css remote code execution attempt (file-office.rules) * 1:50895 <-> DISABLED <-> FILE-OFFICE Microsoft Word malformed css remote code execution attempt (file-office.rules) * 1:50896 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:509 <-> DISABLED <-> SERVER-WEBAPP PCCS mysql database admin tool access (server-webapp.rules) * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules) * 1:50901 <-> DISABLED <-> SERVER-OTHER OpenBSD ISAKMP denial of service attempt (server-other.rules) * 1:50910 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:50911 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:50912 <-> DISABLED <-> SERVER-WEBAPP Subsonic Subscribe to Podcast cross site scripting attempt (server-webapp.rules) * 1:50913 <-> DISABLED <-> SERVER-OTHER nfs-utils TCP connection termination denial-of-service attempt (server-other.rules) * 1:50914 <-> DISABLED <-> SERVER-OTHER Blue Coat BCAAA buffer overflow attempt (server-other.rules) * 1:50915 <-> DISABLED <-> SERVER-WEBAPP Belkin N150 abitrary file read attempt (server-webapp.rules) * 1:50916 <-> DISABLED <-> SERVER-WEBAPP Belkin N150 abitrary file read attempt (server-webapp.rules) * 1:50917 <-> DISABLED <-> SERVER-WEBAPP Belkin N150 abitrary file read attempt (server-webapp.rules) * 1:50918 <-> DISABLED <-> SERVER-WEBAPP Git client path validation command execution attempt (server-webapp.rules) * 1:50919 <-> DISABLED <-> SERVER-OTHER Novell Open Enterprise Server 2 HTTPSTK service denial-of-service attempt (server-other.rules) * 1:50920 <-> DISABLED <-> SERVER-WEBAPP Synology Photo Station information disclosure attempt (server-webapp.rules) * 1:50921 <-> DISABLED <-> SERVER-WEBAPP Oracle 9i Application Server OWA_UTIL information disclosure attempt (server-webapp.rules) * 1:50922 <-> DISABLED <-> SERVER-WEBAPP Oracle 9i Application Server OWA_UTIL information disclosure attempt (server-webapp.rules) * 1:50923 <-> DISABLED <-> SERVER-WEBAPP Oracle 9i Application Server OWA_UTIL information disclosure attempt (server-webapp.rules) * 1:50924 <-> DISABLED <-> SERVER-WEBAPP Oracle 9i Application Server OWA_UTIL information disclosure attempt (server-webapp.rules) * 1:50925 <-> DISABLED <-> SERVER-WEBAPP Oracle 9i Application Server OWA_UTIL information disclosure attempt (server-webapp.rules) * 1:50926 <-> DISABLED <-> SERVER-WEBAPP Oracle 9i Application Server OWA_UTIL information disclosure attempt (server-webapp.rules) * 1:50927 <-> DISABLED <-> FILE-OTHER tcpdump SLIP invalid direction out of bound read attempt (file-other.rules) * 1:50928 <-> DISABLED <-> FILE-OTHER tcpdump SLIP invalid direction out of bound read attempt (file-other.rules) * 1:50929 <-> DISABLED <-> FILE-OTHER tcpdump SLIP invalid direction out of bound read attempt (file-other.rules) * 1:50930 <-> DISABLED <-> FILE-OTHER tcpdump SLIP invalid direction out of bound read attempt (file-other.rules) * 1:50931 <-> DISABLED <-> PROTOCOL-OTHER MQTT Client ID ACL Bypass attempt (protocol-other.rules) * 1:50932 <-> DISABLED <-> PROTOCOL-OTHER MQTT Client ID ACL Bypass attempt (protocol-other.rules) * 1:50933 <-> DISABLED <-> PROTOCOL-OTHER MQTT Client ID ACL Bypass attempt (protocol-other.rules) * 1:50934 <-> ENABLED <-> MALWARE-CNC Win.Malware.Lookback outbound connection to a known URI path (malware-cnc.rules) * 1:50935 <-> ENABLED <-> MALWARE-CNC Win.Malware.Lookback outbound connection (malware-cnc.rules) * 1:50936 <-> ENABLED <-> OS-WINDOWS Microsoft Windows shell privilege escalation attempt (os-windows.rules) * 1:50937 <-> ENABLED <-> OS-WINDOWS Microsoft Windows shell privilege escalation attempt (os-windows.rules) * 1:50938 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50939 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50940 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50941 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:50942 <-> ENABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules) * 1:50943 <-> ENABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules) * 1:50944 <-> DISABLED <-> FILE-OTHER VideoLAN VLC media player out-of-bounds read attempt (file-other.rules) * 1:50945 <-> DISABLED <-> FILE-OTHER VideoLAN VLC media player out-of-bounds read attempt (file-other.rules) * 1:50946 <-> DISABLED <-> SERVER-OTHER GnuTLS x509 certificate validation policy bypass attempt (server-other.rules) * 1:50947 <-> DISABLED <-> INDICATOR-COMPROMISE PhpSploit backdoor communication attempt (indicator-compromise.rules) * 1:50948 <-> DISABLED <-> INDICATOR-COMPROMISE PhpSploit backdoor communication attempt (indicator-compromise.rules) * 1:50949 <-> DISABLED <-> INDICATOR-COMPROMISE PhpSploit backdoor installation attempt (indicator-compromise.rules) * 1:5095 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerGetPrimaryDomainInformation attempt (os-windows.rules) * 1:50950 <-> DISABLED <-> INDICATOR-COMPROMISE PHP backdoor communication attempt (indicator-compromise.rules) * 1:50951 <-> DISABLED <-> INDICATOR-COMPROMISE PhpSploit backdoor communication attempt (indicator-compromise.rules) * 1:50952 <-> DISABLED <-> INDICATOR-COMPROMISE PhpSploit backdoor communication attempt (indicator-compromise.rules) * 1:50953 <-> DISABLED <-> INDICATOR-COMPROMISE PhpSploit backdoor communication attempt (indicator-compromise.rules) * 1:50954 <-> DISABLED <-> INDICATOR-COMPROMISE PhpSploit backdoor communication attempt (indicator-compromise.rules) * 1:50955 <-> DISABLED <-> INDICATOR-COMPROMISE PhpSploit backdoor communication attempt (indicator-compromise.rules) * 1:50956 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:50957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:50958 <-> DISABLED <-> SERVER-OTHER Chicken of the VNC ServerInit denial of service attempt (server-other.rules) * 1:50959 <-> DISABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules) * 1:5096 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP lsass DsRolerGetPrimaryDomainInformation attempt (os-windows.rules) * 1:50960 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:50961 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:50962 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint OfficeArt atom memory corruption attempt (file-office.rules) * 1:50963 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:50964 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:50965 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:50966 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CoreShellCOMServerRegistrar privilege escalation attempt (os-windows.rules) * 1:50967 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CoreShellCOMServerRegistrar privilege escalation attempt (os-windows.rules) * 1:50968 <-> DISABLED <-> SERVER-WEBAPP WordPress Crop Image arbitrary file write attempt (server-webapp.rules) * 1:50969 <-> ENABLED <-> OS-WINDOWS Microsoft win32k driver buffer over read attempt (os-windows.rules) * 1:50970 <-> ENABLED <-> OS-WINDOWS Microsoft win32k driver buffer over read attempt (os-windows.rules) * 1:50971 <-> ENABLED <-> OS-WINDOWS Microsoft win32k driver buffer over read attempt (os-windows.rules) * 1:50972 <-> ENABLED <-> OS-WINDOWS Microsoft win32k driver buffer over read attempt (os-windows.rules) * 1:50973 <-> ENABLED <-> OS-WINDOWS Microsoft win32k driver buffer over read attempt (os-windows.rules) * 1:50974 <-> ENABLED <-> OS-WINDOWS Microsoft win32k driver buffer over read attempt (os-windows.rules) * 1:50975 <-> DISABLED <-> FILE-OTHER OMRON CX-One arbitrary code execution attempt (file-other.rules) * 1:50976 <-> DISABLED <-> FILE-OTHER OMRON CX-One arbitrary code execution attempt (file-other.rules) * 1:50977 <-> DISABLED <-> SERVER-WEBAPP LCDS Laquis SCADA command injection attempt (server-webapp.rules) * 1:50978 <-> DISABLED <-> SERVER-WEBAPP LCDS Laquis SCADA command injection attempt (server-webapp.rules) * 1:50979 <-> DISABLED <-> SERVER-WEBAPP LCDS Laquis SCADA command injection attempt (server-webapp.rules) * 1:50980 <-> DISABLED <-> SERVER-WEBAPP LCDS Laquis SCADA command injection attempt (server-webapp.rules) * 1:50981 <-> DISABLED <-> SERVER-WEBAPP LCDS Laquis SCADA command injection attempt (server-webapp.rules) * 1:50982 <-> DISABLED <-> SERVER-WEBAPP LCDS Laquis SCADA command injection attempt (server-webapp.rules) * 1:50983 <-> DISABLED <-> SERVER-WEBAPP LCDS Laquis SCADA command injection attempt (server-webapp.rules) * 1:50984 <-> DISABLED <-> SERVER-WEBAPP LCDS Laquis SCADA command injection attempt (server-webapp.rules) * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:50987 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CrmRpcSrvUnregister privilege escalation attempt (os-windows.rules) * 1:50988 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CrmRpcSrvUnregister privilege escalation attempt (os-windows.rules) * 1:50989 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker variant outbound connection (malware-cnc.rules) * 1:50990 <-> ENABLED <-> MALWARE-CNC Unix.Malware.ech0raix outbound connection attempt (malware-cnc.rules) * 1:50991 <-> ENABLED <-> MALWARE-CNC Unix.Malware.ech0raix outbound connection attempt (malware-cnc.rules) * 1:50992 <-> ENABLED <-> MALWARE-CNC Unix.Malware.ech0raix outbound connection attempt (malware-cnc.rules) * 1:50993 <-> ENABLED <-> MALWARE-CNC Unix.Malware.ech0raix outbound connection attempt (malware-cnc.rules) * 1:50994 <-> DISABLED <-> SERVER-WEBAPP PHP ProjectPier remote file include attempt (server-webapp.rules) * 1:50995 <-> DISABLED <-> SERVER-WEBAPP PHP ProjectPier remote file include attempt (server-webapp.rules) * 1:50996 <-> DISABLED <-> SERVER-WEBAPP PHP ProjectPier remote file include attempt (server-webapp.rules) * 1:50997 <-> DISABLED <-> SERVER-OTHER Network Time Server denial of service attempt (server-other.rules) * 1:50998 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook memory corruption attempt (file-office.rules) * 1:50999 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook memory corruption attempt (file-office.rules) * 1:510 <-> DISABLED <-> POLICY-OTHER HP JetDirect LCD modification attempt (policy-other.rules) * 1:51000 <-> DISABLED <-> PROTOCOL-DNS PowerDNS Recursor query denial of service attempt (protocol-dns.rules) * 1:51001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51002 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51003 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51006 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51007 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51008 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51009 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51010 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51011 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51012 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51013 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51015 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PsmSrvDisconnect privilege escalation attempt (os-windows.rules) * 1:51016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PsmSrvDisconnect privilege escalation attempt (os-windows.rules) * 1:51017 <-> DISABLED <-> PROTOCOL-OTHER Losant Arduino MQTT Client buffer overflow attempt (protocol-other.rules) * 1:51018 <-> DISABLED <-> SERVER-OTHER DualDesk v20 Proxy.exe long string denial of service attempt (server-other.rules) * 1:51019 <-> DISABLED <-> SERVER-OTHER Tiny HTTP server head request denial of service attempt (server-other.rules) * 1:51020 <-> DISABLED <-> SERVER-WEBAPP XStream void primitive denial of service attempt (server-webapp.rules) * 1:51021 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51022 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51023 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess directory traversal attempt (server-webapp.rules) * 1:51024 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51027 <-> DISABLED <-> SERVER-OTHER Novell iManager ASN.1 client hello parsing denial of service attempt (server-other.rules) * 1:51028 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:51030 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Lite buffer overflow attempt (protocol-scada.rules) * 1:51031 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51032 <-> DISABLED <-> SERVER-WEBAPP Symantec Endpoint Protection cross site scripting attempt (server-webapp.rules) * 1:51033 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Clipbanker file download attempt (malware-cnc.rules) * 1:51034 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51035 <-> DISABLED <-> POLICY-OTHER IP option strict source routing attempt (policy-other.rules) * 1:51036 <-> DISABLED <-> POLICY-OTHER IP option loose source routing attempt (policy-other.rules) * 1:51037 <-> DISABLED <-> POLICY-OTHER IGMP membership query attempt (policy-other.rules) * 1:51038 <-> DISABLED <-> BROWSER-IE Microsoft XML core services cross-domain information disclosure attempt (browser-ie.rules) * 1:51039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:51040 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:51041 <-> DISABLED <-> SERVER-OTHER LCDproc Server test_func_func stack buffer overflow attempt (server-other.rules) * 1:51042 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (server-other.rules) * 1:51043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51044 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lazarus variant outbound connection (malware-cnc.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51046 <-> DISABLED <-> SERVER-OTHER PostgreSQL interval stack buffer overflow attempt (server-other.rules) * 1:51047 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51048 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51049 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51050 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51051 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51052 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51053 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51054 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51055 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51056 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51057 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51058 <-> DISABLED <-> FILE-OTHER Gitlab directory traversal attempt (file-other.rules) * 1:51059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51060 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51061 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:51063 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51064 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:51065 <-> DISABLED <-> POLICY-OTHER TCP FIN packet and URG set attempt (policy-other.rules) * 1:51066 <-> DISABLED <-> POLICY-OTHER TCP SYN packet and URG set attempt (policy-other.rules) * 1:51067 <-> DISABLED <-> POLICY-OTHER DHCP loopback address offer attempt (policy-other.rules) * 1:51068 <-> DISABLED <-> POLICY-OTHER DHCP multicast address offer attempt (policy-other.rules) * 1:51069 <-> DISABLED <-> POLICY-OTHER DHCP broadcast address offer attempt (policy-other.rules) * 1:51070 <-> DISABLED <-> SERVER-OTHER Microsoft WINS Server remote memory corruption attempt (server-other.rules) * 1:51071 <-> DISABLED <-> SERVER-WEBAPP revolutionProducts FlexBB flexbb_lang_id cookie parameter SQL injection attempt (server-webapp.rules) * 1:51072 <-> DISABLED <-> FILE-OTHER CA Products AV Engine CHM file handling denial of service attempt (file-other.rules) * 1:51073 <-> DISABLED <-> FILE-OTHER CA Products AV Engine CHM file handling denial of service attempt (file-other.rules) * 1:51074 <-> DISABLED <-> FILE-OTHER CA Products AV Engine CHM file handling denial of service attempt (file-other.rules) * 1:51075 <-> DISABLED <-> FILE-OTHER CA Products AV Engine CHM file handling denial of service attempt (file-other.rules) * 1:51076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt (file-office.rules) * 1:51077 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt (file-office.rules) * 1:51078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt (file-office.rules) * 1:51079 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt (file-office.rules) * 1:51080 <-> DISABLED <-> SERVER-OTHER GoldenGate Monitoring Manager buffer overflow attempt (server-other.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51083 <-> DISABLED <-> FILE-PDF PDFParser trailer string buffer overflow attempt (file-pdf.rules) * 1:51084 <-> DISABLED <-> FILE-PDF PDFParser trailer string buffer overflow attempt (file-pdf.rules) * 1:51085 <-> DISABLED <-> SERVER-OTHER FreeRadius malformed service type field denial of service attempt (server-other.rules) * 1:51086 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk multiple malformed Accept headers denial of service attempt (protocol-voip.rules) * 1:51087 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk multiple malformed Accept headers denial of service attempt (protocol-voip.rules) * 1:51088 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:51089 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:51090 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:51091 <-> DISABLED <-> FILE-OFFICE Microsoft Office TIFF filter buffer overflow attempt (file-office.rules) * 1:51092 <-> DISABLED <-> FILE-IDENTIFY gzip compressed file over email detected (file-identify.rules) * 1:51093 <-> DISABLED <-> FILE-OTHER RAR archived executable attachment (file-other.rules) * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51098 <-> ENABLED <-> FILE-OTHER LibreOffice macro remote code execution attempt (file-other.rules) * 1:51099 <-> ENABLED <-> FILE-OTHER LibreOffice macro remote code execution attempt (file-other.rules) * 1:51100 <-> ENABLED <-> FILE-OTHER LibreOffice macro remote code execution attempt (file-other.rules) * 1:51101 <-> ENABLED <-> FILE-OTHER LibreOffice macro remote code execution attempt (file-other.rules) * 1:51102 <-> DISABLED <-> OS-MOBILE Microsoft Outlook for Android stored cross-site script attempt (os-mobile.rules) * 1:51103 <-> DISABLED <-> OS-MOBILE Microsoft Outlook for Android stored cross-site script attempt (os-mobile.rules) * 1:51104 <-> DISABLED <-> PROTOCOL-OTHER Eclipse MQTT Message Broker Topic denial of service attempt (protocol-other.rules) * 1:51105 <-> DISABLED <-> FILE-OTHER Zortam Mp3 Media Studio local buffer overflow attempt (file-other.rules) * 1:51106 <-> DISABLED <-> FILE-OTHER Zortam Mp3 Media Studio local buffer overflow attempt (file-other.rules) * 1:51107 <-> DISABLED <-> FILE-OTHER Zortam Mp3 Media Studio local buffer overflow attempt (file-other.rules) * 1:51108 <-> DISABLED <-> FILE-OTHER Zortam Mp3 Media Studio local buffer overflow attempt (file-other.rules) * 1:51109 <-> DISABLED <-> FILE-OTHER Zortam Mp3 Media Studio local buffer overflow attempt (file-other.rules) * 1:51110 <-> DISABLED <-> FILE-OTHER Zortam Mp3 Media Studio local buffer overflow attempt (file-other.rules) * 1:51112 <-> ENABLED <-> MALWARE-CNC Win.Spyware.StrongPity outbound connection (malware-cnc.rules) * 1:51113 <-> ENABLED <-> MALWARE-CNC Win.Spyware.StrongPity outbound connection (malware-cnc.rules) * 1:51114 <-> ENABLED <-> MALWARE-CNC Win.Spyware.StrongPity outbound connection (malware-cnc.rules) * 1:51115 <-> ENABLED <-> MALWARE-CNC Win.Spyware.StrongPity outbound connection (malware-cnc.rules) * 1:51116 <-> ENABLED <-> MALWARE-CNC Win.Spyware.StrongPity outbound connection (malware-cnc.rules) * 1:51117 <-> ENABLED <-> MALWARE-CNC Win.Coinminer.PCASTLE outbound connection (malware-cnc.rules) * 1:51118 <-> ENABLED <-> MALWARE-OTHER Download of malicious PowerShell script (malware-other.rules) * 1:51119 <-> DISABLED <-> POLICY-OTHER GrandNode 4.4 arbitrary file download attempt (policy-other.rules) * 1:51120 <-> DISABLED <-> SERVER-WEBAPP GrandNode 4.4 path traversal attempt (server-webapp.rules) * 1:51121 <-> DISABLED <-> SERVER-WEBAPP GrandNode 4.4 path traversal attempt (server-webapp.rules) * 1:51122 <-> DISABLED <-> SERVER-WEBAPP GrandNode 4.4 path traversal attempt (server-webapp.rules) * 1:51125 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:51126 <-> DISABLED <-> SERVER-OTHER ISC Bind libdns EDNS option handling denial of service attempt (server-other.rules) * 1:51127 <-> DISABLED <-> SERVER-OTHER NetBIOS name request probe attempt (server-other.rules) * 1:51128 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51129 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51130 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51131 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51132 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51133 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51134 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51135 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51136 <-> ENABLED <-> MALWARE-CNC Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51137 <-> ENABLED <-> MALWARE-CNC edit Andr.Spyware.SpyPhoneApp variant post-compromise outbound connection detected (malware-cnc.rules) * 1:51138 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules) * 1:51139 <-> DISABLED <-> SERVER-WEBAPP PHP phpinfo function cross site scripting attempt (server-webapp.rules) * 1:51140 <-> DISABLED <-> SERVER-OTHER Splashtop Streamer Personal random data stream denial of service attempt (server-other.rules) * 1:51141 <-> DISABLED <-> SERVER-OTHER Oracle Tuxedo Jolt server heap overflow attempt (server-other.rules) * 1:51142 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules) * 1:51143 <-> DISABLED <-> SERVER-WEBAPP Moodle 3.x PHP code injection attempt (server-webapp.rules) * 1:51144 <-> DISABLED <-> SERVER-OTHER ISC BIND multiple ENDS Key Tag options denial of service attempt (server-other.rules) * 1:51145 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center 10001 buffer overflow attempt (server-other.rules) * 1:51146 <-> DISABLED <-> SERVER-WEBAPP FasterXML Jackson Databind unsafe deserialization attempt (server-webapp.rules) * 1:51147 <-> DISABLED <-> FILE-OTHER World of Warcraft local denial of service attempt (file-other.rules) * 1:51148 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules) * 1:51149 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central cross site scripting attempt (server-webapp.rules) * 1:51150 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51151 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51152 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51153 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51154 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51155 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51156 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51157 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51158 <-> DISABLED <-> SERVER-OTHER DEWESoft X3 RunExeFile.exe unauthenticated remote code execution attempt (server-other.rules) * 1:51159 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Domain Search response memory corruption attempt (os-windows.rules) * 1:51160 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules) * 1:51161 <-> DISABLED <-> FILE-IMAGE Microsoft GDI crafted EMF file information disclosure attempt (file-image.rules) * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:51165 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules) * 1:51166 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules) * 1:51167 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules) * 1:51168 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules) * 1:51169 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules) * 1:51170 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules) * 1:51171 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules) * 1:51172 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView heap overflow attempt (file-office.rules) * 1:51174 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules) * 1:51175 <-> DISABLED <-> SERVER-WEBAPP vCard Create Card cross site scripting attempt (server-webapp.rules) * 1:51176 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules) * 1:51177 <-> DISABLED <-> SERVER-WEBAPP vCard Toprated cross site scripting attempt (server-webapp.rules) * 1:51178 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules) * 1:51179 <-> DISABLED <-> SERVER-WEBAPP vCard New Card cross site scripting attempt (server-webapp.rules) * 1:51181 <-> DISABLED <-> SERVER-OTHER NTPsec 1.1.2 ntp_control out-of-bounds read attempt (server-other.rules) * 1:51182 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules) * 1:51183 <-> DISABLED <-> FILE-OFFICE Microsoft Excel Jet Database Engine code execution attempt (file-office.rules) * 1:51184 <-> DISABLED <-> SERVER-WEBAPP Xalan-Java secure processing bypass attempt (server-webapp.rules) * 1:51185 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules) * 1:51186 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules) * 1:51190 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules) * 1:51191 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules) * 1:51192 <-> DISABLED <-> FILE-OTHER OMRON CX-One MCI file stack buffer overflow attempt (file-other.rules) * 1:51196 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules) * 1:51197 <-> DISABLED <-> SERVER-WEBAPP FLIR AX8 Camera arbitrary file download attempt (server-webapp.rules) * 1:512 <-> DISABLED <-> PUA-OTHER PCAnywhere Failed Login (pua-other.rules) * 1:51202 <-> DISABLED <-> INDICATOR-COMPROMISE Dana IRC stack buffer overflow attempt (indicator-compromise.rules) * 1:51203 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules) * 1:51204 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules) * 1:51205 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules) * 1:51206 <-> DISABLED <-> FILE-IMAGE Microsoft Office PNG tEXt chunk buffer overflow attempt (file-image.rules) * 1:51207 <-> DISABLED <-> SERVER-WEBAPP WordPress default admin theme cross site scripting attempt (server-webapp.rules) * 1:51208 <-> DISABLED <-> SERVER-WEBAPP WordPress default admin theme cross site scripting attempt (server-webapp.rules) * 1:51209 <-> DISABLED <-> SERVER-WEBAPP Forum Livre busca2.asp cross site scripting attempt (server-webapp.rules) * 1:51210 <-> DISABLED <-> SERVER-WEBAPP Forum Livre busca2.asp cross site scripting attempt (server-webapp.rules) * 1:51211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DHCP client Options parsing buffer overflow attempt (os-windows.rules) * 1:51212 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd UDP denial of service attempt (server-other.rules) * 1:51213 <-> DISABLED <-> SERVER-WEBAPP WordPress page-flip-image-gallery plugin arbitrary file upload attempt (server-webapp.rules) * 1:51214 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS bad fragment length denial of service attempt (server-other.rules) * 1:51215 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS zero-length fragments denial of service attempt (server-other.rules) * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules) * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules) * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51227 <-> DISABLED <-> SERVER-OTHER FreeRADIUS DHCP string options integer underflow attempt (server-other.rules) * 1:51228 <-> DISABLED <-> SERVER-OTHER FreeRADIUS DHCP string options integer underflow attempt (server-other.rules) * 1:51229 <-> DISABLED <-> SERVER-OTHER FreeRADIUS DHCP string options integer underflow attempt (server-other.rules) * 1:51230 <-> DISABLED <-> SERVER-OTHER FreeRADIUS DHCP string options integer underflow attempt (server-other.rules) * 1:51231 <-> DISABLED <-> SERVER-OTHER FreeRADIUS DHCP string options integer underflow attempt (server-other.rules) * 1:51232 <-> DISABLED <-> SERVER-OTHER FreeRADIUS DHCP string options integer underflow attempt (server-other.rules) * 1:51233 <-> DISABLED <-> SERVER-OTHER FreeRADIUS DHCP string options integer underflow attempt (server-other.rules) * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules) * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules) * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules) * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules) * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN arbitrary file read attempt (server-webapp.rules) * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules) * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules) * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules) * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules) * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules) * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules) * 1:51310 <-> DISABLED <-> FILE-OFFICE Microsoft Excel ExternSheet record remote code execution attempt (file-office.rules) * 1:51311 <-> DISABLED <-> FILE-OFFICE Microsoft Excel ExternSheet record remote code execution attempt (file-office.rules) * 1:51312 <-> DISABLED <-> SERVER-WEBAPP WSO2 Carbon persistent cross site scripting attempt (server-webapp.rules) * 1:51313 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record integer underflow attempt (file-office.rules) * 1:51314 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record integer underflow attempt (file-office.rules) * 1:51315 <-> DISABLED <-> SERVER-WEBAPP Atlassian Jira ContactAdministrators and SendBulkMail template injection remote code execution attempt (server-webapp.rules) * 1:51316 <-> DISABLED <-> SERVER-WEBAPP Atlassian Jira ContactAdministrators and SendBulkMail template injection remote code execution attempt (server-webapp.rules) * 1:51317 <-> DISABLED <-> SERVER-WEBAPP Atlassian Jira ContactAdministrators and SendBulkMail template injection remote code execution attempt (server-webapp.rules) * 1:51318 <-> DISABLED <-> SERVER-WEBAPP Atlassian Jira ContactAdministrators and SendBulkMail template injection remote code execution attempt (server-webapp.rules) * 1:51319 <-> DISABLED <-> SERVER-OTHER Mosca MQTT broker regular expression denial of service attempt (server-other.rules) * 1:51320 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackMoon variant outbound connection (malware-cnc.rules) * 1:51321 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server information disclosure attempt (server-webapp.rules) * 1:51322 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server information disclosure attempt (server-webapp.rules) * 1:51323 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server information disclosure attempt (server-webapp.rules) * 1:51324 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server information disclosure attempt (server-webapp.rules) * 1:51325 <-> DISABLED <-> SERVER-WEBAPP SAP Internet Transaction Server information disclosure attempt (server-webapp.rules) * 1:51326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DBQueryExt record memory corruption attempt (file-office.rules) * 1:51327 <-> DISABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:51328 <-> DISABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:51329 <-> DISABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:51330 <-> DISABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:51331 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server use after free attempt (server-webapp.rules) * 1:51332 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server use after free attempt (server-webapp.rules) * 1:51333 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51334 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS record tampering denial of service attempt (server-other.rules) * 1:51335 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:51336 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:51337 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Extenbro (malware-cnc.rules) * 1:51338 <-> DISABLED <-> PROTOCOL-TELNET TippingPoint IPS hostname disclosure attempt (protocol-telnet.rules) * 1:51339 <-> DISABLED <-> INDICATOR-SCAN Trend Micro Threat Discovery Appliance logon.cgi authentication attempt (indicator-scan.rules) * 1:51340 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Threat Discovery Appliance dlp_policy_upload.cgi arbitrary file download attempt (server-webapp.rules) * 1:51341 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Nemty (malware-cnc.rules) * 1:51342 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Nemty (malware-cnc.rules) * 1:51343 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous non-zero length session ticket in client hello (server-other.rules) * 1:51344 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous non-zero length session ticket in client hello (server-other.rules) * 1:51345 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous non-zero length session ticket in client hello (server-other.rules) * 1:51346 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous non-zero length session ticket in client hello (server-other.rules) * 1:51347 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous ascii session ticket (server-other.rules) * 1:51348 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous ascii session ticket (server-other.rules) * 1:51349 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous ascii session ticket (server-other.rules) * 1:51350 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous ascii session ticket (server-other.rules) * 1:51351 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous ascii client session ticket (server-other.rules) * 1:51352 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous ascii client session ticket (server-other.rules) * 1:51353 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous ascii client session ticket (server-other.rules) * 1:51354 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS anomalous ascii client session ticket (server-other.rules) * 1:51356 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS duplicate record denial of service attempt (server-other.rules) * 1:51357 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS duplicate record denial of service attempt (server-other.rules) * 1:51358 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS duplicate record denial of service attempt (server-other.rules) * 1:51359 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS duplicate record denial of service attempt (server-other.rules) * 1:51360 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.LooCipher variant outbound connection (malware-cnc.rules) * 1:51361 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.LooCipher variant download attempt (malware-other.rules) * 1:51362 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.LooCipher variant download attempt (malware-other.rules) * 1:51363 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:51364 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel TXO and OBJ records parsing stack memory corruption attempt (file-office.rules) * 1:51368 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Agent webshell inbound request attempt (malware-backdoor.rules) * 1:51370 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51371 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51372 <-> DISABLED <-> SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (server-webapp.rules) * 1:51373 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51374 <-> DISABLED <-> INDICATOR-COMPROMISE Python reverse shell execution attempt (indicator-compromise.rules) * 1:51375 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51376 <-> DISABLED <-> SERVER-OTHER Fortigate SSL VPN javascript parsing heap buffer overflow attempt (server-other.rules) * 1:51377 <-> DISABLED <-> POLICY-OTHER Progress Telerik UI for ASP.NET AJAX arbitrary file upload attempt (policy-other.rules) * 1:51378 <-> DISABLED <-> SERVER-WEBAPP Roundcube webmail cross-site-scripting attempt (server-webapp.rules) * 1:51379 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51380 <-> DISABLED <-> FILE-OTHER Adobe Acrobat XPS TTF cmap out-of-bounds read attempt (file-other.rules) * 1:51381 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51382 <-> ENABLED <-> BROWSER-WEBKIT Apple WebKit JSArray component out-of-bounds access (browser-webkit.rules) * 1:51383 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51384 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari DFG InstanceOf model memory corruption attempt (browser-webkit.rules) * 1:51385 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51386 <-> DISABLED <-> BROWSER-WEBKIT WebKit GetIndexedPropertyStorage memory corruption attempt (browser-webkit.rules) * 1:51387 <-> ENABLED <-> SERVER-WEBAPP Fortinet Fortigate SSL VPN improper authorization attempt (server-webapp.rules) * 1:51388 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51389 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari JSValues type confusion attempt (browser-webkit.rules) * 1:51390 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN version check attempt (server-webapp.rules) * 1:51391 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51392 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds write attempt (browser-webkit.rules) * 1:51393 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox GeckoActiveXObject exploit attempt (browser-other.rules) * 1:51394 <-> DISABLED <-> BROWSER-OTHER Mozilla Firefox GeckoActiveXObject exploit attempt (browser-other.rules) * 1:51395 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:51396 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:51397 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP SQL injection attempt (server-webapp.rules) * 1:51398 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP command injection attempt (server-webapp.rules) * 1:51399 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP SQL injection attempt (server-webapp.rules) * 1:514 <-> DISABLED <-> SERVER-OTHER ramen worm (server-other.rules) * 1:51400 <-> DISABLED <-> SERVER-OTHER Heimdal KDC malformed as-req denial of service attempt (server-other.rules) * 1:51401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML Parsing DoS attempt (browser-ie.rules) * 1:51402 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSHTML Parsing DoS attempt (browser-ie.rules) * 1:51403 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra JIT BoundFunction NewInstance out of bounds read attempt (browser-ie.rules) * 1:51404 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra JIT BoundFunction NewInstance out of bounds read attempt (browser-ie.rules) * 1:51405 <-> DISABLED <-> SERVER-MAIL Mozilla Thunderbird input filter bypass cross site scripting attempt (server-mail.rules) * 1:51406 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51407 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51408 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51409 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51410 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51411 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51412 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51413 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:51415 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51416 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari memory corruption attempt (browser-webkit.rules) * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules) * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules) * 1:51419 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51420 <-> DISABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51421 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51422 <-> DISABLED <-> BROWSER-IE Microsoft Edge Scripting Engine array memory corruption attempt (browser-ie.rules) * 1:51423 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51424 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51425 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51426 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51427 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51428 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine object instantiation heap corruption attempt (browser-chrome.rules) * 1:51429 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51430 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:51431 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51432 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra setPrototypeOf use-after-free attempt (browser-ie.rules) * 1:51433 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51434 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:51435 <-> DISABLED <-> MALWARE-BACKDOOR blazer5 runtime detection (malware-backdoor.rules) * 1:51436 <-> ENABLED <-> OS-WINDOWS Microsoft Windows common log file system driver escalation of privilege attempt (os-windows.rules) * 1:51437 <-> ENABLED <-> OS-WINDOWS Microsoft Windows common log file system driver escalation of privilege attempt (os-windows.rules) * 1:51438 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint BdcAdminService remote code execution attempt (server-webapp.rules) * 1:51439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Custom Elements write-after-free attempt (browser-firefox.rules) * 1:51440 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Custom Elements write-after-free attempt (browser-firefox.rules) * 1:51441 <-> DISABLED <-> SERVER-WEBAPP Laquis SCADA Nome command injection attempt (server-webapp.rules) * 1:51442 <-> DISABLED <-> SERVER-WEBAPP Laquis SCADA Nome command injection attempt (server-webapp.rules) * 1:51443 <-> DISABLED <-> SERVER-WEBAPP Laquis SCADA Nome command injection attempt (server-webapp.rules) * 1:51444 <-> DISABLED <-> SERVER-WEBAPP Laquis SCADA Nome command injection attempt (server-webapp.rules) * 1:51445 <-> ENABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51446 <-> ENABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:51449 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel memory information leak attempt (os-windows.rules) * 1:51450 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel memory information leak attempt (os-windows.rules) * 1:51451 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Common Log File information disclosure attempt (os-windows.rules) * 1:51452 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Common Log File information disclosure attempt (os-windows.rules) * 1:51453 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure Connect VPN post-auth hc.cgi buffer overflow attempt (server-webapp.rules) * 1:51454 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k kernel information leak attempt (os-windows.rules) * 1:51455 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k kernel information leak attempt (os-windows.rules) * 1:51456 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdi32 graphics adapter handling null pointer dereference attempt (os-windows.rules) * 1:51457 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdi32 graphics adapter handling null pointer dereference attempt (os-windows.rules) * 1:51458 <-> ENABLED <-> BROWSER-IE Microsoft Edge print function information disclosure attempt (browser-ie.rules) * 1:51459 <-> ENABLED <-> BROWSER-IE Microsoft Edge print function information disclosure attempt (browser-ie.rules) * 1:51460 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:51463 <-> ENABLED <-> OS-WINDOWS Microsoft Windows elevation of privilege attempt (os-windows.rules) * 1:51464 <-> ENABLED <-> OS-WINDOWS Microsoft Windows elevation of privilege attempt (os-windows.rules) * 1:51465 <-> DISABLED <-> SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (server-webapp.rules) * 1:51466 <-> DISABLED <-> SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (server-webapp.rules) * 1:51467 <-> DISABLED <-> SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (server-webapp.rules) * 1:51468 <-> DISABLED <-> SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (server-webapp.rules) * 1:51469 <-> DISABLED <-> SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (server-webapp.rules) * 1:51470 <-> DISABLED <-> SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (server-webapp.rules) * 1:51471 <-> DISABLED <-> POLICY-OTHER Supermicro BMC Virtual Media service default credentials use attempt (policy-other.rules) * 1:51472 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:51473 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad and Office text converter integer overflow attempt (file-office.rules) * 1:51474 <-> ENABLED <-> FILE-OTHER Microsoft SharePoint deserialization attempt (file-other.rules) * 1:51475 <-> ENABLED <-> FILE-OTHER Microsoft SharePoint deserialization attempt (file-other.rules) * 1:51476 <-> DISABLED <-> SERVER-OTHER NFS server /etc/passwd symlink creation attempt (server-other.rules) * 1:51477 <-> DISABLED <-> SERVER-OTHER NFS server /etc/passwd symlink creation attempt (server-other.rules) * 1:51478 <-> DISABLED <-> SERVER-OTHER NFS server /etc/passwd symlink creation attempt (server-other.rules) * 1:51479 <-> ENABLED <-> FILE-OTHER Microsoft SharePoint remote code execution attempt (file-other.rules) * 1:51480 <-> ENABLED <-> FILE-OTHER Microsoft SharePoint remote code execution attempt (file-other.rules) * 1:51481 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP client buffer overflow attempt (os-windows.rules) * 1:51482 <-> ENABLED <-> FILE-EXECUTABLE Windows Microsoft Remote Desktop Services remote code execution attempt (file-executable.rules) * 1:51483 <-> ENABLED <-> FILE-EXECUTABLE Windows Microsoft Remote Desktop Services remote code execution attempt (file-executable.rules) * 1:51484 <-> ENABLED <-> MALWARE-OTHER ANDR.Trojan.Agent outbound connection attempt (malware-other.rules) * 1:51485 <-> DISABLED <-> SERVER-OTHER Squid proxy DNS CNAME record response denial of service attempt (server-other.rules) * 1:51486 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51487 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51488 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51489 <-> DISABLED <-> SERVER-WEBAPP Webmin password_change command injection attempt (server-webapp.rules) * 1:51490 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51491 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51492 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51493 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51494 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51495 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51496 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51497 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51498 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51499 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51501 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51502 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51503 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51504 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51505 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51506 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51507 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51508 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51509 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51510 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51511 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51512 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51513 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51514 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51515 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51516 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51517 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51518 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51519 <-> DISABLED <-> MALWARE-OTHER Html.Downloader.Agent download attempt (malware-other.rules) * 1:51520 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51521 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51522 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51523 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51524 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51525 <-> ENABLED <-> MALWARE-OTHER Win.Exploit.Hacktool malicious executable download attempt (malware-other.rules) * 1:51526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51527 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51528 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51529 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Crysis malicious executable download attempt (malware-other.rules) * 1:51532 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection (malware-cnc.rules) * 1:51533 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRAT variant inbound connection (malware-cnc.rules) * 1:51534 <-> ENABLED <-> MALWARE-BACKDOOR DNS request for open LocalXpose reverse proxy backdoor domain ANY.loclx.io (malware-backdoor.rules) * 1:51535 <-> ENABLED <-> MALWARE-BACKDOOR TLS certificate securing LocalXpose reverse proxy backdoor (malware-backdoor.rules) * 1:51536 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.Agent IoT backdoor download (malware-other.rules) * 1:51537 <-> ENABLED <-> SERVER-WEBAPP WordPress Print-My-Blog plugin server side request forgery attempt (server-webapp.rules) * 1:51538 <-> DISABLED <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt (server-webapp.rules) * 1:51539 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 reverse connect shell (indicator-shellcode.rules) * 1:51540 <-> DISABLED <-> INDICATOR-SHELLCODE BSD x86 reverse connect shell (indicator-shellcode.rules) * 1:51541 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModularInstaller variant outbound connection detected (malware-cnc.rules) * 1:51542 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModularInstaller variant outbound connection detected (malware-cnc.rules) * 1:51543 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModularInstaller variant outbound connection detected (malware-cnc.rules) * 1:51544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModularInstaller variant outbound connection detected (malware-cnc.rules) * 1:51545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModularInstaller variant outbound connection detected (malware-cnc.rules) * 1:51546 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModularInstaller variant outbound connection detected (malware-cnc.rules) * 1:51547 <-> DISABLED <-> SERVER-APACHE Apache cookie logging denial of service attempt (server-apache.rules) * 1:51548 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules) * 1:51549 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules) * 1:51550 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules) * 1:51551 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules) * 1:51552 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules) * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules) * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules) * 1:51555 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:51556 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:51557 <-> DISABLED <-> OS-WINDOWS Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt (os-windows.rules) * 1:51558 <-> DISABLED <-> POLICY-OTHER mobile device data tracking attempt (policy-other.rules) * 1:51559 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51560 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire cross site scripting attempt (server-webapp.rules) * 1:51565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51567 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51568 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:51569 <-> DISABLED <-> SERVER-WEBAPP HPE Network Automation PermissionFilter unauthenticated information disclosure attempt (server-webapp.rules) * 1:51570 <-> DISABLED <-> SERVER-WEBAPP osCommerce PHP code injection attempt (server-webapp.rules) * 1:51571 <-> DISABLED <-> SERVER-WEBAPP HPE Intelligent Management Center opcode denial-of-service attempt (server-webapp.rules) * 1:51572 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51573 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51574 <-> DISABLED <-> SERVER-WEBAPP Joomla component Alexandria Book Library SQL injection attempt (server-webapp.rules) * 1:51575 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51576 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router stack buffer overflow attempt (server-webapp.rules) * 1:51577 <-> DISABLED <-> SERVER-WEBAPP HooToo HT-TMO6 Travel router heap buffer overflow attempt (server-webapp.rules) * 1:51578 <-> DISABLED <-> SERVER-WEBAPP PHP http fopen stack buffer overflow attempt (server-webapp.rules) * 1:51579 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51580 <-> DISABLED <-> FILE-OTHER iptables-restore file stack buffer overflow attempt (file-other.rules) * 1:51581 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-823G routers HNAP1 command injection attempt (server-webapp.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51583 <-> DISABLED <-> SERVER-WEBAPP Lighttpd url-path-2f-decode denial of service attempt (server-webapp.rules) * 1:51584 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51585 <-> DISABLED <-> BROWSER-IE Internet Explorer DirectAnimation denial of service attempt (browser-ie.rules) * 1:51586 <-> DISABLED <-> SERVER-OTHER Docker daemon API arbitrary code execution attempt (server-other.rules) * 1:51593 <-> ENABLED <-> MALWARE-CNC Win.Adware.BrowserAssistant variant outbound connection (malware-cnc.rules) * 1:51594 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51595 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:51596 <-> DISABLED <-> SERVER-OTHER HAProxy cookie denial of service attempt (server-other.rules) * 1:516 <-> DISABLED <-> PROTOCOL-SNMP NT UserList (protocol-snmp.rules) * 1:51603 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51604 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router multiple products unauthenticated remote DNS change attempt (server-webapp.rules) * 1:51620 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51621 <-> ENABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51629 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager reporting.aspx SQL injection attempt (server-webapp.rules) * 1:51630 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager reporting.aspx SQL injection attempt (server-webapp.rules) * 1:51631 <-> DISABLED <-> POLICY-OTHER Easy Hosting Control Panel command execution attempt (policy-other.rules) * 1:51632 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules) * 1:51633 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript exploit obfuscation attempt (indicator-obfuscation.rules) * 1:51634 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ordinypt malicious executable download attempt (malware-cnc.rules) * 1:51635 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ordinypt malicious executable download attempt (malware-cnc.rules) * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (malware-cnc.rules) * 1:51637 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit executable download attempt (exploit-kit.rules) * 1:51638 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit executable download attempt (exploit-kit.rules) * 1:51639 <-> DISABLED <-> SERVER-OTHER AVEVA InduSoft Web Studio and InTouch Edge HMI buffer overflow attempt (server-other.rules) * 1:51640 <-> DISABLED <-> SERVER-WEBAPP JavaScript library OpenPGP.js improper signature verification attempt (server-webapp.rules) * 1:51641 <-> DISABLED <-> SERVER-WEBAPP JavaScript library OpenPGP.js improper signature verification attempt (server-webapp.rules) * 1:51642 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Gmera variant outbound connection (malware-cnc.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51647 <-> DISABLED <-> SERVER-OTHER Indusoft Web Studio and Intouch Machine Edition stack buffer overflow attempt (server-other.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (os-windows.rules) * 1:51653 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server Enterprise denial of service attempt (server-webapp.rules) * 1:51654 <-> DISABLED <-> POLICY-OTHER InduSoft Web Studio MTCheckFileFunctionsTimeout remote code execution attempt (policy-other.rules) * 1:51655 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51656 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51657 <-> DISABLED <-> SERVER-WEBAPP B-net Software cross site scripting attempt (server-webapp.rules) * 1:51658 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51659 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51660 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager cross site scripting attempt (server-webapp.rules) * 1:51661 <-> DISABLED <-> SERVER-WEBAPP Responsive FileManager directory traversal attempt (server-webapp.rules) * 1:51662 <-> DISABLED <-> SERVER-APACHE Apache Qpid AMQP denial of service attempt (server-apache.rules) * 1:51663 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Grace Media Player local file inclusion attempt (server-webapp.rules) * 1:51664 <-> DISABLED <-> SERVER-WEBAPP Cesanta Mongoose buffer overflow attempt (server-webapp.rules) * 1:51667 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51668 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51669 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager download.php directory traversal attempt (server-webapp.rules) * 1:51670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51671 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant outbound connection detected (malware-cnc.rules) * 1:51672 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Moonshine outbound connection (malware-cnc.rules) * 1:51681 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51682 <-> DISABLED <-> SERVER-WEBAPP Apache Solr DataImportHandler arbitrary code execution attempt (server-webapp.rules) * 1:51683 <-> DISABLED <-> POLICY-OTHER Apache Solr DataImportHandler arbitrary dataConfig import attempt (policy-other.rules) * 1:51685 <-> DISABLED <-> SERVER-OTHER Symantec AMS Intel handler service overly large size1 dos attempt (server-other.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:517 <-> DISABLED <-> X11 xdmcp query (x11.rules) * 1:51712 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.NanoCore DNS request for known malware domain bsbs.duckdns.org (indicator-compromise.rules) * 1:51714 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules) * 1:51715 <-> DISABLED <-> BROWSER-IE Microsoft Edge prototype JsBuiltInEngineInterfaceExtensionObject use-after-free attempt (browser-ie.rules) * 1:51720 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules) * 1:51721 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules) * 1:51722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules) * 1:51723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Alreay malicious executable download attempt (malware-cnc.rules) * 1:51724 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:51725 <-> DISABLED <-> SERVER-WEBAPP HAProxy H2 Frame heap memory corruption attempt (server-webapp.rules) * 1:51726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules) * 1:51727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Silence variant proxy connection detected (malware-cnc.rules) * 1:51730 <-> DISABLED <-> SERVER-WEBAPP OpenEMR directory traversal attempt (server-webapp.rules) * 1:51731 <-> DISABLED <-> SERVER-WEBAPP OpenEMR directory traversal attempt (server-webapp.rules) * 1:51732 <-> DISABLED <-> SERVER-WEBAPP OpenEMR directory traversal attempt (server-webapp.rules) * 1:51733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k font file privilege escalation attempt (os-windows.rules) * 1:51734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k font file privilege escalation attempt (os-windows.rules) * 1:51735 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51736 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51739 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:51740 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:51741 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Remote Desktop client heap spray attempt (indicator-compromise.rules) * 1:51742 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client DRDYNVC use after free attempt (os-windows.rules) * 1:51743 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51744 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51745 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51746 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51747 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unacceptable accept offering attempt (protocol-voip.rules) * 1:51748 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown method with CSeq method mismatch attempt (protocol-voip.rules) * 1:51749 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple Content-Length headers attempt (protocol-voip.rules) * 1:51750 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51751 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture negative Content-Length attempt (protocol-voip.rules) * 1:51752 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture 200 OK response with broadcast in Via header attempt (protocol-voip.rules) * 1:51753 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture failure to enclose name-addr URI in angle brackets attempt (protocol-voip.rules) * 1:51754 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Require header value attempt (protocol-voip.rules) * 1:51755 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51756 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Warning header value attempt (protocol-voip.rules) * 1:51758 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Proxy-Require header value attempt (protocol-voip.rules) * 1:51759 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture multiple SP separating request-line elements attempt (protocol-voip.rules) * 1:51760 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing To header field attempt (protocol-voip.rules) * 1:51761 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing From header field attempt (protocol-voip.rules) * 1:51762 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture invalid Date header time zone attempt (protocol-voip.rules) * 1:51763 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Authorization scheme attempt (protocol-voip.rules) * 1:51764 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request URI with atypical scheme attempt (protocol-voip.rules) * 1:51765 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51766 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large Expires header value attempt (protocol-voip.rules) * 1:51767 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture missing CSeq header attempt (protocol-voip.rules) * 1:51768 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly large CSeq header value attempt (protocol-voip.rules) * 1:51769 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown URI scheme in Contact field attempt (protocol-voip.rules) * 1:51770 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request Max-Forwards header of zero attempt (protocol-voip.rules) * 1:51771 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture unknown Content-Type attempt (protocol-voip.rules) * 1:51772 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing Call-ID header attempt (protocol-voip.rules) * 1:51773 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request invalid Content-Length attempt (protocol-voip.rules) * 1:51774 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture overly-large SIP response code attempt (protocol-voip.rules) * 1:51775 <-> DISABLED <-> SERVER-WEBAPP Gxlcms SQL injection attempt (server-webapp.rules) * 1:51776 <-> DISABLED <-> SERVER-WEBAPP Indusoft Web Studio/Intouch Machine Edition buffer overflow attempt (server-webapp.rules) * 1:51777 <-> DISABLED <-> FILE-OTHER Microsoft Windows dismHost.exe dll-load exploit attempt (file-other.rules) * 1:51778 <-> DISABLED <-> FILE-OTHER Microsoft Windows dismHost.exe dll-load exploit attempt (file-other.rules) * 1:51779 <-> DISABLED <-> SERVER-WEBAPP generic cross-site scripting attempt (server-webapp.rules) * 1:51780 <-> DISABLED <-> SERVER-IIS Microsoft IIS IDC ISAPI cross-site scripting attempt (server-iis.rules) * 1:51781 <-> DISABLED <-> OS-WINDOWS Microsoft Windows registry key deletion privilege escalation attempt (os-windows.rules) * 1:51782 <-> DISABLED <-> OS-WINDOWS Microsoft Windows registry key deletion privilege escalation attempt (os-windows.rules) * 1:51783 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51784 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51785 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51786 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51787 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51788 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:51789 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript engine memory corruption attempt (browser-ie.rules) * 1:51790 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript engine memory corruption attempt (browser-ie.rules) * 1:51791 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript engine memory corruption attempt (browser-ie.rules) * 1:51792 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript engine memory corruption attempt (browser-ie.rules) * 1:51793 <-> ENABLED <-> BROWSER-IE Microsoft Edge MSXML memory corruption attempt (browser-ie.rules) * 1:51794 <-> ENABLED <-> BROWSER-IE Microsoft Edge MSXML memory corruption attempt (browser-ie.rules) * 1:51795 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51796 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51797 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51798 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51799 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:518 <-> DISABLED <-> PROTOCOL-TFTP Put (protocol-tftp.rules) * 1:51800 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51801 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Agent outbound connection attempt (malware-cnc.rules) * 1:51802 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51803 <-> DISABLED <-> SERVER-WEBAPP Dell EMC Data Protection Advisor XML external entity injection attempt (server-webapp.rules) * 1:51804 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51805 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51806 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51807 <-> DISABLED <-> SERVER-WEBAPP Wordpress Admin panel delete action cross site scripting attempt (server-webapp.rules) * 1:51808 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51809 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51810 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51811 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51812 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51813 <-> DISABLED <-> SERVER-WEBAPP vBulletin SQL injection attempt (server-webapp.rules) * 1:51814 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:51815 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:51816 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules) * 1:51817 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules) * 1:51818 <-> DISABLED <-> SERVER-WEBAPP vBulletin updateAvatar PHP remote code execution attempt (server-webapp.rules) * 1:51819 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules) * 1:51820 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer 3GP file parsing memory corruption attempt (file-multimedia.rules) * 1:51821 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules) * 1:51822 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore AIR optimization memory corruption attempt (browser-webkit.rules) * 1:51823 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules) * 1:51824 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore JSValue use after free attempt (browser-webkit.rules) * 1:51825 <-> DISABLED <-> SERVER-OTHER Talkative IRC buffer overflow attempt (server-other.rules) * 1:51826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules) * 1:51827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules) * 1:51828 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules) * 1:51829 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules) * 1:51830 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiRelocateImage out of bounds read attempt (os-windows.rules) * 1:51831 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules) * 1:51832 <-> DISABLED <-> BROWSER-WEBKIT WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt (browser-webkit.rules) * 1:51833 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51834 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51835 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51836 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51837 <-> DISABLED <-> SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (server-webapp.rules) * 1:51838 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules) * 1:51839 <-> DISABLED <-> SERVER-OTHER Redis server RESP arbitrary code execution attempt (server-other.rules) * 1:51840 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver HostControl command injection attempt (server-webapp.rules) * 1:51841 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules) * 1:51842 <-> DISABLED <-> SERVER-WEBAPP Tableau XML external entity injection attempt (server-webapp.rules) * 1:51843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51844 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51845 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51846 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51847 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT MiOffsetToProtos NULL pointer dereference attempt (os-windows.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules) * 1:51868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules) * 1:51869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules) * 1:51870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed PE DLL out of bounds read attempt (os-windows.rules) * 1:51871 <-> DISABLED <-> SERVER-WEBAPP Datalust Seq authentication bypass attempt (server-webapp.rules) * 1:51872 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules) * 1:51873 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules) * 1:51874 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules) * 1:51875 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules) * 1:51876 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules) * 1:51877 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules) * 1:51878 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules) * 1:51879 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DLL Load Configuration Directory out of bounds read attempt (os-windows.rules) * 1:51880 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules) * 1:51881 <-> DISABLED <-> FILE-OTHER Microsoft Windows WER arbitrary file move escalation of privilege attempt (file-other.rules) * 1:51882 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules) * 1:51883 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules) * 1:51884 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules) * 1:51885 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules) * 1:51886 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules) * 1:51887 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules) * 1:51888 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules) * 1:51889 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NT CipFixImageType out of bounds read attempt (os-windows.rules) * 1:51896 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51897 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:51898 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:51899 <-> DISABLED <-> SERVER-WEBAPP Adminer port scan server side request forgery attempt (server-webapp.rules) * 1:519 <-> DISABLED <-> PROTOCOL-TFTP parent directory (protocol-tftp.rules) * 1:51908 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51909 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51910 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51911 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51912 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51913 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51914 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51915 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51916 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51917 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51918 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51919 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51920 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51921 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51922 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Gustuff variant outbound cnc connection (malware-cnc.rules) * 1:51923 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible PHP eval backdoor upload attempt (indicator-obfuscation.rules) * 1:51930 <-> DISABLED <-> SERVER-WEBAPP PHP tag depth heap memory corruption attempt (server-webapp.rules) * 1:51943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ActiveX type confusion attempt (browser-ie.rules) * 1:51945 <-> DISABLED <-> FILE-OTHER Ghostscript -dSAFER sandbox bypass attempt (file-other.rules) * 1:51946 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:51947 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:51953 <-> ENABLED <-> OS-MOBILE Android WhatsApp malformed GIF double-free remote code execution attempt (os-mobile.rules) * 1:51954 <-> ENABLED <-> OS-MOBILE Android WhatsApp malformed GIF double-free remote code execution attempt (os-mobile.rules) * 1:51955 <-> ENABLED <-> OS-MOBILE Android WhatsApp malformed GIF double-free remote code execution attempt (os-mobile.rules) * 1:51956 <-> ENABLED <-> OS-MOBILE Android WhatsApp malformed GIF double-free remote code execution attempt (os-mobile.rules) * 1:51957 <-> DISABLED <-> FILE-OFFICE Microsoft Word RTF stack exhaustion denial of service attempt (file-office.rules) * 1:51958 <-> DISABLED <-> FILE-OFFICE Microsoft Word RTF stack exhaustion denial of service attempt (file-office.rules) * 1:51959 <-> DISABLED <-> FILE-OFFICE Microsoft Word RTF stack exhaustion denial of service attempt (file-office.rules) * 1:51960 <-> DISABLED <-> FILE-OFFICE Microsoft Word RTF stack exhaustion denial of service attempt (file-office.rules) * 1:51961 <-> DISABLED <-> SERVER-WEBAPP Jenkins CLI arbitrary Java object deserialization attempt (server-webapp.rules) * 1:51962 <-> DISABLED <-> SERVER-OTHER multiple products HTTP GET request buffer overflow attempt (server-other.rules) * 1:51963 <-> DISABLED <-> SERVER-OTHER multiple products HTTP GET request buffer overflow attempt (server-other.rules) * 1:51964 <-> DISABLED <-> SERVER-OTHER multiple products HTTP OPTIONS request buffer overflow attempt (server-other.rules) * 1:51965 <-> DISABLED <-> SERVER-OTHER multiple products HTTP referer header buffer overflow attempt (server-other.rules) * 1:51966 <-> DISABLED <-> POLICY-OTHER Microsoft Exchange Server PushSubscriptionRequest setup attempt (policy-other.rules) * 1:51967 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Emotet variant download attempt (malware-tools.rules) * 1:51968 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Emotet variant download attempt (malware-tools.rules) * 1:51969 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Emotet variant download attempt (malware-tools.rules) * 1:51970 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Emotet variant download attempt (malware-tools.rules) * 1:51971 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound beacon attempt (malware-cnc.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51977 <-> DISABLED <-> SERVER-WEBAPP FusionPBX service_edit.php command injection attempt (server-webapp.rules) * 1:51978 <-> DISABLED <-> SERVER-WEBAPP FusionPBX service_edit.php command injection attempt (server-webapp.rules) * 1:51979 <-> DISABLED <-> SERVER-WEBAPP FusionPBX service_edit.php command injection attempt (server-webapp.rules) * 1:51980 <-> DISABLED <-> SERVER-WEBAPP FusionPBX service_edit.php command injection attempt (server-webapp.rules) * 1:51981 <-> ENABLED <-> SERVER-WEBAPP Microsoft Sharepoint DestinationFolder cross site scripting attempt (server-webapp.rules) * 1:51982 <-> DISABLED <-> SERVER-WEBAPP AlienVault USM and OSSIM FQDN command injection attempt (server-webapp.rules) * 1:51983 <-> DISABLED <-> SERVER-WEBAPP AlienVault USM and OSSIM FQDN command injection attempt (server-webapp.rules) * 1:51984 <-> DISABLED <-> SERVER-MAIL Mail.app AppleSingleDouble command execution attempt (server-mail.rules) * 1:51985 <-> DISABLED <-> SERVER-MAIL Mail.app AppleSingleDouble command execution attempt (server-mail.rules) * 1:51986 <-> DISABLED <-> FILE-OTHER Viber for Desktop URI handler remote code execution attempt (file-other.rules) * 1:51987 <-> DISABLED <-> FILE-OTHER Viber for Desktop URI handler remote code execution attempt (file-other.rules) * 1:51988 <-> DISABLED <-> POLICY-OTHER Invalid HTTP content type (policy-other.rules) * 1:51989 <-> DISABLED <-> SERVER-OTHER Squid Proxy cache denial of service attempt (server-other.rules) * 1:51990 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:51991 <-> DISABLED <-> POLICY-OTHER Zavio IP Camera 1.6.03 remote feed access attempt (policy-other.rules) * 1:51992 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:51993 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:51994 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:51995 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess SCADA 8.3.2 command injection attempt (server-webapp.rules) * 1:51996 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess SCADA 8.3.2 command injection attempt (server-webapp.rules) * 1:51997 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess SCADA 8.3.2 command injection attempt (server-webapp.rules) * 1:51998 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess SCADA 8.3.2 command injection attempt (server-webapp.rules) * 1:51999 <-> DISABLED <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt (file-other.rules) * 1:520 <-> DISABLED <-> PROTOCOL-TFTP root directory (protocol-tftp.rules) * 1:52000 <-> DISABLED <-> FILE-OTHER LibreOffice office document arbitrary script execution attempt (file-other.rules) * 1:52001 <-> DISABLED <-> SERVER-WEBAPP WordPress meta_input path traversal attempt (server-webapp.rules) * 1:52002 <-> DISABLED <-> BROWSER-WEBKIT WebKit WebCore handleMenuItemSelected use after free attempt (browser-webkit.rules) * 1:52003 <-> DISABLED <-> BROWSER-WEBKIT WebKit WebCore handleMenuItemSelected use after free attempt (browser-webkit.rules) * 1:52004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:52005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.OceanLotus variant download attempt (malware-cnc.rules) * 1:52006 <-> DISABLED <-> SERVER-OTHER Eclipse Mosquitto MQTT SUBSCRIBE request topic parsing buffer overflow attempt (server-other.rules) * 1:52007 <-> DISABLED <-> POLICY-OTHER HTTP GET request from URL list attempt (policy-other.rules) * 1:52019 <-> DISABLED <-> SERVER-MAIL MailEnable Mail Server IMAP client command buffer overflow attempt (server-mail.rules) * 1:52022 <-> DISABLED <-> OS-LINUX Red Hat NetworkManager DHCP client command injection attempt (os-linux.rules) * 1:52026 <-> ENABLED <-> MALWARE-OTHER Xml.Phishing.Evernote outbound connection (malware-other.rules) * 1:52027 <-> ENABLED <-> MALWARE-OTHER Xml.Phishing.Evernote outbound connection (malware-other.rules) * 1:52028 <-> DISABLED <-> SERVER-WEBAPP JavaServer Faces Library unauthorized serialized object attempt (server-webapp.rules) * 1:52029 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound beacon attempt (malware-cnc.rules) * 1:52030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overwrite attempt (os-windows.rules) * 1:52031 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overwrite attempt (os-windows.rules) * 1:52032 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overwrite attempt (os-windows.rules) * 1:52033 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overwrite attempt (os-windows.rules) * 1:52034 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overwrite attempt (os-windows.rules) * 1:52035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overwrite attempt (os-windows.rules) * 1:52036 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JNBridge remote code execution attempt (server-other.rules) * 1:52037 <-> ENABLED <-> SERVER-OTHER ZeroMQ libzmq stack-based buffer overflow attempt (server-other.rules) * 1:52038 <-> DISABLED <-> SERVER-OTHER PostgreSQL SCRAM authentication stack buffer overflow attempt (server-other.rules) * 1:52039 <-> DISABLED <-> SERVER-OTHER PostgreSQL SCRAM authentication stack buffer overflow attempt (server-other.rules) * 1:52040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JP2 image stream parsing double free attempt (file-pdf.rules) * 1:52041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JP2 image stream parsing double free attempt (file-pdf.rules) * 1:52042 <-> DISABLED <-> SERVER-OTHER OpenSSL ECDH malformed Client Hello denial of service attempt (server-other.rules) * 1:52043 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection attempt (server-webapp.rules) * 1:52044 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection attempt (server-webapp.rules) * 1:52045 <-> DISABLED <-> SERVER-WEBAPP VEGO Web Forum SQL injection attempt (server-webapp.rules) * 1:52052 <-> DISABLED <-> SERVER-WEBAPP Surreal ToDo SQL injection attempt (server-webapp.rules) * 1:52055 <-> DISABLED <-> POLICY-OTHER WordPress XML-RPC pingback request attempt (policy-other.rules) * 1:52056 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52057 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:52059 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52060 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52061 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52062 <-> DISABLED <-> BROWSER-OTHER Samsung SmartViewer STWAxConfigNVR remote code execution attempt (browser-other.rules) * 1:52063 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52064 <-> DISABLED <-> FILE-OTHER PowerShell Empire python launcher download attempt (file-other.rules) * 1:52065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel row record buffer overflow attempt (file-office.rules) * 1:52067 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy cachemgr.cgi denial of service attempt (server-webapp.rules) * 1:52068 <-> ENABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules) * 1:52069 <-> ENABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules) * 1:52070 <-> ENABLED <-> MALWARE-OTHER known malicious browser profiler script download attempt (malware-other.rules) * 1:52071 <-> ENABLED <-> MALWARE-OTHER known malicious browser profiler script download attempt (malware-other.rules) * 1:52072 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52073 <-> DISABLED <-> SERVER-OTHER Microsoft JET Database ExcelExtractString stack buffer overflow attempt (server-other.rules) * 1:52074 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52075 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52076 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52077 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52078 <-> DISABLED <-> SERVER-OTHER ISC BIND DHCP client DNAME resource record parsing denial of service attempt (server-other.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52081 <-> DISABLED <-> INDICATOR-COMPROMISE Responder poisoner service negotiation attack attempt (indicator-compromise.rules) * 1:52084 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52085 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine Map prototype memory corruption attempt (browser-ie.rules) * 1:52087 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52088 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier (protocol-voip.rules) * 1:52089 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52090 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52091 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request embedded linear white space in URI attempt (protocol-voip.rules) * 1:52092 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52093 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large CSeq header value attempt (protocol-voip.rules) * 1:52094 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request overly large Warning header value attempt (protocol-voip.rules) * 1:52099 <-> DISABLED <-> SERVER-WEBAPP Jenkins SCM Git Client plugin command injection attempt (server-webapp.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52112 <-> DISABLED <-> SERVER-WEBAPP Git client path validation command execution attempt (server-webapp.rules) * 1:52113 <-> DISABLED <-> FILE-OTHER Oracle Outside-In library CorelDRAW parsing integer overflow attempt (file-other.rules) * 1:52114 <-> DISABLED <-> FILE-OTHER Oracle Outside-In library CorelDRAW parsing integer overflow attempt (file-other.rules) * 1:52115 <-> ENABLED <-> INDICATOR-COMPROMISE Xml.Downloader.PowMet fileless malware variant download attempt (indicator-compromise.rules) * 1:52116 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Downloader.PowMet powershell script download attempt (indicator-compromise.rules) * 1:52117 <-> ENABLED <-> INDICATOR-COMPROMISE Xml.Downloader.PowMet fileless malware variant download attempt (indicator-compromise.rules) * 1:52118 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Downloader.PowMet powershell script download attempt (indicator-compromise.rules) * 1:52123 <-> DISABLED <-> SERVER-WEBAPP PHP FPM env_path_info buffer underflow attempt (server-webapp.rules) * 1:52124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:52125 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:52130 <-> ENABLED <-> SERVER-WEBAPP Apache Struts OGNL expression injection attempt (server-webapp.rules) * 1:52132 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:52133 <-> DISABLED <-> FILE-OTHER Libmspack cabd_sys_read_block off-by-one heap overflow attempt (file-other.rules) * 1:52134 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52135 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52136 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52137 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52138 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52140 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52141 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52142 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52143 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52144 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52145 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52146 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52147 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52148 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:52149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:52150 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_SP_NA_1 (protocol-scada.rules) * 1:52151 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_DP_NA_1 (protocol-scada.rules) * 1:52152 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ST_NA_1 (protocol-scada.rules) * 1:52153 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_BO_NA_1 (protocol-scada.rules) * 1:52154 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ME_NA_1 (protocol-scada.rules) * 1:52155 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ME_NB_1 (protocol-scada.rules) * 1:52156 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ME_ND_1 (protocol-scada.rules) * 1:52157 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_DP_TB_1 (protocol-scada.rules) * 1:52158 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ME_NC_1 (protocol-scada.rules) * 1:52159 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_PS_NA_1 (protocol-scada.rules) * 1:52160 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_SP_TB_1 (protocol-scada.rules) * 1:52161 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_IT_NA_1 (protocol-scada.rules) * 1:52162 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ST_TB_1 (protocol-scada.rules) * 1:52163 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ME_TD_1 (protocol-scada.rules) * 1:52164 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_BO_TB_1 (protocol-scada.rules) * 1:52165 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ME_TE_1 (protocol-scada.rules) * 1:52166 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_ME_TF_1 (protocol-scada.rules) * 1:52167 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_IT_TB_1 (protocol-scada.rules) * 1:52168 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_EP_TD_1 (protocol-scada.rules) * 1:52169 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_EP_TE_1 (protocol-scada.rules) * 1:52170 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_EP_TF_1 (protocol-scada.rules) * 1:52171 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_SC_NA_1 (protocol-scada.rules) * 1:52172 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_DC_NA_1 (protocol-scada.rules) * 1:52173 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_RC_NA_1 (protocol-scada.rules) * 1:52174 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_SE_NA_1 (protocol-scada.rules) * 1:52175 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_SE_NB_1 (protocol-scada.rules) * 1:52176 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_SE_NC_1 (protocol-scada.rules) * 1:52177 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_BO_NA_1 (protocol-scada.rules) * 1:52178 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_SC_TA_1 (protocol-scada.rules) * 1:52179 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_DC_TA_1 (protocol-scada.rules) * 1:52180 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_RC_TA_1 (protocol-scada.rules) * 1:52181 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_SE_TA_1 (protocol-scada.rules) * 1:52182 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_SE_TB_1 (protocol-scada.rules) * 1:52183 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_SE_TC_1 (protocol-scada.rules) * 1:52184 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_BO_TA_1 (protocol-scada.rules) * 1:52185 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 M_EI_NA_1 (protocol-scada.rules) * 1:52186 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_TS_TA_1 (protocol-scada.rules) * 1:52187 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 P_ME_NA_1 (protocol-scada.rules) * 1:52188 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 P_ME_NB_1 (protocol-scada.rules) * 1:52189 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_CI_NA_1 (protocol-scada.rules) * 1:52190 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_RD_NA_1 (protocol-scada.rules) * 1:52191 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_IC_NA_1 (protocol-scada.rules) * 1:52192 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_CS_NA_1 (protocol-scada.rules) * 1:52193 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 C_RP_NA_1 (protocol-scada.rules) * 1:52194 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 P_ME_NC_1 (protocol-scada.rules) * 1:52195 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 F_AF_NA_1 (protocol-scada.rules) * 1:52196 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 F_FR_NA_1 (protocol-scada.rules) * 1:52197 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 P_AC_NA_1 (protocol-scada.rules) * 1:52198 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 F_SR_NA_1 (protocol-scada.rules) * 1:52199 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 F_SC_NA_1 (protocol-scada.rules) * 1:52200 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 F_LS_NA_1 (protocol-scada.rules) * 1:52201 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 F_SG_NA_1 (protocol-scada.rules) * 1:52202 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 F_DR_TA_1 (protocol-scada.rules) * 1:52203 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 F_SC_NB_1 (protocol-scada.rules) * 1:52204 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU informationReport message (protocol-scada.rules) * 1:52205 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:52206 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:52207 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:52208 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys memory corruption attempt (os-windows.rules) * 1:52209 <-> ENABLED <-> OS-WINDOWS Microsoft Windows vMatchAPal privilege escalation attempt (os-windows.rules) * 1:52210 <-> ENABLED <-> OS-WINDOWS Microsoft Windows vMatchAPal privilege escalation attempt (os-windows.rules) * 1:52211 <-> ENABLED <-> OS-WINDOWS Microsoft Windows vMatchAPal privilege escalation attempt (os-windows.rules) * 1:52212 <-> ENABLED <-> OS-WINDOWS Microsoft Windows vMatchAPal privilege escalation attempt (os-windows.rules) * 1:52213 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:52214 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:52215 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:52216 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:52217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:52218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:52219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:52220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows privilege escalation attempt (os-windows.rules) * 1:52221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiPlgBlt out-of-bounds write attempt (os-windows.rules) * 1:52222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NtGdiPlgBlt out-of-bounds write attempt (os-windows.rules) * 1:52223 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CRedirectVisualMarshaler privilege escalation attempt (os-windows.rules) * 1:52224 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CRedirectVisualMarshaler privilege escalation attempt (os-windows.rules) * 1:52225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt (os-windows.rules) * 1:52226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt (os-windows.rules) * 1:52227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt (os-windows.rules) * 1:52228 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k printer driver pallet privilege escalation attempt (os-windows.rules) * 1:52229 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI glyph bitmap elevation of privilege attempt (os-windows.rules) * 1:52230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI glyph bitmap elevation of privilege attempt (os-windows.rules) * 1:52231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI glyph bitmap elevation of privilege attempt (os-windows.rules) * 1:52232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI glyph bitmap elevation of privilege attempt (os-windows.rules) * 1:52233 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel information disclosure attempt (os-windows.rules) * 1:52234 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel information disclosure attempt (os-windows.rules) * 1:52235 <-> DISABLED <-> SERVER-WEBAPP Wget HTTP non-200 negative chunk-size buffer overflow attempt (server-webapp.rules) * 1:52236 <-> ENABLED <-> SERVER-OTHER Solarwinds Dameware Mini Remote Control agent access attempt (server-other.rules) * 1:52239 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:52240 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:52242 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt (server-webapp.rules) * 1:52243 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-320 ShareCenter command injection attempt (server-webapp.rules) * 1:52244 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit handleIntrinsicCall type confusion attempt (browser-webkit.rules) * 1:52245 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit handleIntrinsicCall type confusion attempt (browser-webkit.rules) * 1:52246 <-> ENABLED <-> INDICATOR-COMPROMISE AgentTesla variant outbound connection attempt (indicator-compromise.rules) * 1:52248 <-> DISABLED <-> BROWSER-CHROME Google Chrome Javascript V8 Array.indexOf information leak attempt (browser-chrome.rules) * 1:52249 <-> DISABLED <-> BROWSER-CHROME Google Chrome Javascript V8 Array.indexOf information leak attempt (browser-chrome.rules) * 1:52250 <-> DISABLED <-> BROWSER-CHROME Google Chrome Javascript V8 Array.includes information leak attempt (browser-chrome.rules) * 1:52251 <-> DISABLED <-> BROWSER-CHROME Google Chrome Javascript V8 Array.includes information leak attempt (browser-chrome.rules) * 1:52252 <-> ENABLED <-> MALWARE-CNC Win.Adware.DomaIQ variant outbound connection (malware-cnc.rules) * 1:52253 <-> DISABLED <-> FILE-OTHER libexpat internal entity heap over-read attempt (file-other.rules) * 1:52254 <-> DISABLED <-> FILE-OTHER libexpat internal entity heap over-read attempt (file-other.rules) * 1:52255 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerShell variant outbound connection (malware-cnc.rules) * 1:52256 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules) * 1:52257 <-> ENABLED <-> MALWARE-CNC Js.Trojan.FakeUpdate outbound connection (malware-cnc.rules) * 1:52258 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant inbound connection (malware-cnc.rules) * 1:52259 <-> ENABLED <-> MALWARE-CNC Js.Trojan.FakeUpdate outbound connection (malware-cnc.rules) * 1:52260 <-> ENABLED <-> MALWARE-CNC Js.Trojan.FakeUpdate outbound connection (malware-cnc.rules) * 1:52261 <-> ENABLED <-> MALWARE-CNC Js.Trojan.FakeUpdate outbound connection (malware-cnc.rules) * 1:52262 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant inbound connection (malware-cnc.rules) * 1:52263 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant inbound connection (malware-cnc.rules) * 1:52264 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant inbound connection (malware-cnc.rules) * 1:52265 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin delete server cross-site request forgery attempt (server-webapp.rules) * 1:52266 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin direct access server deletion attempt (server-webapp.rules) * 1:52267 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin delete server cross-site request forgery attempt (server-webapp.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:52271 <-> DISABLED <-> SERVER-WEBAPP Joomla Jimtawl id parameter SQL injection attempt (server-webapp.rules) * 1:52272 <-> DISABLED <-> SERVER-WEBAPP Joomla Jimtawl id parameter SQL injection attempt (server-webapp.rules) * 1:52273 <-> DISABLED <-> SERVER-WEBAPP Joomla Jimtawl id parameter SQL injection attempt (server-webapp.rules) * 1:52276 <-> DISABLED <-> SERVER-WEBAPP Shenzhen TVT Digital Technology API OS buffer overflow attempt (server-webapp.rules) * 1:52277 <-> DISABLED <-> SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (server-webapp.rules) * 1:52278 <-> DISABLED <-> SERVER-WEBAPP Shenzhen TVT Digital Technology API OS command injection attempt (server-webapp.rules) * 1:52279 <-> DISABLED <-> SERVER-WEBAPP Shenzhen TVT Digital Technology API OS buffer overflow attempt (server-webapp.rules) * 1:52280 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS admin default credentials login attempt (policy-other.rules) * 1:52281 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52282 <-> DISABLED <-> POLICY-OTHER Shenzhen TVT Digital Technology API OS telnet root default credentials login attempt (policy-other.rules) * 1:52283 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52285 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52286 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:52287 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52290 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Agent malicious DLL loader download attempt (malware-other.rules) * 1:52291 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52292 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52293 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52294 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52295 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52296 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52297 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52298 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52299 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52300 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52301 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52302 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52303 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52304 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52305 <-> DISABLED <-> SERVER-WEBAPP MDaemon auto responder remote code execution attempt (server-webapp.rules) * 1:52306 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52307 <-> DISABLED <-> FILE-IMAGE Mutiple products libpng extra row heap overflow attempt (file-image.rules) * 1:52308 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious document download attempt (malware-cnc.rules) * 1:52309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious executable download attempt (malware-cnc.rules) * 1:52310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious executable download attempt (malware-cnc.rules) * 1:52311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious document download attempt (malware-cnc.rules) * 1:52312 <-> DISABLED <-> FILE-IMAGE Imagemagick XBM tranformation information leak attempt (file-image.rules) * 1:52313 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit memory corruption attempt (browser-webkit.rules) * 1:52314 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit memory corruption attempt (browser-webkit.rules) * 1:52315 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit memory corruption attempt (browser-webkit.rules) * 1:52316 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit memory corruption attempt (browser-webkit.rules) * 1:52317 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine memory corruption attempt (browser-chrome.rules) * 1:52318 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine memory corruption attempt (browser-chrome.rules) * 1:52319 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed APE buffer overflow attempt (file-other.rules) * 1:52320 <-> DISABLED <-> FILE-OTHER VLC Media Player malformed APE buffer overflow attempt (file-other.rules) * 1:52321 <-> DISABLED <-> BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (browser-plugins.rules) * 1:52322 <-> DISABLED <-> BROWSER-PLUGINS Samsung SmartViewer ActiveX clsid access attempt (browser-plugins.rules) * 1:52323 <-> DISABLED <-> SERVER-OTHER ABB PGIM unauthenticated credential disclosure attempt (server-other.rules) * 1:52324 <-> DISABLED <-> SERVER-APACHE Apache Solr Velocity Response Writer remote code execution attempt (server-apache.rules) * 1:52325 <-> DISABLED <-> SERVER-APACHE Apache Solr Velocity Response Writer remote code execution attempt (server-apache.rules) * 1:52326 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52327 <-> DISABLED <-> PROTOCOL-VOIP SIP Torture request missing transaction identifier attempt (protocol-voip.rules) * 1:52328 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N10 Repeater Mode command injection attempt (server-webapp.rules) * 1:52329 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N10 Repeater Mode command injection attempt (server-webapp.rules) * 1:52330 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ramnit-7057830-0 download attempt (malware-other.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules) * 1:52336 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hoplight variant binary download attempt (malware-cnc.rules) * 1:52337 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hoplight variant binary download attempt (malware-cnc.rules) * 1:52338 <-> DISABLED <-> SERVER-OTHER ISC BIND DNS root DNAME query response denial of service attempt (server-other.rules) * 1:52339 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Qakbot-7058183-0 download attempt (malware-other.rules) * 1:52340 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Qakbot-7058183-0 download attempt (malware-other.rules) * 1:52341 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds read attempt (browser-webkit.rules) * 1:52342 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit out-of-bounds read attempt (browser-webkit.rules) * 1:52343 <-> DISABLED <-> SERVER-OTHER ISC BIND deny-answer-aliases denial of service attempt (server-other.rules) * 1:52344 <-> DISABLED <-> SERVER-OTHER ISC BIND deny-answer-aliases denial of service attempt (server-other.rules) * 1:52347 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX clsid access (browser-plugins.rules) * 1:52348 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine memory corruption attempt (browser-chrome.rules) * 1:52349 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 engine memory corruption attempt (browser-chrome.rules) * 1:52350 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules) * 1:52351 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules) * 1:52352 <-> DISABLED <-> SERVER-WEBAPP Wordpress Plainview Activity Monitor activities_overview.php command injection attempt (server-webapp.rules) * 1:52353 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules) * 1:52354 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules) * 1:52355 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxServerSettingsChk.php command injection attempt (server-webapp.rules) * 1:52356 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:52357 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:52358 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:52359 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word invalid sprmTDefTable length stack buffer overflow attempt (file-office.rules) * 1:52360 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules) * 1:52361 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules) * 1:52362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules) * 1:52363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules) * 1:52364 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules) * 1:52365 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Agent variant payload download attempt (malware-other.rules) * 1:52366 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message buffer overflow attempt (server-mysql.rules) * 1:52369 <-> DISABLED <-> OS-WINDOWS Microsoft Windows and Server malformed header denial of service attempt (os-windows.rules) * 1:52370 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:52371 <-> DISABLED <-> PROTOCOL-SCADA Siemens SIMATIC WinCC flexible runtime stack buffer overflow attempt (protocol-scada.rules) * 1:52372 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon default credentials login attempt (server-other.rules) * 1:52373 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules) * 1:52374 <-> DISABLED <-> MALWARE-OTHER Winnti Group VMProtected launcher variant download attempt (malware-other.rules) * 1:52375 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules) * 1:52376 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules) * 1:52377 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules) * 1:52378 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules) * 1:52379 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules) * 1:52380 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules) * 1:52381 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules) * 1:52382 <-> DISABLED <-> MALWARE-TOOLS Win.Downloader.Get2 download attempt (malware-tools.rules) * 1:52383 <-> DISABLED <-> FILE-OTHER Adobe Acrobat and Reader crafted .joboptions file download attempt (file-other.rules) * 1:52384 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules) * 1:52385 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin protocol bad sendauth or app version length denial of service attempt (server-other.rules) * 1:52386 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version length denial of service attempt (server-other.rules) * 1:52387 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message kprop protocol bad sendauth version length denial of service attempt (server-other.rules) * 1:52388 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad sendauth version string denial of service attempt (server-other.rules) * 1:52389 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules) * 1:52390 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message klogin ksh kprop protocols bad app version string denial of service attempt (server-other.rules) * 1:52391 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules) * 1:52392 <-> DISABLED <-> SERVER-OTHER MIT Kerberos 5 krb5_read_message ksh protocol bad sendauth version length denial of service attempt (server-other.rules) * 1:52393 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules) * 1:52394 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules) * 1:52395 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules) * 1:52396 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules) * 1:52397 <-> DISABLED <-> SERVER-OTHER LibVNCServer file transfer extension heap buffer overflow attempt (server-other.rules) * 1:52398 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules) * 1:52399 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed GIF LZW minimum code size memory corruption attempt (file-image.rules) * 1:52400 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules) * 1:52401 <-> ENABLED <-> BROWSER-CHROME V8 JavaScript engine Out-of-Memory denial of service attempt (browser-chrome.rules) * 1:52402 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript SafeArray memory corruption attempt (browser-ie.rules) * 1:52403 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript SafeArray memory corruption attempt (browser-ie.rules) * 1:52404 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.NanoCore potential scanning attempt (malware-backdoor.rules) * 1:52405 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules) * 1:52406 <-> ENABLED <-> SERVER-WEBAPP Atlassian Jira makeRequest server side request forgery attempt (server-webapp.rules) * 1:52410 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:52411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:52419 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:52420 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules) * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules) * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (server-mysql.rules) * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules) * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules) * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules) * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules) * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules) * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules) * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules) * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules) * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules) * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules) * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules) * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules) * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules) * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules) * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules) * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules) * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules) * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules) * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (malware-cnc.rules) * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (malware-other.rules) * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules) * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules) * 1:52449 <-> DISABLED <-> POLICY-OTHER Potential phishing domain ddns.net outbound connection detected (policy-other.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:52451 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Zeppelin outbound communication (malware-cnc.rules) * 1:52452 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Zeppelin download attempt (malware-other.rules) * 1:52453 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Zeppelin download attempt (malware-other.rules) * 1:52454 <-> DISABLED <-> SERVER-WEBAPP PHP malformed quoted printable denial of service attempt (server-webapp.rules) * 1:52455 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:52456 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:52457 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:52458 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:52459 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:52460 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:52461 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:52462 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:52463 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:52464 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:52465 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:52466 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:52467 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:52468 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:52469 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:52470 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:52471 <-> DISABLED <-> SERVER-APACHE Apache Tomcat chunked transfer encoding denial of service attempt (server-apache.rules) * 1:52472 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:52473 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:52474 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:52475 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:52476 <-> DISABLED <-> SERVER-OTHER Memcached lru temp_ttl NULL dereference attempt (server-other.rules) * 1:52477 <-> DISABLED <-> SERVER-OTHER Memcached lru mode NULL dereference attempt (server-other.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:52479 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra JIT out of bounds information disclosure attempt (browser-ie.rules) * 1:52480 <-> DISABLED <-> SERVER-WEBAPP LibreNMS addhost command injection attempt (server-webapp.rules) * 1:52481 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:52482 <-> ENABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:52483 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:52484 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:52485 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit updateMinimumColumnHeight use-after-free attempt (browser-webkit.rules) * 1:52486 <-> DISABLED <-> BROWSER-WEBKIT Apple Webkit updateMinimumColumnHeight use-after-free attempt (browser-webkit.rules) * 1:52487 <-> DISABLED <-> SERVER-OTHER OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt (server-other.rules) * 1:52488 <-> DISABLED <-> FILE-MULTIMEDIA Nokia PC Suite Video Manager mp4 denial of service attempt (file-multimedia.rules) * 1:52489 <-> DISABLED <-> FILE-MULTIMEDIA Nokia PC Suite Video Manager mp4 denial of service attempt (file-multimedia.rules) * 1:52494 <-> DISABLED <-> SERVER-APACHE Apache httpd mod_remoteip heap buffer overflow attempt (server-apache.rules) * 1:52499 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:52500 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop Camera Raw plug-in TIFF image processing buffer underflow attempt (file-image.rules) * 1:52501 <-> DISABLED <-> SERVER-OTHER ZeroMQ libzmq pointer overflow attempt (server-other.rules) * 1:52502 <-> DISABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:52503 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52504 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 AwaitedPromise memory corruption attempt (browser-chrome.rules) * 1:52505 <-> DISABLED <-> PROTOCOL-OTHER Aruba Mobility Controller PAPI memory corruption attempt (protocol-other.rules) * 1:52506 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52507 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:52508 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52509 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52510 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52511 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra EmitCall memory corruption attempt (browser-ie.rules) * 1:52512 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52513 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52514 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52515 <-> DISABLED <-> SERVER-WEBAPP Chimera Web Portal System cross site scripting attempt (server-webapp.rules) * 1:52516 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52517 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.ReverseTcpPowershell connection attempt (indicator-compromise.rules) * 1:52518 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52519 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.ReverseTcpPowershell download attempt (malware-tools.rules) * 1:52520 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52521 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52522 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52523 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra ProcessLinkFailedAsmJsModule type confusion attempt (browser-ie.rules) * 1:52524 <-> DISABLED <-> PROTOCOL-DNS dnsmasq crafted OPT record denial of service attempt (protocol-dns.rules) * 1:52548 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XpertRAT inbound connection (malware-cnc.rules) * 1:52549 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XpertRAT outbound connection (malware-cnc.rules) * 1:52550 <-> DISABLED <-> SERVER-WEBAPP Technicolor TD5130v2 TD5336 routers command injection attempt (server-webapp.rules) * 1:52551 <-> DISABLED <-> SERVER-WEBAPP Technicolor TD5130v2 TD5336 routers command injection attempt (server-webapp.rules) * 1:52552 <-> DISABLED <-> SERVER-WEBAPP Technicolor TD5130v2 TD5336 routers command injection attempt (server-webapp.rules) * 1:52553 <-> DISABLED <-> SERVER-WEBAPP Technicolor TD5130v2 TD5336 routers command injection attempt (server-webapp.rules) * 1:52554 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant outbound Technicolor TD5130v2 TD5336 routers command injection attempt (malware-cnc.rules) * 1:52561 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:52562 <-> DISABLED <-> POLICY-OTHER Yachtcontrol webserver unauthenticated remote code execution attempt (policy-other.rules) * 1:52563 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant outbound Yachtcontrol webserver unauthenticated remote code execution attempt (malware-cnc.rules) * 1:52564 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant outbound Yachtcontrol webserver unauthenticated remote code execution attempt (malware-cnc.rules) * 1:52569 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:52572 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52573 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52574 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52575 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52576 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52577 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52578 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52579 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52580 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52581 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.ZeroCleare variant payload download attempt (malware-other.rules) * 1:52582 <-> DISABLED <-> BROWSER-IE Microsoft Edge object manipulation use-after-free attempt (browser-ie.rules) * 1:52583 <-> DISABLED <-> BROWSER-IE Microsoft Edge object manipulation use-after-free attempt (browser-ie.rules) * 1:52584 <-> ENABLED <-> EXPLOIT-KIT BottleEK landing page detected (exploit-kit.rules) * 1:52585 <-> ENABLED <-> EXPLOIT-KIT BottleEK variant outbound connection (exploit-kit.rules) * 1:52586 <-> DISABLED <-> EXPLOIT-KIT BottleEK variant outbound connection (exploit-kit.rules) * 1:52587 <-> ENABLED <-> EXPLOIT-KIT BottleEK landing page detected (exploit-kit.rules) * 1:52588 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Mirai Enigma NMS command injection attempt (malware-cnc.rules) * 1:52589 <-> DISABLED <-> SERVER-WEBAPP Enigma NMS command injection attempt (server-webapp.rules) * 1:52590 <-> DISABLED <-> SERVER-WEBAPP Enigma NMS command injection attempt (server-webapp.rules) * 1:52591 <-> DISABLED <-> SERVER-WEBAPP Enigma NMS command injection attempt (server-webapp.rules) * 1:52592 <-> DISABLED <-> SERVER-WEBAPP Enigma NMS command injection attempt (server-webapp.rules) * 1:52593 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52594 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52595 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52596 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52597 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:52598 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:52599 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52600 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52601 <-> ENABLED <-> BROWSER-CHROME Google V8 engine type confusion attempt (browser-chrome.rules) * 1:52602 <-> ENABLED <-> BROWSER-CHROME Google V8 engine type confusion attempt (browser-chrome.rules) * 1:52603 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52604 <-> ENABLED <-> OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (os-windows.rules) * 1:52605 <-> ENABLED <-> OS-WINDOWS Microsoft Windows clfs.sys local privilege escalation attempt (os-windows.rules) * 1:52606 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:52607 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:52610 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52611 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla variant outbound connection detected (malware-cnc.rules) * 1:52613 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AgentTesla variant outbound connection detected (malware-cnc.rules) * 1:52614 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remcos variant outbound connection detected (malware-cnc.rules) * 1:52615 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Whiteshadow variant outbound connection detected (malware-other.rules) * 1:52616 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Whiteshadow variant second stage download detected (malware-other.rules) * 1:52617 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52618 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with spoofed certificate attempt (os-windows.rules) * 1:52619 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI TLS handshake with spoofed certificate attempt (os-windows.rules) * 1:52620 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt (server-webapp.rules) * 1:52621 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules) * 1:52622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari user assisted applescript code execution attempt (browser-webkit.rules) * 1:52623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:52624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:52625 <-> DISABLED <-> SERVER-OTHER OpenSSL anonymous ECDH denial of service attempt (server-other.rules) * 1:52626 <-> DISABLED <-> SERVER-OTHER OpenSSL anonymous ECDH denial of service attempt (server-other.rules) * 1:52634 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52635 <-> DISABLED <-> INDICATOR-COMPROMISE Website defacement via HTTP PUT request attempt (indicator-compromise.rules) * 1:52636 <-> DISABLED <-> POLICY-OTHER HTTP PUT request for Default.aspx attempt (policy-other.rules) * 1:52637 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52638 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52639 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52640 <-> DISABLED <-> SERVER-WEBAPP eMerge E3 Access Controller command injection attempt (server-webapp.rules) * 1:52650 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.vxCrypter malicious executable download attempt (malware-other.rules) * 1:52651 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.vxCrypter malicious executable download attempt (malware-other.rules) * 1:52652 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52653 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52654 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52655 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52656 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52657 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agent variant download attempt (malware-other.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:52660 <-> DISABLED <-> EXPLOIT-KIT Spelevo Exploit Kit landing page detected (exploit-kit.rules) * 1:52661 <-> ENABLED <-> MALWARE-OTHER Linux.Downloader.CoinMiner variant bash script dropper (malware-other.rules) * 1:52662 <-> ENABLED <-> MALWARE-OTHER Citrix ADC and Gateway backdoor upload attempt (malware-other.rules) * 1:52663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Imaging API use after free attempt (os-windows.rules) * 1:52664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Imaging API use after free attempt (os-windows.rules) * 1:52665 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nymaim-7542552-1 download attempt (malware-other.rules) * 1:52670 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fareit-7561314-0 download attempt (malware-other.rules) * 1:52671 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Fareit-7561269-0 download attempt (malware-other.rules) * 1:52672 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-7561317-0 download attempt (malware-other.rules) * 1:52673 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7561238-0 download attempt (malware-other.rules) * 1:52674 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Filerepmetagen-7561240-0 download attempt (malware-other.rules) * 1:52675 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-7561277-0 download attempt (malware-other.rules) * 1:52676 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561280-0 download attempt (malware-other.rules) * 1:52677 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ponystealer-7561247-0 download attempt (malware-other.rules) * 1:52678 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7561248-0 download attempt (malware-other.rules) * 1:52679 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Filerepmalware-7561251-0 download attempt (malware-other.rules) * 1:52680 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Tofsee-7561252-0 download attempt (malware-other.rules) * 1:52681 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Tofsee-7561253-0 download attempt (malware-other.rules) * 1:52682 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561287-0 download attempt (malware-other.rules) * 1:52683 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ponystealer-7561420-0 download attempt (malware-other.rules) * 1:52684 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Recam-7561435-0 download attempt (malware-other.rules) * 1:52685 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Fareit-7561812-0 download attempt (malware-other.rules) * 1:52686 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-7561813-0 download attempt (malware-other.rules) * 1:52687 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Fareit-7561800-0 download attempt (malware-other.rules) * 1:52688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Barys-7561764-0 download attempt (malware-other.rules) * 1:52689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7561799-0 download attempt (malware-other.rules) * 1:52690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7561770-0 download attempt (malware-other.rules) * 1:52691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Llac-7561774-0 download attempt (malware-other.rules) * 1:52692 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7561740-0 download attempt (malware-other.rules) * 1:52693 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-7561778-0 download attempt (malware-other.rules) * 1:52694 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561834-0 download attempt (malware-other.rules) * 1:52695 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7561835-0 download attempt (malware-other.rules) * 1:52696 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561836-0 download attempt (malware-other.rules) * 1:52697 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.St6t0pbig-7561837-0 download attempt (malware-other.rules) * 1:52698 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bj3cyooi-7561838-0 download attempt (malware-other.rules) * 1:52699 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561839-0 download attempt (malware-other.rules) * 1:52700 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561840-0 download attempt (malware-other.rules) * 1:52701 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561842-0 download attempt (malware-other.rules) * 1:52702 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561843-0 download attempt (malware-other.rules) * 1:52703 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561845-0 download attempt (malware-other.rules) * 1:52704 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561846-0 download attempt (malware-other.rules) * 1:52705 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561847-0 download attempt (malware-other.rules) * 1:52706 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561848-0 download attempt (malware-other.rules) * 1:52707 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561850-0 download attempt (malware-other.rules) * 1:52708 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561851-0 download attempt (malware-other.rules) * 1:52709 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561852-0 download attempt (malware-other.rules) * 1:52710 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561853-0 download attempt (malware-other.rules) * 1:52711 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561855-0 download attempt (malware-other.rules) * 1:52712 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561856-0 download attempt (malware-other.rules) * 1:52713 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7561857-0 download attempt (malware-other.rules) * 1:52714 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561858-0 download attempt (malware-other.rules) * 1:52715 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.B5nng-7561860-0 download attempt (malware-other.rules) * 1:52716 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561861-0 download attempt (malware-other.rules) * 1:52717 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561862-0 download attempt (malware-other.rules) * 1:52718 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561863-0 download attempt (malware-other.rules) * 1:52719 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561865-0 download attempt (malware-other.rules) * 1:52720 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561866-0 download attempt (malware-other.rules) * 1:52721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561867-0 download attempt (malware-other.rules) * 1:52722 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561869-0 download attempt (malware-other.rules) * 1:52723 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561870-0 download attempt (malware-other.rules) * 1:52724 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Npei-7561871-0 download attempt (malware-other.rules) * 1:52725 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561872-0 download attempt (malware-other.rules) * 1:52726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561874-0 download attempt (malware-other.rules) * 1:52727 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561875-0 download attempt (malware-other.rules) * 1:52728 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7561876-0 download attempt (malware-other.rules) * 1:52729 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7561877-0 download attempt (malware-other.rules) * 1:52730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.A0lxvvoi-7561878-0 download attempt (malware-other.rules) * 1:52731 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561880-0 download attempt (malware-other.rules) * 1:52732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561881-0 download attempt (malware-other.rules) * 1:52733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561882-0 download attempt (malware-other.rules) * 1:52734 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561884-0 download attempt (malware-other.rules) * 1:52735 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561885-0 download attempt (malware-other.rules) * 1:52736 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561886-0 download attempt (malware-other.rules) * 1:52737 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561887-0 download attempt (malware-other.rules) * 1:52738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.B5ag5gli-7561888-0 download attempt (malware-other.rules) * 1:52739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561890-0 download attempt (malware-other.rules) * 1:52740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Akpmcxbi-7561891-0 download attempt (malware-other.rules) * 1:52741 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561892-0 download attempt (malware-other.rules) * 1:52742 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bzn9rpki-7561893-0 download attempt (malware-other.rules) * 1:52743 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561894-0 download attempt (malware-other.rules) * 1:52744 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561895-0 download attempt (malware-other.rules) * 1:52745 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561896-0 download attempt (malware-other.rules) * 1:52746 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vbinder-7561898-0 download attempt (malware-other.rules) * 1:52747 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561932-0 download attempt (malware-other.rules) * 1:52748 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561897-0 download attempt (malware-other.rules) * 1:52749 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561935-0 download attempt (malware-other.rules) * 1:52750 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vobfus-7561900-0 download attempt (malware-other.rules) * 1:52751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561902-0 download attempt (malware-other.rules) * 1:52752 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aw5uvlni-7561938-0 download attempt (malware-other.rules) * 1:52753 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561904-0 download attempt (malware-other.rules) * 1:52754 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561939-0 download attempt (malware-other.rules) * 1:52755 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561940-0 download attempt (malware-other.rules) * 1:52756 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561941-0 download attempt (malware-other.rules) * 1:52757 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aqtsimgi-7561906-0 download attempt (malware-other.rules) * 1:52758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561942-0 download attempt (malware-other.rules) * 1:52759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561907-0 download attempt (malware-other.rules) * 1:52760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vbtrojan-7561943-0 download attempt (malware-other.rules) * 1:52761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561908-0 download attempt (malware-other.rules) * 1:52762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561944-0 download attempt (malware-other.rules) * 1:52763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561909-0 download attempt (malware-other.rules) * 1:52764 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561945-0 download attempt (malware-other.rules) * 1:52765 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561910-0 download attempt (malware-other.rules) * 1:52766 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7561946-0 download attempt (malware-other.rules) * 1:52767 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561911-0 download attempt (malware-other.rules) * 1:52768 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561947-0 download attempt (malware-other.rules) * 1:52769 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561912-0 download attempt (malware-other.rules) * 1:52770 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vbinder-7561948-0 download attempt (malware-other.rules) * 1:52771 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561913-0 download attempt (malware-other.rules) * 1:52772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561949-0 download attempt (malware-other.rules) * 1:52773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561914-0 download attempt (malware-other.rules) * 1:52774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.B1smkrbi-7561950-0 download attempt (malware-other.rules) * 1:52775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Asbnzfbi-7561915-0 download attempt (malware-other.rules) * 1:52776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vobfus-7561951-0 download attempt (malware-other.rules) * 1:52777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Awvbhqli-7561916-0 download attempt (malware-other.rules) * 1:52778 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561952-0 download attempt (malware-other.rules) * 1:52779 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bp9m3rli-7561917-0 download attempt (malware-other.rules) * 1:52780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561953-0 download attempt (malware-other.rules) * 1:52781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561918-0 download attempt (malware-other.rules) * 1:52782 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561954-0 download attempt (malware-other.rules) * 1:52783 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vbtrojan-7561955-0 download attempt (malware-other.rules) * 1:52784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561922-0 download attempt (malware-other.rules) * 1:52785 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561956-0 download attempt (malware-other.rules) * 1:52786 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561923-0 download attempt (malware-other.rules) * 1:52787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561957-0 download attempt (malware-other.rules) * 1:52788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561924-0 download attempt (malware-other.rules) * 1:52789 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561958-0 download attempt (malware-other.rules) * 1:52790 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7561925-0 download attempt (malware-other.rules) * 1:52791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561959-0 download attempt (malware-other.rules) * 1:52792 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561926-0 download attempt (malware-other.rules) * 1:52793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561960-0 download attempt (malware-other.rules) * 1:52794 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561927-0 download attempt (malware-other.rules) * 1:52795 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561961-0 download attempt (malware-other.rules) * 1:52796 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561928-0 download attempt (malware-other.rules) * 1:52797 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561962-0 download attempt (malware-other.rules) * 1:52798 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561929-0 download attempt (malware-other.rules) * 1:52799 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561963-0 download attempt (malware-other.rules) * 1:52800 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561930-0 download attempt (malware-other.rules) * 1:52801 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561964-0 download attempt (malware-other.rules) * 1:52802 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bdksyxs-7561931-0 download attempt (malware-other.rules) * 1:52803 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ponystealer-7562089-0 download attempt (malware-other.rules) * 1:52804 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ponystealer-7562095-0 download attempt (malware-other.rules) * 1:52805 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fareit-7562098-0 download attempt (malware-other.rules) * 1:52806 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-7562065-0 download attempt (malware-other.rules) * 1:52807 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tofsee-7562099-0 download attempt (malware-other.rules) * 1:52808 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-7562034-0 download attempt (malware-other.rules) * 1:52809 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Scar-7562041-0 download attempt (malware-other.rules) * 1:52810 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-7562081-0 download attempt (malware-other.rules) * 1:52811 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7563016-0 download attempt (malware-other.rules) * 1:52812 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ponystealer-7563014-0 download attempt (malware-other.rules) * 1:52813 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7562991-0 download attempt (malware-other.rules) * 1:52814 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Clipbanker-7562988-0 download attempt (malware-other.rules) * 1:52815 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Generickdz-7563017-0 download attempt (malware-other.rules) * 1:52816 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7562998-0 download attempt (malware-other.rules) * 1:52817 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564432-0 download attempt (malware-other.rules) * 1:52820 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:52821 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:52822 <-> DISABLED <-> POLICY-OTHER Tomato router web interface default root credentials detected (policy-other.rules) * 1:52823 <-> DISABLED <-> POLICY-OTHER Tomato router web interface default admin credentials detected (policy-other.rules) * 1:52824 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Muhstik variant IRC outbound connection (malware-cnc.rules) * 1:52825 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.Muhstik variant binary download attempt (malware-other.rules) * 1:52826 <-> ENABLED <-> MALWARE-OTHER Unix.Trojan.Muhstik variant binary download attempt (malware-other.rules) * 1:52827 <-> DISABLED <-> SERVER-WEBAPP Tomato router web interface bruteforce scan attempt (server-webapp.rules) * 1:52828 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ponystealer-7561648-0 download attempt (malware-other.rules) * 1:52829 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7563019-0 download attempt (malware-other.rules) * 1:52830 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7563013-0 download attempt (malware-other.rules) * 1:52831 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7562992-0 download attempt (malware-other.rules) * 1:52832 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7562086-0 download attempt (malware-other.rules) * 1:52833 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7561937-0 download attempt (malware-other.rules) * 1:52834 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Brsjkedi-7561936-0 download attempt (malware-other.rules) * 1:52835 <-> DISABLED <-> SERVER-WEBAPP Kibana Timelion prototype pollution code execution attempt (server-webapp.rules) * 1:52844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.COMRat outbound communication attempt (malware-cnc.rules) * 1:52845 <-> ENABLED <-> MALWARE-CNC Win.Trojan.COMRat outbound communication attempt (malware-cnc.rules) * 1:52846 <-> ENABLED <-> MALWARE-CNC Win.Trojan.COMRat outbound communication attempt (malware-cnc.rules) * 1:52847 <-> ENABLED <-> MALWARE-CNC Win.Trojan.COMRat outbound communication attempt (malware-cnc.rules) * 1:52848 <-> ENABLED <-> MALWARE-CNC Win.Trojan.COMRat outbound communication attempt (malware-cnc.rules) * 1:52849 <-> ENABLED <-> MALWARE-CNC Win.Trojan.COMRat outbound communication attempt (malware-cnc.rules) * 1:52852 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561864-0 download attempt (malware-other.rules) * 1:52853 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561889-0 download attempt (malware-other.rules) * 1:52854 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561883-0 download attempt (malware-other.rules) * 1:52855 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561879-0 download attempt (malware-other.rules) * 1:52856 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561868-0 download attempt (malware-other.rules) * 1:52857 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561859-0 download attempt (malware-other.rules) * 1:52858 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561854-0 download attempt (malware-other.rules) * 1:52859 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561849-0 download attempt (malware-other.rules) * 1:52860 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561844-0 download attempt (malware-other.rules) * 1:52861 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vobfus-7561841-0 download attempt (malware-other.rules) * 1:52862 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7561750-0 download attempt (malware-other.rules) * 1:52863 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Fareit-7561765-0 download attempt (malware-other.rules) * 1:52864 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with explicitly-defined ECC curve parameters attempt (os-windows.rules) * 1:52865 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI signed binary with explicitly-defined ECC curve parameters attempt (os-windows.rules) * 1:52866 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CryptoAPI TLS server certificate public key with explicitly-defined ECC curve parameters attempt (os-windows.rules) * 1:52867 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-7564559-0 download attempt (malware-other.rules) * 1:52868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cwmx-7564592-0 download attempt (malware-other.rules) * 1:52869 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ponystealer-7564593-0 download attempt (malware-other.rules) * 1:52870 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-7564591-0 download attempt (malware-other.rules) * 1:52871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ponystealer-7564564-0 download attempt (malware-other.rules) * 1:52872 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Noon-7564565-0 download attempt (malware-other.rules) * 1:52873 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vobfus-7564566-0 download attempt (malware-other.rules) * 1:52874 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564567-0 download attempt (malware-other.rules) * 1:52875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fareit-7564628-0 download attempt (malware-other.rules) * 1:52876 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Noon-7564569-0 download attempt (malware-other.rules) * 1:52877 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fareit-7564570-0 download attempt (malware-other.rules) * 1:52878 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564571-0 download attempt (malware-other.rules) * 1:52879 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Genkryptik-7564572-0 download attempt (malware-other.rules) * 1:52880 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564573-0 download attempt (malware-other.rules) * 1:52881 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ponystealer-7564574-0 download attempt (malware-other.rules) * 1:52882 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Noon-7564575-0 download attempt (malware-other.rules) * 1:52883 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564501-0 download attempt (malware-other.rules) * 1:52884 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564538-0 download attempt (malware-other.rules) * 1:52885 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-7564577-0 download attempt (malware-other.rules) * 1:52886 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564504-0 download attempt (malware-other.rules) * 1:52887 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-7564579-0 download attempt (malware-other.rules) * 1:52888 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564540-0 download attempt (malware-other.rules) * 1:52889 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564580-0 download attempt (malware-other.rules) * 1:52890 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564542-0 download attempt (malware-other.rules) * 1:52891 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Generic-7564508-0 download attempt (malware-other.rules) * 1:52892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fareit-7564582-0 download attempt (malware-other.rules) * 1:52893 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zpevdo-7564583-0 download attempt (malware-other.rules) * 1:52894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agensla-7564918-0 download attempt (malware-other.rules) * 1:52895 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564979-0 download attempt (malware-other.rules) * 1:52896 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Generic-7564922-0 download attempt (malware-other.rules) * 1:52897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Agensla-7564923-0 download attempt (malware-other.rules) * 1:52898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7564907-0 download attempt (malware-other.rules) * 1:52899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agensla-7564912-0 download attempt (malware-other.rules) * 1:529 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrShareEnum null policy handle attempt (netbios.rules) * 1:52900 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanobot-7564916-0 download attempt (malware-other.rules) * 1:52901 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565074-0 download attempt (malware-other.rules) * 1:52902 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565076-0 download attempt (malware-other.rules) * 1:52903 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565078-0 download attempt (malware-other.rules) * 1:52904 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565079-0 download attempt (malware-other.rules) * 1:52905 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565082-0 download attempt (malware-other.rules) * 1:52906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565083-0 download attempt (malware-other.rules) * 1:52907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565084-0 download attempt (malware-other.rules) * 1:52908 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Banload-7565273-0 download attempt (malware-other.rules) * 1:52909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Noon-7565208-0 download attempt (malware-other.rules) * 1:52910 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7565323-0 download attempt (malware-other.rules) * 1:52911 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-7565210-0 download attempt (malware-other.rules) * 1:52912 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565324-0 download attempt (malware-other.rules) * 1:52913 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565134-0 download attempt (malware-other.rules) * 1:52914 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565135-0 download attempt (malware-other.rules) * 1:52915 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565136-0 download attempt (malware-other.rules) * 1:52916 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565104-0 download attempt (malware-other.rules) * 1:52917 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7565214-0 download attempt (malware-other.rules) * 1:52918 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-7565185-0 download attempt (malware-other.rules) * 1:52919 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565138-0 download attempt (malware-other.rules) * 1:52920 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565105-0 download attempt (malware-other.rules) * 1:52921 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Barys-7565186-0 download attempt (malware-other.rules) * 1:52922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565248-0 download attempt (malware-other.rules) * 1:52923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-7565216-0 download attempt (malware-other.rules) * 1:52924 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565249-0 download attempt (malware-other.rules) * 1:52925 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Binder-7565283-0 download attempt (malware-other.rules) * 1:52926 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565141-0 download attempt (malware-other.rules) * 1:52927 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565108-0 download attempt (malware-other.rules) * 1:52928 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-7565218-0 download attempt (malware-other.rules) * 1:52929 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565142-0 download attempt (malware-other.rules) * 1:52930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565252-0 download attempt (malware-other.rules) * 1:52931 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565143-0 download attempt (malware-other.rules) * 1:52932 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565144-0 download attempt (malware-other.rules) * 1:52933 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565110-0 download attempt (malware-other.rules) * 1:52934 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565145-0 download attempt (malware-other.rules) * 1:52935 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursu-7565254-0 download attempt (malware-other.rules) * 1:52936 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565255-0 download attempt (malware-other.rules) * 1:52937 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565146-0 download attempt (malware-other.rules) * 1:52938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565147-0 download attempt (malware-other.rules) * 1:52939 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565224-0 download attempt (malware-other.rules) * 1:52940 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565112-0 download attempt (malware-other.rules) * 1:52941 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565148-0 download attempt (malware-other.rules) * 1:52942 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565149-0 download attempt (malware-other.rules) * 1:52943 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565091-0 download attempt (malware-other.rules) * 1:52944 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565150-0 download attempt (malware-other.rules) * 1:52945 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565151-0 download attempt (malware-other.rules) * 1:52946 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-7565228-0 download attempt (malware-other.rules) * 1:52947 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565116-0 download attempt (malware-other.rules) * 1:52948 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565152-0 download attempt (malware-other.rules) * 1:52949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565298-0 download attempt (malware-other.rules) * 1:52950 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565117-0 download attempt (malware-other.rules) * 1:52951 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565094-0 download attempt (malware-other.rules) * 1:52952 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565153-0 download attempt (malware-other.rules) * 1:52953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565299-0 download attempt (malware-other.rules) * 1:52954 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565118-0 download attempt (malware-other.rules) * 1:52955 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565119-0 download attempt (malware-other.rules) * 1:52956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-7565265-0 download attempt (malware-other.rules) * 1:52957 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.U5wrugbi-7565203-0 download attempt (malware-other.rules) * 1:52958 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7565303-0 download attempt (malware-other.rules) * 1:52959 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7565352-0 download attempt (malware-other.rules) * 1:52960 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565375-0 download attempt (malware-other.rules) * 1:52961 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Poison-7565378-0 download attempt (malware-other.rules) * 1:52962 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Rombrast-7565393-0 download attempt (malware-other.rules) * 1:52963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Razy-7565394-0 download attempt (malware-other.rules) * 1:52964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Vbtrojan-7565395-0 download attempt (malware-other.rules) * 1:52965 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565535-0 download attempt (malware-other.rules) * 1:52966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dapato-7565398-0 download attempt (malware-other.rules) * 1:52967 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursu-7565437-0 download attempt (malware-other.rules) * 1:52968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Svwk-7565401-0 download attempt (malware-other.rules) * 1:52969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Svwk-7565402-0 download attempt (malware-other.rules) * 1:52970 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Palevo-7565441-0 download attempt (malware-other.rules) * 1:52971 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ursu-7565633-0 download attempt (malware-other.rules) * 1:52972 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Barys-7565547-0 download attempt (malware-other.rules) * 1:52973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Impolite-7565549-0 download attempt (malware-other.rules) * 1:52974 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaiks-7565588-0 download attempt (malware-other.rules) * 1:52975 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Azorult-7565367-0 download attempt (malware-other.rules) * 1:52976 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Jaik-7565368-0 download attempt (malware-other.rules) * 1:52977 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565453-0 download attempt (malware-other.rules) * 1:52978 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565522-0 download attempt (malware-other.rules) * 1:52979 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565370-0 download attempt (malware-other.rules) * 1:52980 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7565731-0 download attempt (malware-other.rules) * 1:52981 <-> DISABLED <-> FILE-MULTIMEDIA WM Downloader malformed .m3u file buffer overflow attempt (file-multimedia.rules) * 1:52982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hyperbro variant payload download attempt (malware-other.rules) * 1:52984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer improper copy buffer access information disclosure attempt (browser-ie.rules) * 1:52986 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52987 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52988 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52989 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:52990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7565256-0 download attempt (malware-other.rules) * 1:52991 <-> DISABLED <-> BROWSER-OTHER Multiple products Content-Type HTTP header buffer overflow attempt (browser-other.rules) * 1:52992 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ponystealer-7564561-0 download attempt (malware-other.rules) * 1:52999 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564625-0 download attempt (malware-other.rules) * 1:530 <-> DISABLED <-> OS-WINDOWS NT NULL session (os-windows.rules) * 1:53017 <-> DISABLED <-> SERVER-WEBAPP NeoFrag CMS database information disclosure attempt (server-webapp.rules) * 1:53018 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Fareitvb-7564626-0 download attempt (malware-other.rules) * 1:53019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564976-0 download attempt (malware-other.rules) * 1:53020 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursu-7564978-0 download attempt (malware-other.rules) * 1:53021 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agen-7564562-0 download attempt (malware-other.rules) * 1:53022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pakes-7564913-0 download attempt (malware-other.rules) * 1:53023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Ako variant payload download attempt (malware-other.rules) * 1:53024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Ako variant payload download attempt (malware-other.rules) * 1:53025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.VBGeneric-7564971-0 download attempt (malware-other.rules) * 1:53026 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565080-0 download attempt (malware-other.rules) * 1:53027 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565085-0 download attempt (malware-other.rules) * 1:53028 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565095-0 download attempt (malware-other.rules) * 1:53029 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565106-0 download attempt (malware-other.rules) * 1:53030 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7565093-0 download attempt (malware-other.rules) * 1:53031 <-> ENABLED <-> MALWARE-CNC Win.Malware.Loda RAT beacon detected (malware-cnc.rules) * 1:53047 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k SendMinRectMessages use after free attempt (os-windows.rules) * 1:53048 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k SendMinRectMessages use after free attempt (os-windows.rules) * 1:53050 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys rectangle region use after free attempt (os-windows.rules) * 1:53051 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys rectangle region use after free attempt (os-windows.rules) * 1:53052 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver DestroyThreadsTimers use after free attempt (os-windows.rules) * 1:53053 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k driver DestroyThreadsTimers use after free attempt (os-windows.rules) * 1:53054 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics component privilege escalation attempt (os-windows.rules) * 1:53055 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics component privilege escalation attempt (os-windows.rules) * 1:53056 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client DYNVC PDU handling integer overflow attempt (os-windows.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53059 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:53060 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:53061 <-> ENABLED <-> OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (os-windows.rules) * 1:53062 <-> ENABLED <-> OS-WINDOWS Windows kernel win32k driver elevation of privilege attempt (os-windows.rules) * 1:53063 <-> DISABLED <-> POLICY-OTHER Microsoft Windows Exchange Server remote privilege escalation attempt (policy-other.rules) * 1:53064 <-> DISABLED <-> SERVER-WEBAPP Jenkins Stapler web framework Accept-Language Header directory traversal attempt (server-webapp.rules) * 1:53072 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k use after free privilege escalation attempt (os-windows.rules) * 1:53073 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k use after free privilege escalation attempt (os-windows.rules) * 1:53074 <-> DISABLED <-> SERVER-WEBAPP Axis Network Camera command injection attempt (server-webapp.rules) * 1:53075 <-> ENABLED <-> SERVER-WEBAPP Axis Network Camera authorization bypass attempt (server-webapp.rules) * 1:53076 <-> DISABLED <-> SERVER-WEBAPP Axis Network Camera command injection attempt (server-webapp.rules) * 1:53077 <-> DISABLED <-> SERVER-WEBAPP Axis Network Camera command injection attempt (server-webapp.rules) * 1:53078 <-> DISABLED <-> SERVER-WEBAPP Axis Network Camera command injection attempt (server-webapp.rules) * 1:53079 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver tagQ object use after free attempt (os-windows.rules) * 1:53080 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver tagQ object use after free attempt (os-windows.rules) * 1:53082 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client RDPGFX PDU handling integer overflow attempt (os-windows.rules) * 1:53083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client RDPGFX PDU handling integer overflow attempt (os-windows.rules) * 1:53084 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:53085 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:53086 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt (os-windows.rules) * 1:53087 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt (os-windows.rules) * 1:53088 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt (os-windows.rules) * 1:53089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Common Log File System Driver memory corruption attempt (os-windows.rules) * 1:53090 <-> ENABLED <-> MALWARE-TOOLS Malicious HTML application download attempt (malware-tools.rules) * 1:53091 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53092 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS Statistics ActiveX clsid access attempt (browser-plugins.rules) * 1:53095 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53096 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima F1BookView ActiveX clsid access attempt (browser-plugins.rules) * 1:53100 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53101 <-> ENABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore memory corruption attempt (browser-webkit.rules) * 1:53104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop client PDU parsing integer overflow attempt (os-windows.rules) * 1:53105 <-> DISABLED <-> SERVER-ORACLE Oracle WebLogic unsafe deserialization remote code execution attempt (server-oracle.rules) * 1:53106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Snake malicious executable download attempt (malware-other.rules) * 1:53107 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Snake malicious executable download attempt (malware-other.rules) * 1:53108 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection (malware-cnc.rules) * 1:53109 <-> DISABLED <-> SERVER-OTHER RabbitMQ X-Reason HTTP header denial-of-service attempt (server-other.rules) * 1:53110 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:53111 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:53112 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules) * 1:53113 <-> DISABLED <-> MALWARE-TOOLS Win.Dropper.WiryJMPer variant download attempt (malware-tools.rules) * 1:53116 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules) * 1:53117 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX use-after-free attempt (browser-plugins.rules) * 1:53118 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules) * 1:53119 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin file upload attempt (server-webapp.rules) * 1:53120 <-> DISABLED <-> SERVER-WEBAPP Wordpress DreamworkGallery plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:53121 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules) * 1:53122 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page memory corruption attempt (browser-webkit.rules) * 1:53123 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules) * 1:53124 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit cached page universal cross-site scripting attempt (browser-webkit.rules) * 1:53129 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules) * 1:53130 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules) * 1:53131 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules) * 1:53132 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules) * 1:53133 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules) * 1:53134 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules) * 1:53135 <-> DISABLED <-> MALWARE-OTHER Doc.Dropper.Carrotbat variant download attempt (malware-other.rules) * 1:53136 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules) * 1:53137 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules) * 1:53138 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Carrotbat variant download attempt (malware-other.rules) * 1:53139 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Syscon variant payload download attempt (malware-other.rules) * 1:53140 <-> ENABLED <-> MALWARE-CNC Doc.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules) * 1:53141 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Carrotball variant outbound cnc connection attempt (malware-cnc.rules) * 1:53142 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules) * 1:53143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules) * 1:53144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound cnc connection attempt (malware-cnc.rules) * 1:53145 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules) * 1:53146 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 FindSharedFunctionInfo out-of-bounds read attempt (browser-chrome.rules) * 1:53147 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant payload download attempt (malware-cnc.rules) * 1:53148 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53149 <-> DISABLED <-> FILE-PDF Adobe Acrobat CTextWidget memory corruption attempt (file-pdf.rules) * 1:53150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53151 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:53152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT outbound connection (malware-cnc.rules) * 1:53153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound command (malware-cnc.rules) * 1:53154 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ObliqueRAT outbound connection (malware-cnc.rules) * 1:53156 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53157 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.CrimsonRAT download attempt (malware-other.rules) * 1:53158 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53159 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:53160 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53161 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53162 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.ObliqueRAT download attempt (malware-other.rules) * 1:53163 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRAT download attempt (malware-other.rules) * 1:53164 <-> ENABLED <-> MALWARE-OTHER Doc.Dropper.ObliqueRat download attempt (malware-other.rules) * 1:53165 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53166 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:53167 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CrimsonRAT download attempt (malware-other.rules) * 1:5317 <-> DISABLED <-> SERVER-OTHER pcAnywhere buffer overflow attempt (server-other.rules) * 1:53177 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53178 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53179 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:5318 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows wmf file arbitrary code execution attempt (file-multimedia.rules) * 1:53180 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53181 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53182 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53183 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53184 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53185 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53186 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53187 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53188 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53189 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:5319 <-> DISABLED <-> OS-WINDOWS Microsoft Windows picture and fax viewer wmf arbitrary code execution attempt (os-windows.rules) * 1:53190 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53191 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53192 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53193 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53194 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53195 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53196 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.Valyria variant download attempt (malware-other.rules) * 1:53197 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53198 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.WindowsKeylogger variant download attempt (malware-other.rules) * 1:53199 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53200 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53201 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53202 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone Formula One DefaultFontName buffer overflow attempt (browser-plugins.rules) * 1:53203 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Vivin download attempt (malware-other.rules) * 1:53204 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules) * 1:53205 <-> DISABLED <-> INDICATOR-OBFUSCATION Win.Dropper.Vivin download attempt (indicator-obfuscation.rules) * 1:53206 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint file upload information disclosure attempt (server-webapp.rules) * 1:53207 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules) * 1:53208 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules) * 1:53209 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules) * 1:53210 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules) * 1:53211 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules) * 1:53212 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.AZORult malicious executable download attempt (malware-other.rules) * 1:53213 <-> ENABLED <-> PROTOCOL-OTHER MQTT Connect control packet detected (protocol-other.rules) * 1:53214 <-> DISABLED <-> PROTOCOL-OTHER Cesanta Mongoose MQTT integer overflow attempt (protocol-other.rules) * 1:53215 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594702-0 download attempt (malware-other.rules) * 1:53216 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594703-0 download attempt (malware-other.rules) * 1:53217 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594755-0 download attempt (malware-other.rules) * 1:53218 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7594716-0 download attempt (malware-other.rules) * 1:53219 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594788-0 download attempt (malware-other.rules) * 1:53220 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Darkkomet-7594783-0 download attempt (malware-other.rules) * 1:53221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aepwbrt-7594784-0 download attempt (malware-other.rules) * 1:53222 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594778-0 download attempt (malware-other.rules) * 1:53223 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7594799-0 download attempt (malware-other.rules) * 1:53224 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakevimes-7594780-0 download attempt (malware-other.rules) * 1:53225 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594896-0 download attempt (malware-other.rules) * 1:53226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594962-0 download attempt (malware-other.rules) * 1:53227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594897-0 download attempt (malware-other.rules) * 1:53228 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594996-0 download attempt (malware-other.rules) * 1:53229 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594931-0 download attempt (malware-other.rules) * 1:53230 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594932-0 download attempt (malware-other.rules) * 1:53231 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594898-0 download attempt (malware-other.rules) * 1:53232 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594964-0 download attempt (malware-other.rules) * 1:53233 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594899-0 download attempt (malware-other.rules) * 1:53234 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594998-0 download attempt (malware-other.rules) * 1:53235 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594965-0 download attempt (malware-other.rules) * 1:53236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594933-0 download attempt (malware-other.rules) * 1:53237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594999-0 download attempt (malware-other.rules) * 1:53238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594966-0 download attempt (malware-other.rules) * 1:53239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7595000-0 download attempt (malware-other.rules) * 1:53240 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594967-0 download attempt (malware-other.rules) * 1:53241 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules) * 1:53242 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI information disclosure attempt (file-image.rules) * 1:53243 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594977-0 download attempt (malware-other.rules) * 1:53244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594972-0 download attempt (malware-other.rules) * 1:53245 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules) * 1:53246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules) * 1:53247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules) * 1:53248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR command injection attempt (server-webapp.rules) * 1:53249 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server access attempt (policy-other.rules) * 1:53250 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server arbitrary SQL execution attempt (policy-other.rules) * 1:53251 <-> DISABLED <-> POLICY-OTHER Oracle E-Business Suite TCF Server vulnerable function access attempt (policy-other.rules) * 1:53256 <-> ENABLED <-> SERVER-WEBAPP SQL Server Reporting Services web application remote code execution attempt (server-webapp.rules) * 1:53259 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594928-0 download attempt (malware-other.rules) * 1:53260 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules) * 1:53261 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules) * 1:53262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules) * 1:53263 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.DarkVision RAT download attempt (malware-other.rules) * 1:53264 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkVision initial outbound CNC connection attempt (malware-cnc.rules) * 1:53267 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7594994-0 download attempt (malware-other.rules) * 1:53270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596403-0 download attempt (malware-other.rules) * 1:53271 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596404-0 download attempt (malware-other.rules) * 1:53272 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-7596406-0 download attempt (malware-other.rules) * 1:53273 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597058-0 download attempt (malware-other.rules) * 1:53274 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597092-0 download attempt (malware-other.rules) * 1:53275 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596408-0 download attempt (malware-other.rules) * 1:53276 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597059-0 download attempt (malware-other.rules) * 1:53277 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596409-0 download attempt (malware-other.rules) * 1:53278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597060-0 download attempt (malware-other.rules) * 1:53279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596410-0 download attempt (malware-other.rules) * 1:53280 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597094-0 download attempt (malware-other.rules) * 1:53281 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597061-0 download attempt (malware-other.rules) * 1:53282 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596435-0 download attempt (malware-other.rules) * 1:53283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597808-0 download attempt (malware-other.rules) * 1:53284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vebzenpak-7597842-0 download attempt (malware-other.rules) * 1:53285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597077-0 download attempt (malware-other.rules) * 1:53286 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597078-0 download attempt (malware-other.rules) * 1:53287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zeroll-7596437-0 download attempt (malware-other.rules) * 1:53288 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597079-0 download attempt (malware-other.rules) * 1:53289 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597111-0 download attempt (malware-other.rules) * 1:53290 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7597876-0 download attempt (malware-other.rules) * 1:53291 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597112-0 download attempt (malware-other.rules) * 1:53292 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596389-0 download attempt (malware-other.rules) * 1:53293 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597080-0 download attempt (malware-other.rules) * 1:53294 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596390-0 download attempt (malware-other.rules) * 1:53295 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596391-0 download attempt (malware-other.rules) * 1:53296 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597081-0 download attempt (malware-other.rules) * 1:53297 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7597775-0 download attempt (malware-other.rules) * 1:53298 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Filerepmalware-7596392-0 download attempt (malware-other.rules) * 1:53299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597114-0 download attempt (malware-other.rules) * 1:53300 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597049-0 download attempt (malware-other.rules) * 1:53301 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-7596393-0 download attempt (malware-other.rules) * 1:53302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597115-0 download attempt (malware-other.rules) * 1:53303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597083-0 download attempt (malware-other.rules) * 1:53304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7596394-0 download attempt (malware-other.rules) * 1:53305 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597050-0 download attempt (malware-other.rules) * 1:53306 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597084-0 download attempt (malware-other.rules) * 1:53307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597116-0 download attempt (malware-other.rules) * 1:53308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597051-0 download attempt (malware-other.rules) * 1:53309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596397-0 download attempt (malware-other.rules) * 1:53310 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Xtrat-7597778-0 download attempt (malware-other.rules) * 1:53311 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597117-0 download attempt (malware-other.rules) * 1:53312 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597052-0 download attempt (malware-other.rules) * 1:53313 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596398-0 download attempt (malware-other.rules) * 1:53314 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Banbra-7597779-0 download attempt (malware-other.rules) * 1:53315 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597118-0 download attempt (malware-other.rules) * 1:53316 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597053-0 download attempt (malware-other.rules) * 1:53317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-7596399-0 download attempt (malware-other.rules) * 1:53318 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597086-0 download attempt (malware-other.rules) * 1:53319 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597087-0 download attempt (malware-other.rules) * 1:53320 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597054-0 download attempt (malware-other.rules) * 1:53321 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597120-0 download attempt (malware-other.rules) * 1:53322 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Leer-7597784-0 download attempt (malware-other.rules) * 1:53323 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597055-0 download attempt (malware-other.rules) * 1:53324 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597089-0 download attempt (malware-other.rules) * 1:53325 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Szq7apnib-7597786-0 download attempt (malware-other.rules) * 1:53326 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597056-0 download attempt (malware-other.rules) * 1:53327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-7597854-0 download attempt (malware-other.rules) * 1:53328 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597090-0 download attempt (malware-other.rules) * 1:53329 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-7597057-0 download attempt (malware-other.rules) * 1:53330 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Jaik-7597790-0 download attempt (malware-other.rules) * 1:53331 <-> DISABLED <-> POLICY-OTHER Wake-on-LAN magic packet attempt (policy-other.rules) * 1:53332 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53333 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53334 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53335 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53336 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Ryuk variant payload download attempt (malware-other.rules) * 1:53337 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Agent variant payload download attempt (malware-other.rules) * 1:53338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant outbound communication attempt (malware-cnc.rules) * 1:53339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftcode variant download attempt (malware-cnc.rules) * 1:53341 <-> ENABLED <-> SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt (server-apache.rules) * 1:53342 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53343 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 Turbofan Array pop type confusion attempt (browser-chrome.rules) * 1:53344 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53345 <-> DISABLED <-> OS-MOBILE Android Binder use after free exploit attempt (os-mobile.rules) * 1:53346 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53347 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53348 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53349 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53350 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53351 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53352 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant outbound connection (malware-cnc.rules) * 1:53353 <-> ENABLED <-> MALWARE-CNC Win.Worm.Emotet WiFi Spreader variant outbound connection (malware-cnc.rules) * 1:53354 <-> ENABLED <-> MALWARE-CNC Win.Worm.Emotet WiFi Spreader variant outbound connection (malware-cnc.rules) * 1:53355 <-> DISABLED <-> MALWARE-TOOLS Win.Worm.Emotet WiFi Spreader variant download attempt (malware-tools.rules) * 1:53356 <-> ENABLED <-> MALWARE-TOOLS Win.Worm.Emotet WiFi Spreader variant download attempt (malware-tools.rules) * 1:53357 <-> ENABLED <-> MALWARE-TOOLS Win.Worm.Emotet WiFi Spreader variant download attempt (malware-tools.rules) * 1:53358 <-> DISABLED <-> MALWARE-TOOLS Win.Worm.Emotet WiFi Spreader variant download attempt (malware-tools.rules) * 1:53359 <-> ENABLED <-> MALWARE-TOOLS Win.Worm.Emotet WiFi Spreader variant download attempt (malware-tools.rules) * 1:53360 <-> DISABLED <-> MALWARE-TOOLS Win.Worm.Emotet WiFi Spreader variant download attempt (malware-tools.rules) * 1:53361 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7599049-0 download attempt (malware-other.rules) * 1:53362 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-7599441-0 download attempt (malware-other.rules) * 1:53363 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-7600019-0 download attempt (malware-other.rules) * 1:53364 <-> ENABLED <-> MALWARE-OTHER Pdf.Downloader.Mozart malicious PDF download attempt (malware-other.rules) * 1:53365 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Mozart payload download attempt (malware-other.rules) * 1:53366 <-> ENABLED <-> MALWARE-OTHER Pdf.Downloader.Mozart malicious PDF download attempt (malware-other.rules) * 1:53367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mozart outbound CNC connection (malware-cnc.rules) * 1:53368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mozart outbound CNC connection (malware-cnc.rules) * 1:53369 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mozart outbound CNC connection (malware-cnc.rules) * 1:53370 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mozart outbound CNC connection (malware-cnc.rules) * 1:53371 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mozart outbound cnc connection attempt (malware-cnc.rules) * 1:53372 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mozart outbound CNC connection (malware-cnc.rules) * 1:53373 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mozart outbound CNC connection (malware-cnc.rules) * 1:53374 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DrsAddEntry attempt (policy-other.rules) * 1:53375 <-> DISABLED <-> POLICY-OTHER Microsoft Active Directory DRSUAPI_REPLICA_ADD attempt (policy-other.rules) * 1:53376 <-> DISABLED <-> SERVER-OTHER Exim unauthenticated remote code execution attempt (server-other.rules) * 1:53377 <-> DISABLED <-> SERVER-OTHER Exim unauthenticated remote code execution attempt (server-other.rules) * 1:53378 <-> DISABLED <-> SERVER-OTHER Exim unauthenticated remote code execution attempt (server-other.rules) * 1:53379 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Drooptroop-7604355-0 download attempt (malware-other.rules) * 1:53380 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53381 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53382 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel static viewstate key use attempt (server-webapp.rules) * 1:53383 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Control Panel remote code execution attempt (server-webapp.rules) * 1:53394 <-> DISABLED <-> MALWARE-TOOLS Rat.Trojan.Generic variant download attempt (malware-tools.rules) * 1:53395 <-> DISABLED <-> MALWARE-TOOLS Rat.Trojan.Generic variant download attempt (malware-tools.rules) * 1:53396 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Generic variant download attempt (malware-tools.rules) * 1:53397 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Generic variant download attempt (malware-tools.rules) * 1:53398 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.Generic variant download attempt (malware-tools.rules) * 1:53399 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.Generic variant download attempt (malware-tools.rules) * 1:534 <-> DISABLED <-> NETBIOS SMB CD.. (netbios.rules) * 1:53400 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.snoopy TCP connection attempt (malware-cnc.rules) * 1:53401 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.snoopy TCP connection attempt (malware-cnc.rules) * 1:53402 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:53403 <-> ENABLED <-> BROWSER-IE Microsoft Edge Scripting Engine memory corruption attempt (browser-ie.rules) * 1:53404 <-> ENABLED <-> BROWSER-IE Internet Explorer Scripting Engine memory corruption attempt (browser-ie.rules) * 1:53405 <-> ENABLED <-> BROWSER-IE Internet Explorer Scripting Engine memory corruption attempt (browser-ie.rules) * 1:53406 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectComposition elevation of privilege attempt (os-windows.rules) * 1:53407 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition elevation of privilege attempt (os-windows.rules) * 1:53408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (os-windows.rules) * 1:53409 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (os-windows.rules) * 1:53414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel memory leak attempt (os-windows.rules) * 1:53415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel memory leak attempt (os-windows.rules) * 1:53416 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53417 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53419 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53420 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53421 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (os-windows.rules) * 1:53422 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (os-windows.rules) * 1:53423 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (os-windows.rules) * 1:53424 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k privilege escalation attempt (os-windows.rules) * 1:53425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (os-windows.rules) * 1:53426 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (os-windows.rules) * 1:53427 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (os-windows.rules) * 1:53428 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (os-windows.rules) * 1:53429 <-> DISABLED <-> SERVER-WEBAPP rConfig authenticated remote code execution attempt (server-webapp.rules) * 1:53430 <-> DISABLED <-> SERVER-WEBAPP rConfig authenticated remote code execution attempt (server-webapp.rules) * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules) * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules) * 1:53433 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:53434 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:53435 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine Desktop Central directory traversal attempt (server-webapp.rules) * 1:53436 <-> ENABLED <-> OS-WINDOWS Windows RDP Gateway Server denial of service attempt (os-windows.rules) * 1:53437 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Parallax variant outbound cnc connection attempt (malware-cnc.rules) * 1:53438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Parallax variant outbound cnc connection attempt (malware-cnc.rules) * 1:53439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Parallax variant outbound cnc connection attempt (malware-cnc.rules) * 1:53440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Parallax variant outbound cnc connection attempt (malware-cnc.rules) * 1:53446 <-> DISABLED <-> POLICY-OTHER FreeSWITCH default credential login detected (policy-other.rules) * 1:53447 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (os-windows.rules) * 1:53448 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys remote code execution attempt (os-windows.rules) * 1:53449 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53450 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53451 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53452 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53453 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53454 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53455 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53456 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53457 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53458 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic Server IIOP remote code execution attempt (server-other.rules) * 1:53459 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:53460 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:53461 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:53462 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:53463 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:53464 <-> DISABLED <-> SERVER-OTHER FreeSWITCH mod_xml_rpc arbitrary command execution attempt (server-other.rules) * 1:53465 <-> DISABLED <-> SERVER-OTHER FreeSWITCH mod_xml_rpc arbitrary command execution attempt (server-other.rules) * 1:53466 <-> DISABLED <-> SERVER-OTHER FreeSWITCH mod_xml_rpc arbitrary command execution attempt (server-other.rules) * 1:53467 <-> DISABLED <-> SERVER-OTHER FreeSWITCH mod_xml_rpc arbitrary command execution attempt (server-other.rules) * 1:53468 <-> DISABLED <-> SERVER-OTHER FreeSWITCH mod_xml_rpc arbitrary command execution attempt (server-other.rules) * 1:53469 <-> DISABLED <-> POLICY-OTHER FreeSWITCH mod_xml_rpc default credential login detected (policy-other.rules) * 1:53473 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JavaScript engine type confusion attempt (browser-webkit.rules) * 1:53474 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JavaScript engine type confusion attempt (browser-webkit.rules) * 1:53475 <-> ENABLED <-> SERVER-OTHER Apache Log4j SocketServer insecure deserialization remote code execution attempt (server-other.rules) * 1:53476 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari browser putToPrimitive cross-site scripting attempt (browser-webkit.rules) * 1:53477 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit type confusion attempt (browser-webkit.rules) * 1:53478 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit type confusion attempt (browser-webkit.rules) * 1:53479 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari browser putToPrimitive cross-site scripting attempt (browser-webkit.rules) * 1:53489 <-> ENABLED <-> FILE-OTHER Microsoft Windows fontdrvhost SetBlendDesignPositions out of bounds write attempt (file-other.rules) * 1:53490 <-> ENABLED <-> FILE-OTHER Microsoft Windows fontdrvhost SetBlendDesignPositions out of bounds write attempt (file-other.rules) * 1:53491 <-> ENABLED <-> FILE-OTHER Microsoft Windows Type 1 font stack overflow attempt (file-other.rules) * 1:53492 <-> ENABLED <-> FILE-OTHER Microsoft Windows Type 1 font stack overflow attempt (file-other.rules) * 1:53493 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vebzenpak-7639837-0 download attempt (malware-other.rules) * 1:53494 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vebzenpak-7639837-0 download attempt (malware-other.rules) * 1:53495 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mirai-7640009-0 download attempt (malware-other.rules) * 1:53496 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mirai-7640009-0 download attempt (malware-other.rules) * 1:535 <-> DISABLED <-> NETBIOS SMB CD... (netbios.rules) * 1:53505 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (server-webapp.rules) * 1:53506 <-> DISABLED <-> SERVER-WEBAPP Horde Groupware Webmail data import PHP code injection attempt (server-webapp.rules) * 1:53507 <-> DISABLED <-> SERVER-WEBAPP Zyxel NAS devices command injection attempt (server-webapp.rules) * 1:53508 <-> DISABLED <-> SERVER-WEBAPP Zyxel NAS devices command injection attempt (server-webapp.rules) * 1:53509 <-> DISABLED <-> SERVER-WEBAPP Zyxel NAS devices command injection attempt (server-webapp.rules) * 1:53510 <-> DISABLED <-> SERVER-WEBAPP Zyxel NAS devices command injection attempt (server-webapp.rules) * 1:53511 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sodinokibi-7641431-0 download attempt (malware-other.rules) * 1:53512 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sodinokibi-7641431-0 download attempt (malware-other.rules) * 1:53513 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7641498-0 download attempt (malware-other.rules) * 1:53514 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7641498-0 download attempt (malware-other.rules) * 1:53515 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-7640443-0 download attempt (malware-other.rules) * 1:53516 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-7640443-0 download attempt (malware-other.rules) * 1:53525 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tdss-7643790-0 download attempt (malware-other.rules) * 1:53526 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tdss-7643790-0 download attempt (malware-other.rules) * 1:53527 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Lotoor-7643871-0 download attempt (malware-other.rules) * 1:53528 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Lotoor-7643871-0 download attempt (malware-other.rules) * 1:53529 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winspy-7644935-0 download attempt (malware-other.rules) * 1:53530 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winspy-7644935-0 download attempt (malware-other.rules) * 1:53533 <-> DISABLED <-> BROWSER-CHROME Google Chrome desktopMediaPickerController use after free attempt (browser-chrome.rules) * 1:53534 <-> DISABLED <-> BROWSER-CHROME Google Chrome desktopMediaPickerController use after free attempt (browser-chrome.rules) * 1:53539 <-> DISABLED <-> POLICY-OTHER NetSupport Manager inbound connection attempt (policy-other.rules) * 1:53540 <-> DISABLED <-> POLICY-OTHER NetSupport Manager outbound connection attempt (policy-other.rules) * 1:53541 <-> ENABLED <-> MALWARE-CNC Doc.Trojan.Agent variant outbound cnc connection attempt (malware-cnc.rules) * 1:53542 <-> ENABLED <-> MALWARE-CNC Doc.Trojan.Agent variant outbound cnc connection attempt (malware-cnc.rules) * 1:53543 <-> ENABLED <-> MALWARE-CNC Doc.Trojan.Agent variant outbound cnc connection attempt (malware-cnc.rules) * 1:53544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection attempt (malware-cnc.rules) * 1:53547 <-> ENABLED <-> SERVER-WEBAPP TP LINK TL-WR849N Access Point command injection attempt (server-webapp.rules) * 1:53548 <-> ENABLED <-> SERVER-WEBAPP TP LINK TL-WR849N Access Point command injection attempt (server-webapp.rules) * 1:53551 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Lotoor-7645228-0 download attempt (malware-other.rules) * 1:53552 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Lotoor-7645228-0 download attempt (malware-other.rules) * 1:53555 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53556 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Zbot-7647437-0 download attempt (malware-other.rules) * 1:53557 <-> DISABLED <-> SERVER-OTHER Codesys V3 Gateway denial of service attempt (server-other.rules) * 1:53558 <-> ENABLED <-> SERVER-WEBAPP Codesys V3 WebVisu remote heap overflow attempt (server-webapp.rules) * 1:53559 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53560 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-7648973-0 download attempt (malware-other.rules) * 1:53561 <-> DISABLED <-> SERVER-WEBAPP Wordpress GDPR Cookie Consent plugin cross-site scripting attempt (server-webapp.rules) * 1:53566 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53567 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53568 <-> DISABLED <-> SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt (server-webapp.rules) * 1:53569 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53570 <-> ENABLED <-> FILE-IDENTIFY BIMx file magic detected (file-identify.rules) * 1:53579 <-> DISABLED <-> PROTOCOL-VOIP Asterisk Manager Interface Originate action arbitrary command execution attempt (protocol-voip.rules) * 1:53580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox potential use after free attempt (browser-firefox.rules) * 1:53582 <-> DISABLED <-> INDICATOR-COMPROMISE RTF document with Equation and BITSAdmin download attempt (indicator-compromise.rules) * 1:53583 <-> DISABLED <-> INDICATOR-COMPROMISE RTF document with Equation and BITSAdmin download attempt (indicator-compromise.rules) * 1:53584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FormBook variant outbound connection (malware-cnc.rules) * 1:53585 <-> DISABLED <-> MALWARE-OTHER Win.Packed.njRAT-7646465-0 download attempt (malware-other.rules) * 1:53586 <-> DISABLED <-> MALWARE-OTHER Win.Packed.njRAT-7646465-0 download attempt (malware-other.rules) * 1:53587 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool CheckAdmin tool download attempt (malware-cnc.rules) * 1:53588 <-> ENABLED <-> MALWARE-CNC Win.Trojan.hacktool CheckAdmin tool download attempt (malware-cnc.rules) * 1:53589 <-> ENABLED <-> SERVER-WEBAPP DrayTek multiple products command injection attempt (server-webapp.rules) * 1:53590 <-> ENABLED <-> SERVER-WEBAPP DrayTek multiple products command injection attempt (server-webapp.rules) * 1:53591 <-> ENABLED <-> SERVER-WEBAPP DrayTek multiple products command injection attempt (server-webapp.rules) * 1:53592 <-> ENABLED <-> SERVER-WEBAPP DrayTek multiple products command injection attempt (server-webapp.rules) * 1:53593 <-> DISABLED <-> MALWARE-OTHER Unix.Tool.Dnsamp-7647492-0 download attempt (malware-other.rules) * 1:53594 <-> DISABLED <-> MALWARE-OTHER Unix.Tool.Dnsamp-7647492-0 download attempt (malware-other.rules) * 1:53595 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7648778-0 download attempt (malware-other.rules) * 1:53596 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7648778-0 download attempt (malware-other.rules) * 1:53597 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Hiddentears-7648972-0 download attempt (malware-other.rules) * 1:53598 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Hiddentears-7648972-0 download attempt (malware-other.rules) * 1:53601 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7647657-0 download attempt (malware-other.rules) * 1:53602 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7647657-0 download attempt (malware-other.rules) * 1:53603 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-7649790-0 download attempt (malware-other.rules) * 1:53604 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-7649790-0 download attempt (malware-other.rules) * 1:53605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gozi-7647568-0 download attempt (malware-other.rules) * 1:53606 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gozi-7647568-0 download attempt (malware-other.rules) * 1:53607 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Usteal-7652807-0 download attempt (malware-other.rules) * 1:53608 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Usteal-7652807-0 download attempt (malware-other.rules) * 1:53609 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Aak5d3ci-7652809-0 download attempt (malware-other.rules) * 1:53610 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Aak5d3ci-7652809-0 download attempt (malware-other.rules) * 1:53611 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Acv93xci-7652812-0 download attempt (malware-other.rules) * 1:53612 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Acv93xci-7652812-0 download attempt (malware-other.rules) * 1:53613 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7653096-0 download attempt (malware-other.rules) * 1:53614 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7653096-0 download attempt (malware-other.rules) * 1:53615 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7659504-0 download attempt (malware-other.rules) * 1:53616 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7659504-0 download attempt (malware-other.rules) * 1:53617 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7659544-0 download attempt (malware-other.rules) * 1:53618 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Upatre-7659544-0 download attempt (malware-other.rules) * 1:53619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component privilege escalation attempt (os-windows.rules) * 1:53620 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component privilege escalation attempt (os-windows.rules) * 1:53621 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX elevation of privilege attempt (os-windows.rules) * 1:53622 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectX elevation of privilege attempt (os-windows.rules) * 1:53623 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53624 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53625 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX elevation of privilege attempt (os-windows.rules) * 1:53626 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX elevation of privilege attempt (os-windows.rules) * 1:53627 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:53628 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:53629 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel CSRSS privilege escalation attempt (os-windows.rules) * 1:53630 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel CSRSS privilege escalation attempt (os-windows.rules) * 1:53631 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Panda variant outbound connection attempt (malware-cnc.rules) * 1:53632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:53633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53634 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:53635 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious loader and decryptor attempt (malware-other.rules) * 1:53636 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda malicious DLL loader attempt (malware-other.rules) * 1:53637 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda file download attempt (malware-other.rules) * 1:53638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda file download attempt (malware-other.rules) * 1:53639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda file download attempt (malware-other.rules) * 1:53640 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Panda file download attempt (malware-other.rules) * 1:53641 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53642 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda malicious DLL loader attempt (malware-tools.rules) * 1:53643 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53644 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53645 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Panda file loader and decryptor attempt (malware-tools.rules) * 1:53646 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WildPressure malicious executable download attempt (malware-other.rules) * 1:53647 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WildPressure malicious executable download attempt (malware-other.rules) * 1:53648 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WildPressure variant outbound connection attempt (malware-cnc.rules) * 1:53649 <-> DISABLED <-> INDICATOR-COMPROMISE PHP eval command execution attempt (indicator-compromise.rules) * 1:53652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CF_PALETTE privilege escalation attempt (os-windows.rules) * 1:53653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CF_PALETTE privilege escalation attempt (os-windows.rules) * 1:53654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 Win32k driver elevation of privileges attempt (os-windows.rules) * 1:53655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 10 Win32k driver elevation of privileges attempt (os-windows.rules) * 1:53656 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike x86 executable download attempt (malware-other.rules) * 1:53657 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike x86 executable download attempt (malware-other.rules) * 1:53658 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike x64 executable download attempt (malware-other.rules) * 1:53659 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike x64 executable download attempt (malware-other.rules) * 1:53662 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.MedusaLocker malicious executable download attempt (malware-other.rules) * 1:53663 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.MedusaLocker malicious executable download attempt (malware-other.rules) * 1:53664 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.MedusaLocker malicious executable download attempt (malware-other.rules) * 1:53665 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.MedusaLocker malicious executable download attempt (malware-other.rules) * 1:53687 <-> DISABLED <-> SERVER-WEBAPP Adobe Experience Manager server side request forgery attempt (server-webapp.rules) * 1:53688 <-> DISABLED <-> SERVER-WEBAPP Adobe Experience Manager server side request forgery attempt (server-webapp.rules) * 1:53689 <-> ENABLED <-> MALWARE-CNC Win.Malware.PoetRat malware variant FTP login (malware-cnc.rules) * 1:53690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PoetRAT malicious document download attempt (malware-other.rules) * 1:53691 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PoetRAT malicious document download attempt (malware-other.rules) * 1:53692 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Hiddentears variant outbound connection (malware-cnc.rules) * 1:53693 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Hiddentears variant outbound connection (malware-cnc.rules) * 1:53694 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Hiddentears variant outbound connection (malware-cnc.rules) * 1:53695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules) * 1:53696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-7663171-0 download attempt (malware-other.rules) * 1:53697 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules) * 1:53698 <-> DISABLED <-> MALWARE-OTHER Unix.Exploit.Generic-7664564-0 download attempt (malware-other.rules) * 1:53699 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules) * 1:53700 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Feejar-7665621-0 download attempt (malware-other.rules) * 1:53701 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules) * 1:53702 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Mirai-7666587-0 download attempt (malware-other.rules) * 1:53703 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules) * 1:53704 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gepys-7667037-0 download attempt (malware-other.rules) * 1:53705 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules) * 1:53706 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7667850-0 download attempt (malware-other.rules) * 1:53707 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules) * 1:53708 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Coinminer-7668629-0 download attempt (malware-other.rules) * 1:53709 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules) * 1:53710 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7670131-0 download attempt (malware-other.rules) * 1:53711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules) * 1:53712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-7671047-0 download attempt (malware-other.rules) * 1:53713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules) * 1:53714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671761-0 download attempt (malware-other.rules) * 1:53715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules) * 1:53716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7671762-0 download attempt (malware-other.rules) * 1:53717 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules) * 1:53718 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7672139-0 download attempt (malware-other.rules) * 1:53719 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules) * 1:53720 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7672805-0 download attempt (malware-other.rules) * 1:53721 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules) * 1:53722 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674653-0 download attempt (malware-other.rules) * 1:53723 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules) * 1:53724 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-7674660-0 download attempt (malware-other.rules) * 1:53725 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules) * 1:53726 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sdbot-7674650-0 download attempt (malware-other.rules) * 1:53727 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules) * 1:53728 <-> DISABLED <-> FILE-OTHER Visual Studio Code Python extension arbitrary code execution attempt (file-other.rules) * 1:53733 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager directory traversal attempt (server-webapp.rules) * 1:53734 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager nmap scan command execution attempt (server-webapp.rules) * 1:53735 <-> DISABLED <-> POLICY-OTHER IBM Data Risk Manager user password reset attempt (policy-other.rules) * 1:53736 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-7678962-0 download attempt (malware-other.rules) * 1:53738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53739 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53740 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53741 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kwampirs malicious executable download attempt (malware-other.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle Coherence library LimitFilter insecure deserialization attempt (server-oracle.rules) * 1:53745 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53746 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53747 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53748 <-> DISABLED <-> MALWARE-OTHER Doc.Downloader.Aggah payload download attempt (malware-other.rules) * 1:53749 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53750 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Basbanke variant outbound connection (malware-cnc.rules) * 1:53751 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53752 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53753 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53754 <-> ENABLED <-> BROWSER-CHROME Google Chrome ObjectCreate type confusion attempt (browser-chrome.rules) * 1:53757 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53758 <-> ENABLED <-> MALWARE-OTHER CobaltStrike beacon.dll download attempt (malware-other.rules) * 1:53763 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7679561-0 download attempt (malware-other.rules) * 1:53764 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-7679561-0 download attempt (malware-other.rules) * 1:53765 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Kuluoz-7684621-0 download attempt (malware-other.rules) * 1:53766 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Kuluoz-7684621-0 download attempt (malware-other.rules) * 1:53767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685267-0 download attempt (malware-other.rules) * 1:53768 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685267-0 download attempt (malware-other.rules) * 1:53769 <-> ENABLED <-> SERVER-MAIL iOS MobileMail Maild heap overflow attempt (server-mail.rules) * 1:53770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules) * 1:53771 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-7691064-0 download attempt (malware-other.rules) * 1:53772 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules) * 1:53773 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-7691284-0 download attempt (malware-other.rules) * 1:53774 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules) * 1:53775 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Cryptolocker-7691287-0 download attempt (malware-other.rules) * 1:53776 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules) * 1:53777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696245-0 download attempt (malware-other.rules) * 1:53778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules) * 1:53779 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7696398-0 download attempt (malware-other.rules) * 1:53780 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules) * 1:53781 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Barys-7699954-0 download attempt (malware-other.rules) * 1:53782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules) * 1:53783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685261-0 download attempt (malware-other.rules) * 1:53784 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules) * 1:53785 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700057-0 download attempt (malware-other.rules) * 1:53786 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules) * 1:53787 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Kuluoz-7700058-0 download attempt (malware-other.rules) * 1:53788 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules) * 1:53789 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7685740-0 download attempt (malware-other.rules) * 1:53790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules) * 1:53791 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Multiplug-7693689-0 download attempt (malware-other.rules) * 1:53792 <-> ENABLED <-> MALWARE-CNC Win.Malware.Remcos variant outbound cnc connection (malware-cnc.rules) * 1:53793 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos payload download attempt (malware-other.rules) * 1:53794 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos payload download attempt (malware-other.rules) * 1:53795 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos payload download attempt (malware-other.rules) * 1:53796 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos payload download attempt (malware-other.rules) * 1:53797 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7708589-0 download attempt (malware-other.rules) * 1:53798 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7708589-0 download attempt (malware-other.rules) * 1:53799 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7709124-0 download attempt (malware-other.rules) * 1:53800 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-7709124-0 download attempt (malware-other.rules) * 1:53801 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7725478-0 download attempt (malware-other.rules) * 1:53802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7725478-0 download attempt (malware-other.rules) * 1:53803 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Kuluoz-7725577-0 download attempt (malware-other.rules) * 1:53804 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Kuluoz-7725577-0 download attempt (malware-other.rules) * 1:53805 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-7725946-0 download attempt (malware-other.rules) * 1:53806 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-7725946-0 download attempt (malware-other.rules) * 1:53807 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Auqxpmli-7727237-0 download attempt (malware-other.rules) * 1:53808 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Auqxpmli-7727237-0 download attempt (malware-other.rules) * 1:53809 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Auqxpmli-7727238-0 download attempt (malware-other.rules) * 1:53810 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Auqxpmli-7727238-0 download attempt (malware-other.rules) * 1:53811 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Multibanker-7729242-0 download attempt (malware-other.rules) * 1:53812 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Multibanker-7729242-0 download attempt (malware-other.rules) * 1:53813 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot-7729710-0 download attempt (malware-other.rules) * 1:53814 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot-7729710-0 download attempt (malware-other.rules) * 1:53815 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7730394-0 download attempt (malware-other.rules) * 1:53816 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7730394-0 download attempt (malware-other.rules) * 1:53817 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-7730667-0 download attempt (malware-other.rules) * 1:53818 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-7730667-0 download attempt (malware-other.rules) * 1:53819 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7730732-0 download attempt (malware-other.rules) * 1:53820 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7730732-0 download attempt (malware-other.rules) * 1:53821 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7730819-0 download attempt (malware-other.rules) * 1:53822 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7730819-0 download attempt (malware-other.rules) * 1:53823 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gh0stRAT-7737919-0 download attempt (malware-other.rules) * 1:53824 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gh0stRAT-7737919-0 download attempt (malware-other.rules) * 1:53825 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zbot-7727211-0 download attempt (malware-other.rules) * 1:53826 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zbot-7727211-0 download attempt (malware-other.rules) * 1:53827 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7751494-0 download attempt (malware-other.rules) * 1:53828 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7751494-0 download attempt (malware-other.rules) * 1:53829 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7752290-0 download attempt (malware-other.rules) * 1:53830 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7752290-0 download attempt (malware-other.rules) * 1:53831 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Kuluoz-7752297-0 download attempt (malware-other.rules) * 1:53832 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Kuluoz-7752297-0 download attempt (malware-other.rules) * 1:53833 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-7752430-0 download attempt (malware-other.rules) * 1:53834 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-7752430-0 download attempt (malware-other.rules) * 1:53835 <-> DISABLED <-> INDICATOR-COMPROMISE Chromium use after free exploitation attempt (indicator-compromise.rules) * 1:53836 <-> DISABLED <-> INDICATOR-COMPROMISE Chromium use after free exploitation attempt (indicator-compromise.rules) * 1:53837 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Maze variant download attempt (malware-other.rules) * 1:53838 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Maze variant download attempt (malware-other.rules) * 1:53841 <-> DISABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules) * 1:53842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-7752919-0 download attempt (malware-other.rules) * 1:53843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-7752919-0 download attempt (malware-other.rules) * 1:53844 <-> DISABLED <-> BROWSER-CHROME Google Chromium ImageCapture use after free attempt (browser-chrome.rules) * 1:53845 <-> DISABLED <-> BROWSER-CHROME Google Chromium ImageCapture use after free attempt (browser-chrome.rules) * 1:53846 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:53848 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-7764305-0 download attempt (malware-other.rules) * 1:53849 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-7764305-0 download attempt (malware-other.rules) * 1:53852 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-7767366-0 download attempt (malware-other.rules) * 1:53853 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-7767366-0 download attempt (malware-other.rules) * 1:53854 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-7759444-0 download attempt (malware-other.rules) * 1:53855 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-7759444-0 download attempt (malware-other.rules) * 1:53856 <-> ENABLED <-> MALWARE-CNC Embedded.Exploit.Hoaxcalls variant outbound connection (malware-cnc.rules) * 1:53857 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6202 series SQL injection attempt (server-webapp.rules) * 1:53858 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6202 series SQL injection attempt (server-webapp.rules) * 1:53859 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6202 series SQL injection attempt (server-webapp.rules) * 1:53860 <-> ENABLED <-> SERVER-WEBAPP Centurylink router unauthenticated administrator account disable attempt (server-webapp.rules) * 1:53861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Astaroth outbound beacon (malware-cnc.rules) * 1:53862 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-859 UPnP subscribe command injection attempt (server-webapp.rules) * 1:53863 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-859 UPnP subscribe command injection attempt (server-webapp.rules) * 1:53865 <-> DISABLED <-> SERVER-OTHER Memcached read command denial of service attempt (server-other.rules) * 1:53866 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint TypeConverter remote code execution attempt (server-webapp.rules) * 1:53872 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules) * 1:53873 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Petr-7770233-0 download attempt (malware-other.rules) * 1:53874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules) * 1:53875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7770520-0 download attempt (malware-other.rules) * 1:53876 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules) * 1:53877 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules) * 1:53878 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules) * 1:53879 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.EnigmaSpark download attempt (malware-tools.rules) * 1:53880 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules) * 1:53881 <-> DISABLED <-> INDICATOR-OBFUSCATION Executable packed with EnigmaProtector detected (indicator-obfuscation.rules) * 1:53882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.EnigmaSpark variant outbound connection (malware-cnc.rules) * 1:53883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules) * 1:53884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-7770512-0 download attempt (malware-other.rules) * 1:53885 <-> ENABLED <-> SERVER-WEBAPP Grandstream UCM6200 series SQL injection attempt (server-webapp.rules) * 1:53886 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules) * 1:53887 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7776555-0 download attempt (malware-other.rules) * 1:53888 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules) * 1:53889 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7779557-0 download attempt (malware-other.rules) * 1:53890 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules) * 1:53891 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779678-0 download attempt (malware-other.rules) * 1:53892 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules) * 1:53893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Worpof-7779679-0 download attempt (malware-other.rules) * 1:53894 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules) * 1:53895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779785-0 download attempt (malware-other.rules) * 1:53896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules) * 1:53897 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779786-0 download attempt (malware-other.rules) * 1:53898 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules) * 1:53899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779787-0 download attempt (malware-other.rules) * 1:53900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules) * 1:53901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7779788-0 download attempt (malware-other.rules) * 1:53902 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules) * 1:53903 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Loadmoney-7779808-0 download attempt (malware-other.rules) * 1:53904 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules) * 1:53905 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7780045-0 download attempt (malware-other.rules) * 1:53906 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules) * 1:53907 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-7780618-0 download attempt (malware-other.rules) * 1:53908 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules) * 1:53909 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-7780594-0 download attempt (malware-other.rules) * 1:53910 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules) * 1:53911 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ursnif-7781451-0 download attempt (malware-other.rules) * 1:53912 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules) * 1:53913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-7782296-0 download attempt (malware-other.rules) * 1:53914 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules) * 1:53915 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7782261-0 download attempt (malware-other.rules) * 1:53916 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:53917 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:53918 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules) * 1:53919 <-> ENABLED <-> BROWSER-IE Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules) * 1:53920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules) * 1:53921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7782249-0 download attempt (malware-other.rules) * 1:53922 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules) * 1:53923 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779081-0 download attempt (malware-other.rules) * 1:53924 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53925 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53926 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53927 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:53928 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:53929 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:53930 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:53931 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:53932 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:53933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k privilege escalation attempt (os-windows.rules) * 1:53934 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules) * 1:53935 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-7779639-0 download attempt (malware-other.rules) * 1:53936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules) * 1:53937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-7781049-0 download attempt (malware-other.rules) * 1:53938 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules) * 1:53939 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-7781513-0 download attempt (malware-other.rules) * 1:53940 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules) * 1:53941 <-> DISABLED <-> OS-WINDOWS Win32 kernel use after free privilege escalation attempt (os-windows.rules) * 1:53942 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules) * 1:53943 <-> ENABLED <-> BROWSER-CHROME Google Chromium for Android AddInterface use after free attempt (browser-chrome.rules) * 1:53946 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules) * 1:53947 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-7782997-0 download attempt (malware-other.rules) * 1:53950 <-> ENABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules) * 1:53951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows fontdrvhost remote code execution attempt (os-windows.rules) * 1:53952 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53953 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53954 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53955 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53956 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules) * 1:53957 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection (malware-cnc.rules) * 1:53958 <-> ENABLED <-> MALWARE-CNC Win.Malware.Agent variant outbound cnc connection attempt (malware-cnc.rules) * 1:53960 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:53961 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53962 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-7783851-0 download attempt (malware-other.rules) * 1:53963 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53964 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784064-0 download attempt (malware-other.rules) * 1:53965 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53966 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7784063-0 download attempt (malware-other.rules) * 1:53967 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules) * 1:53968 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules) * 1:53969 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules) * 1:53970 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS user and group creation command injection attempt (server-webapp.rules) * 1:53971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:53972 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike beacon.dll DNS download attempt (malware-other.rules) * 1:53973 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53974 <-> DISABLED <-> MALWARE-OTHER CobaltStrike powershell web delivery attempt (malware-other.rules) * 1:53975 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike multiple large DNS TXT query responses (indicator-compromise.rules) * 1:53976 <-> DISABLED <-> BROWSER-WEBKIT WebKit use-after-free remote code execution attempt (browser-webkit.rules) * 1:53977 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53978 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Agent payload download attempt (malware-other.rules) * 1:53979 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53980 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-7784396-0 download attempt (malware-other.rules) * 1:53981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53982 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Palevo-7785322-0 download attempt (malware-other.rules) * 1:53983 <-> ENABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53984 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:53985 <-> ENABLED <-> INDICATOR-COMPROMISE msiexec.exe command execution over DNS attempt (indicator-compromise.rules) * 1:53986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bstx-7792801-0 download attempt (malware-other.rules) * 1:53987 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bstx-7792801-0 download attempt (malware-other.rules) * 1:53988 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-7792881-0 download attempt (malware-other.rules) * 1:53989 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-7792881-0 download attempt (malware-other.rules) * 1:53994 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WINNTI variant outbound connection (malware-cnc.rules) * 1:53995 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WINNTI variant outbound connection (malware-cnc.rules) * 1:53996 <-> ENABLED <-> MALWARE-CNC Win.Malware.Hancitor variant outbound connection (malware-cnc.rules) * 1:53997 <-> ENABLED <-> MALWARE-CNC Win.Malware.Hancitor variant outbound connection (malware-cnc.rules) * 1:53998 <-> ENABLED <-> MALWARE-CNC Win.Malware.Hancitor variant inbound connection (malware-cnc.rules) * 1:53999 <-> ENABLED <-> MALWARE-CNC Win.Malware.Hancitor variant outbound connection (malware-cnc.rules) * 1:540 <-> DISABLED <-> POLICY-SOCIAL Microsoft MSN message (policy-social.rules) * 1:54000 <-> ENABLED <-> MALWARE-CNC Win.Malware.Hancitor variant outbound connection (malware-cnc.rules) * 1:54001 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Refpron-7794056-0 download attempt (malware-other.rules) * 1:54002 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Refpron-7794056-0 download attempt (malware-other.rules) * 1:54003 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules) * 1:54004 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.WolfRAT variant outbound connection (malware-cnc.rules) * 1:54005 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Rootnik-7825953-0 download attempt (malware-other.rules) * 1:54006 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Rootnik-7825953-0 download attempt (malware-other.rules) * 1:54007 <-> ENABLED <-> SERVER-ORACLE Oracle Weblogic T3 remote code execution attempt (server-oracle.rules) * 1:54008 <-> ENABLED <-> SERVER-ORACLE Oracle Weblogic T3 remote code execution attempt (server-oracle.rules) * 1:54012 <-> DISABLED <-> SERVER-WEBAPP ASUS ASUSWRT appGet.cgi command injection attempt (server-webapp.rules) * 1:54013 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:54014 <-> ENABLED <-> MALWARE-CNC Win.Malware.Trickbot variant outbound connection (malware-cnc.rules) * 1:54015 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7846624-0 download attempt (malware-other.rules) * 1:54016 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-7846624-0 download attempt (malware-other.rules) * 1:54017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Dorkbot-7847299-0 download attempt (malware-other.rules) * 1:54018 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Dorkbot-7847299-0 download attempt (malware-other.rules) * 1:54019 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ApolloZeus Loader beaconing attempt (malware-cnc.rules) * 1:54020 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Hancitor COVID-19 subject phishing email attempt (malware-other.rules) * 1:54021 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andariel outbound connection attempt (malware-cnc.rules) * 1:54022 <-> ENABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:54023 <-> ENABLED <-> SERVER-OTHER SaltStack authentication bypass attempt (server-other.rules) * 1:54029 <-> DISABLED <-> MALWARE-CNC Win.Malware.Rifdoor outbound cnc registration attempt (malware-cnc.rules) * 1:54030 <-> ENABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54031 <-> ENABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54032 <-> ENABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54033 <-> ENABLED <-> SERVER-OTHER SaltStack wheel directory traversal attempt (server-other.rules) * 1:54035 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Fareitvb-7861078-0 download attempt (malware-other.rules) * 1:54036 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Fareitvb-7861078-0 download attempt (malware-other.rules) * 1:54037 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:54038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7880797-0 download attempt (malware-other.rules) * 1:54039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-7880797-0 download attempt (malware-other.rules) * 1:54040 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Evilnum variant outbound connection (malware-cnc.rules) * 1:54041 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Evilnum variant outbound connection (malware-cnc.rules) * 1:54042 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Evilnum variant outbound connection (malware-cnc.rules) * 1:54043 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Evilnum variant inbound connection (malware-cnc.rules) * 1:54044 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Evilnum malicious LNK file download attempt (malware-other.rules) * 1:54045 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Evilnum malicious LNK file download attempt (malware-other.rules) * 1:54046 <-> ENABLED <-> MALWARE-CNC Win.Malware.Qealler variant outbound connection (malware-cnc.rules) * 1:54053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54054 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Copperhedge outbound connection (malware-cnc.rules) * 1:54056 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54057 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.BlackNET variant binary download attempt (malware-other.rules) * 1:54058 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54059 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Blacknet variant outbound connection (malware-cnc.rules) * 1:54061 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TrickBot variant certificate exchange attempt (malware-cnc.rules) * 1:54062 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54063 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54064 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54065 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54066 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54067 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54068 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54069 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54070 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54071 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54072 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54073 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54074 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54075 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54076 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54077 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54078 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54079 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.TrickBot malicious executable download attempt (malware-other.rules) * 1:54080 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.TrickBot variant outbound connection attempt (indicator-compromise.rules) * 1:54081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54082 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound cnc connection (malware-cnc.rules) * 1:54083 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54084 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Mobidash-7914334-0 download attempt (malware-other.rules) * 1:54085 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54086 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-7933433-0 download attempt (malware-other.rules) * 1:54087 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54088 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7945000-0 download attempt (malware-other.rules) * 1:54089 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54090 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-7946160-0 download attempt (malware-other.rules) * 1:54091 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-7977738-0 download attempt (malware-other.rules) * 1:54093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54094 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-7944985-0 download attempt (malware-other.rules) * 1:54095 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54096 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.CobaltStrike powershell beacon download attempt (malware-other.rules) * 1:54097 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54098 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54099 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:541 <-> DISABLED <-> POLICY-SOCIAL ICQ access (policy-social.rules) * 1:54100 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54101 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54102 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54103 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54104 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54105 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54106 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mokes malicious executable download attempt (malware-other.rules) * 1:54107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mokes variant outbound connection (malware-cnc.rules) * 1:54108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mikey-7914350-0 download attempt (malware-other.rules) * 1:54110 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54111 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54112 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54113 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike HTML payload download attempt (malware-other.rules) * 1:54114 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54115 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike powershell payload download attempt (malware-other.rules) * 1:54116 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54117 <-> ENABLED <-> MALWARE-OTHER Html.Trojan.CobaltStrike VBA payload download attempt (malware-other.rules) * 1:54118 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54119 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-7910553-0 download attempt (malware-other.rules) * 1:54122 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54145 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:54146 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot-7993070-0 download attempt (malware-other.rules) * 1:54147 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Dorkbot-7993070-0 download attempt (malware-other.rules) * 1:54148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7994999-0 download attempt (malware-other.rules) * 1:54149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-7994999-0 download attempt (malware-other.rules) * 1:54150 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Hao123 outbound connection attempt (malware-other.rules) * 1:54151 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Hao123 outbound connection attempt (malware-other.rules) * 1:54152 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Hao123 outbound connection attempt (malware-other.rules) * 1:54153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla malicious executable download attempt (malware-other.rules) * 1:54154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Turla malicious executable download attempt (malware-other.rules) * 1:54156 <-> ENABLED <-> POLICY-OTHER LDAP bind success (policy-other.rules) * 1:54157 <-> DISABLED <-> SERVER-OTHER VMWare Directory Service authentication bypass attempt (server-other.rules) * 1:54162 <-> ENABLED <-> SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt (server-webapp.rules) * 1:54165 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules) * 1:54166 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Razy-7997331-0 download attempt (malware-other.rules) * 1:54167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules) * 1:54168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-7998106-0 download attempt (malware-other.rules) * 1:54169 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules) * 1:54170 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike signed java applet execution attempt (malware-other.rules) * 1:54171 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules) * 1:54172 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules) * 1:54173 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules) * 1:54174 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike signed java applet download attempt (malware-other.rules) * 1:54175 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default signed applet attack URI (indicator-compromise.rules) * 1:54176 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules) * 1:54177 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002902-0 download attempt (malware-other.rules) * 1:54178 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules) * 1:54179 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Zusy-8002903-0 download attempt (malware-other.rules) * 1:54180 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules) * 1:54181 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules) * 1:54182 <-> ENABLED <-> MALWARE-OTHER Cobalt Strike system profiling attempt (malware-other.rules) * 1:54183 <-> DISABLED <-> INDICATOR-COMPROMISE Cobalt Strike default smart applet attack URI (indicator-compromise.rules) * 1:54184 <-> DISABLED <-> SERVER-OTHER lodash defaultsDeep prototype pollution attempt (server-other.rules) * 1:54185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules) * 1:54186 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Samas-7998113-0 download attempt (malware-other.rules) * 1:54187 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules) * 1:54188 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.RagnarLocker initial download (malware-other.rules) * 1:54189 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules) * 1:54190 <-> ENABLED <-> FILE-PDF Adobe Reader custom JavaScript field use-after-free attempt (file-pdf.rules) * 1:54191 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54192 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54193 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54194 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54195 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules) * 1:54196 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules) * 1:54197 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules) * 1:54198 <-> DISABLED <-> SERVER-WEBAPP TP-LINK Cloud Cameras NCXXX Bonjour command injection attempt (server-webapp.rules) * 1:54199 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:542 <-> DISABLED <-> POLICY-SOCIAL IRC nick change (policy-social.rules) * 1:54200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54202 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54207 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54209 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54210 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trickbot variant outbound connection (malware-cnc.rules) * 1:54214 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (server-oracle.rules) * 1:54215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules) * 1:54216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules) * 1:54217 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB srv2.sys information disclosure attempt (os-windows.rules) * 1:54218 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules) * 1:54219 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-8009335-0 download attempt (malware-other.rules) * 1:54220 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules) * 1:54221 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Packed.Amg0fxii-8010198-0 download attempt (malware-other.rules) * 1:54222 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules) * 1:54223 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules) * 1:54224 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection attempt (server-oracle.rules) * 1:54225 <-> DISABLED <-> SERVER-ORACLE Oracle iPlanet admin panel image injection CSRF attempt (server-oracle.rules) * 1:54226 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules) * 1:54227 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-8010339-0 download attempt (malware-other.rules) * 1:54228 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules) * 1:54229 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8010482-0 download attempt (malware-other.rules) * 1:54230 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules) * 1:54231 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules) * 1:54232 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules) * 1:54233 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript memory corruption attempt (browser-ie.rules) * 1:54234 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules) * 1:54235 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS cross site scripting attempt (server-webapp.rules) * 1:54236 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54237 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54238 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54239 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54240 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 remote code execution attempt (os-windows.rules) * 1:54241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules) * 1:54242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateDIBitmap privilege escalation attempt (os-windows.rules) * 1:54243 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules) * 1:54244 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Media Foundation getKeyForIndex out-of-bounds read attempt (file-multimedia.rules) * 1:54245 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54246 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules) * 1:54248 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys remote code execution attempt (os-windows.rules) * 1:54249 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules) * 1:54250 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel security feature bypass attempt (os-windows.rules) * 1:54270 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules) * 1:54271 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB chained compression out of bounds read attempt (os-windows.rules) * 1:54272 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules) * 1:54273 <-> DISABLED <-> SERVER-WEBAPP Centreon Monitoring tool command injection attempt (server-webapp.rules) * 1:54274 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules) * 1:54275 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Vobfus-8010924-0 download attempt (malware-other.rules) * 1:54276 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:54277 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules) * 1:54278 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8011051-0 download attempt (malware-other.rules) * 1:54279 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:54280 <-> DISABLED <-> INDICATOR-COMPROMISE UPnP SUBSCRIBE Callback denial-of-service attempt (indicator-compromise.rules) * 1:54281 <-> DISABLED <-> INDICATOR-SCAN CallStranger UPnP discovery attempt (indicator-scan.rules) * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules) * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules) * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules) * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules) * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules) * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules) * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules) * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules) * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (malware-cnc.rules) * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules) * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules) * 1:54296 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ printer out of bounds write attempt (os-windows.rules) * 1:54297 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI+ printer out of bounds write attempt (os-windows.rules) * 1:54298 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:54299 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tinba-8025802-0 download attempt (malware-other.rules) * 1:543 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'STOR 1MB' possible warez site (indicator-compromise.rules) * 1:54300 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-8025641-0 download attempt (malware-other.rules) * 1:54302 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54303 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-8027829-0 download attempt (malware-other.rules) * 1:54304 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54305 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nanocore-8030566-0 download attempt (malware-other.rules) * 1:54306 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:54307 <-> ENABLED <-> PUA-ADWARE Js.Adware.Agent variant redirect attempt (pua-adware.rules) * 1:54316 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules) * 1:54317 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jqht-8069377-0 download attempt (malware-other.rules) * 1:54318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Azorult variant outbound connection attempt (malware-cnc.rules) * 1:54319 <-> ENABLED <-> SERVER-WEBAPP VMWare Cloud Director Java expression language injection attempt (server-webapp.rules) * 1:54357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sarwent variant outbound connection (malware-cnc.rules) * 1:54373 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.IndigoDrop variant binary download attempt (malware-other.rules) * 1:54374 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.IndigoDrop variant binary download attempt (malware-other.rules) * 1:54375 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.IndigoDrop variant binary download attempt (malware-other.rules) * 1:54376 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.IndigoDrop variant binary download attempt (malware-other.rules) * 1:54377 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-8108321-0 download attempt (malware-other.rules) * 1:54378 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-8108321-0 download attempt (malware-other.rules) * 1:54379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt (browser-firefox.rules) * 1:54380 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt (browser-firefox.rules) * 1:54381 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vidar-8170701-0 download attempt (malware-other.rules) * 1:54382 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vidar-8170701-0 download attempt (malware-other.rules) * 1:54383 <-> DISABLED <-> POLICY-OTHER Potentially suspicious fragmented IP in IP packet (policy-other.rules) * 1:54384 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Qbot malicious executable download attempt (malware-other.rules) * 1:54385 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Qbot malicious executable download attempt (malware-other.rules) * 1:54386 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Qbot malicious executable download attempt (malware-other.rules) * 1:54387 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Qbot malicious executable download attempt (malware-other.rules) * 1:54388 <-> ENABLED <-> SERVER-OTHER OpenSMTPD mta_io remote command injection attempt (server-other.rules) * 1:54389 <-> ENABLED <-> PROTOCOL-TELNET netkit-telnet server memory corruption attempt (protocol-telnet.rules) * 1:54394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection attempt (malware-cnc.rules) * 1:54395 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Shiz-8295940-0 download attempt (malware-other.rules) * 1:54396 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Shiz-8295940-0 download attempt (malware-other.rules) * 1:54397 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-8338518-0 download attempt (malware-other.rules) * 1:54398 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-8338518-0 download attempt (malware-other.rules) * 1:54399 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:544 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'RETR 1MB' possible warez site (indicator-compromise.rules) * 1:54400 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine memory corruption attempt (browser-ie.rules) * 1:54401 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Valak malicious outbound connection attempt (malware-cnc.rules) * 1:54402 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Valak malicious outbound connection attempt (malware-cnc.rules) * 1:54403 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Valak malicious outbound connection attempt (malware-cnc.rules) * 1:54404 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Valak malicious outbound connection attempt (malware-cnc.rules) * 1:54405 <-> DISABLED <-> SERVER-WEBAPP PHP php_strip_tags_ex function out-of-bounds read attempt (server-webapp.rules) * 1:54406 <-> DISABLED <-> SERVER-WEBAPP PHP php_strip_tags_ex function out-of-bounds read attempt (server-webapp.rules) * 1:54407 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8336989-0 download attempt (malware-other.rules) * 1:54408 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-8336989-0 download attempt (malware-other.rules) * 1:54409 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Waledac-8338517-0 download attempt (malware-other.rules) * 1:54410 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Waledac-8338517-0 download attempt (malware-other.rules) * 1:54417 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Macsearch-8347867-0 download attempt (malware-other.rules) * 1:54418 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Macsearch-8347867-0 download attempt (malware-other.rules) * 1:54419 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8356485-0 download attempt (malware-other.rules) * 1:54420 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8356485-0 download attempt (malware-other.rules) * 1:54421 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroyStealer outbound connection attempt (malware-cnc.rules) * 1:54422 <-> DISABLED <-> SERVER-WEBAPP Cisco DNA Center cross site scripting attempt (server-webapp.rules) * 1:54423 <-> DISABLED <-> SERVER-WEBAPP Cisco DNA Center cross site scripting attempt (server-webapp.rules) * 1:54424 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8359642-0 download attempt (malware-other.rules) * 1:54425 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8359642-0 download attempt (malware-other.rules) * 1:54426 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-8367128-0 download attempt (malware-other.rules) * 1:54427 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bifrost-8367128-0 download attempt (malware-other.rules) * 1:54428 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Hajime-8426230-0 download attempt (malware-other.rules) * 1:54429 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Hajime-8426230-0 download attempt (malware-other.rules) * 1:54434 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-8568669-0 download attempt (malware-other.rules) * 1:54435 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-8568669-0 download attempt (malware-other.rules) * 1:54436 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Remcos-8401633-0 download attempt (malware-other.rules) * 1:54437 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Remcos-8401633-0 download attempt (malware-other.rules) * 1:54438 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-8569260-0 download attempt (malware-other.rules) * 1:54439 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-8569260-0 download attempt (malware-other.rules) * 1:54462 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (server-webapp.rules) * 1:54463 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bladabindi-8460552-0 download attempt (malware-other.rules) * 1:54464 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bladabindi-8460552-0 download attempt (malware-other.rules) * 1:54473 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Nemucod variant download attempt (malware-other.rules) * 1:54474 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Adwind variant download attempt (malware-other.rules) * 1:54475 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Nemucod variant download attempt (malware-other.rules) * 1:54476 <-> ENABLED <-> MALWARE-OTHER Win.Dropper.Adwind variant download attempt (malware-other.rules) * 1:54482 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-8650925-0 download attempt (malware-other.rules) * 1:54483 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-8650925-0 download attempt (malware-other.rules) * 1:54484 <-> ENABLED <-> SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (server-webapp.rules) * 1:54495 <-> DISABLED <-> SERVER-OTHER Unitrends UEB 9 bpserverd unauthenticated remote command execution attempt (server-other.rules) * 1:54496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetSupportManager outbound connection attempt (malware-cnc.rules) * 1:54497 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules) * 1:54498 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink use-after-free attempt (browser-chrome.rules) * 1:54499 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules) * 1:545 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'CWD / ' possible warez site (indicator-compromise.rules) * 1:54500 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Maze variant outbound connection (malware-cnc.rules) * 1:54505 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules) * 1:54506 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-8798012-0 download attempt (malware-other.rules) * 1:54507 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules) * 1:54508 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-8799099-0 download attempt (malware-other.rules) * 1:54509 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules) * 1:54510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript engine memory corruption attempt (browser-ie.rules) * 1:54511 <-> ENABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules) * 1:54512 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules) * 1:54513 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules) * 1:54514 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules) * 1:54515 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows graphics component elevation of privilege attempt (file-executable.rules) * 1:54516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules) * 1:54517 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k type confusion attempt (os-windows.rules) * 1:54518 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules) * 1:54521 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules) * 1:54522 <-> DISABLED <-> OS-WINDOWS Microsoft Windows graphics component privilege escalation attempt (os-windows.rules) * 1:54523 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP Client remote code execution attempt (os-windows.rules) * 1:54524 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules) * 1:54525 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Netwire-8705642-0 download attempt (malware-other.rules) * 1:54526 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules) * 1:54527 <-> DISABLED <-> FILE-OTHER Microsoft Windows CAB file szName directory traversal attempt (file-other.rules) * 1:54528 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules) * 1:54529 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules) * 1:54530 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules) * 1:54531 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules) * 1:54532 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules) * 1:54533 <-> DISABLED <-> FILE-OTHER Microsoft Windows Address Book Contact file integer overflow attempt (file-other.rules) * 1:54534 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules) * 1:54535 <-> DISABLED <-> OS-WINDOWS Microsoft Windows null pointer dereference attempt (os-windows.rules) * 1:54536 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Netwire-8821558-0 download attempt (malware-other.rules) * 1:54537 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Netwire-8821558-0 download attempt (malware-other.rules) * 1:54554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant payload download attempt (malware-cnc.rules) * 1:54555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant payload download attempt (malware-cnc.rules) * 1:54556 <-> ENABLED <-> SERVER-WEBAPP BSA Radar local file inclusion attempt (server-webapp.rules) * 1:54558 <-> ENABLED <-> SERVER-WEBAPP Park Ticketing Management System SQL injection attempt (server-webapp.rules) * 1:54559 <-> ENABLED <-> SERVER-WEBAPP Park Ticketing Management System SQL injection attempt (server-webapp.rules) * 1:54565 <-> ENABLED <-> SERVER-WEBAPP Park Ticketing Management System SQL injection attempt (server-webapp.rules) * 1:54566 <-> ENABLED <-> SERVER-WEBAPP Park Ticketing Management System SQL injection attempt (server-webapp.rules) * 1:54567 <-> ENABLED <-> SERVER-WEBAPP Park Ticketing Management System SQL injection attempt (server-webapp.rules) * 1:54569 <-> ENABLED <-> SERVER-WEBAPP Barangay Management System SQL injection attempt (server-webapp.rules) * 1:54570 <-> ENABLED <-> SERVER-WEBAPP Barangay Management System SQL injection attempt (server-webapp.rules) * 1:54571 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver AS LM Configuration Wizard directory traversal attempt (server-webapp.rules) * 1:54572 <-> ENABLED <-> SERVER-WEBAPP SAP NetWeaver AS LM Configuration Wizard directory traversal attempt (server-webapp.rules) * 1:54573 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:54574 <-> DISABLED <-> POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (policy-other.rules) * 1:54575 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules) * 1:54576 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules) * 1:54577 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote integer overflow attempt (server-other.rules) * 1:54578 <-> DISABLED <-> SERVER-OTHER Multiple products RAR archive decompression buffer overflow attempt (server-other.rules) * 1:54583 <-> DISABLED <-> SERVER-WEBAPP Eaton Intelligent Power Manager command injection attempt (server-webapp.rules) * 1:54590 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WalletService SetGroup privilege escalation attempt (os-windows.rules) * 1:54591 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WalletService SetGroup privilege escalation attempt (os-windows.rules) * 1:54592 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WalletService SetGroup privilege escalation attempt (os-windows.rules) * 1:54593 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WalletService SetGroup privilege escalation attempt (os-windows.rules) * 1:54594 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules) * 1:54595 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-8992619-0 download attempt (malware-other.rules) * 1:54596 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules) * 1:54597 <-> DISABLED <-> SERVER-WEBAPP WordPress bbPress plugin unauthenticated privilege escalation attempt (server-webapp.rules) * 1:546 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'CWD ' possible warez site (indicator-compromise.rules) * 1:54602 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules) * 1:54603 <-> DISABLED <-> SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (server-webapp.rules) * 1:54604 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules) * 1:54605 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Dorkbot-8975168-0 download attempt (malware-other.rules) * 1:54609 <-> DISABLED <-> SERVER-OTHER Hummingbird InetD LPD buffer overflow attempt (server-other.rules) * 1:54610 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules) * 1:54611 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules) * 1:54612 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Prometei variant outbound connection (malware-cnc.rules) * 1:54613 <-> DISABLED <-> SERVER-OTHER Zoom client spoofed chat message attempt (server-other.rules) * 1:54614 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized user kick attempt (server-other.rules) * 1:54615 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized screen control attempt (server-other.rules) * 1:54616 <-> DISABLED <-> SERVER-OTHER Zoom client unauthorized conference termination attempt (server-other.rules) * 1:54617 <-> ENABLED <-> SERVER-WEBAPP GeoVision Door Access Control hidden url access attempt (server-webapp.rules) * 1:54618 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules) * 1:54619 <-> DISABLED <-> FILE-OTHER Microsoft .NET API XPS file parsing remote code execution attempt (file-other.rules) * 1:54620 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules) * 1:54621 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor stack buffer overflow attempt (file-office.rules) * 1:54622 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules) * 1:54623 <-> DISABLED <-> BROWSER-CHROME Google Chrome ReadableStream out of bounds read attempt (browser-chrome.rules) * 1:54624 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules) * 1:54625 <-> DISABLED <-> BROWSER-CHROME Google Chrome blink webaudio module use after free attempt (browser-chrome.rules) * 1:54626 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload outbound download attempt (malware-cnc.rules) * 1:54627 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules) * 1:54628 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Dridex variant payload inbound download attempt (malware-cnc.rules) * 1:54629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules) * 1:54630 <-> DISABLED <-> PROTOCOL-DNS BIND DNS server TSIG denial of service attempt (protocol-dns.rules) * 1:54631 <-> ENABLED <-> MALWARE-OTHER Vbs.Trojan.Dridex phishing email attempt (malware-other.rules) * 1:54632 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9093595-0 download attempt (malware-other.rules) * 1:54633 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9093595-0 download attempt (malware-other.rules) * 1:54634 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9102183-0 download attempt (malware-other.rules) * 1:54635 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9102183-0 download attempt (malware-other.rules) * 1:54636 <-> DISABLED <-> SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt (server-webapp.rules) * 1:54637 <-> DISABLED <-> SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt (server-webapp.rules) * 1:54640 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hackbit malicious executable download attempt (malware-other.rules) * 1:54641 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hackbit malicious dropper download attempt (malware-other.rules) * 1:54642 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hackbit malicious dropper download attempt (malware-other.rules) * 1:54643 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hackbit malicious executable download attempt (malware-other.rules) * 1:54644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hackbit outbound ftp connection attempt (malware-cnc.rules) * 1:54649 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:54650 <-> DISABLED <-> SERVER-WEBAPP Apache Kylin REST API migrate command injection attempt (server-webapp.rules) * 1:54651 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9025522-0 download attempt (malware-other.rules) * 1:54652 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9025522-0 download attempt (malware-other.rules) * 1:54653 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-9107742-0 download attempt (malware-other.rules) * 1:54654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-9107742-0 download attempt (malware-other.rules) * 1:54657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9128889-0 download attempt (malware-other.rules) * 1:54658 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9128889-0 download attempt (malware-other.rules) * 1:54659 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9127509-0 download attempt (malware-other.rules) * 1:54660 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9127509-0 download attempt (malware-other.rules) * 1:54661 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9130272-0 download attempt (malware-other.rules) * 1:54662 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9130272-0 download attempt (malware-other.rules) * 1:54663 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9130422-0 download attempt (malware-other.rules) * 1:54664 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9130422-0 download attempt (malware-other.rules) * 1:54665 <-> DISABLED <-> BROWSER-WEBKIT WebKit JIT compiler common subexpression elimination out of bounds access attempt (browser-webkit.rules) * 1:54666 <-> DISABLED <-> BROWSER-WEBKIT WebKit JIT compiler common subexpression elimination out of bounds access attempt (browser-webkit.rules) * 1:54669 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:54670 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE project list disclosure attempt (server-webapp.rules) * 1:54671 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE project information disclosure attempt (server-webapp.rules) * 1:54672 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote code execution attempt (server-webapp.rules) * 1:54673 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project backup download attempt (server-webapp.rules) * 1:54674 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project copy attempt (server-webapp.rules) * 1:54675 <-> DISABLED <-> SERVER-WEBAPP Rockwell FactoryTalk View SE remote project back directory traversal attempt (server-webapp.rules) * 1:54676 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9153999-0 download attempt (malware-other.rules) * 1:54677 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9153999-0 download attempt (malware-other.rules) * 1:54678 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9204933-0 download attempt (malware-other.rules) * 1:54679 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9204933-0 download attempt (malware-other.rules) * 1:54684 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules) * 1:54685 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WastedLocker binary download attempt (malware-other.rules) * 1:54686 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WastedLocker binary download attempt (malware-other.rules) * 1:54687 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WastedLocker binary download attempt (malware-other.rules) * 1:54688 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WastedLocker binary download attempt (malware-other.rules) * 1:54689 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WastedLocker binary download attempt (malware-other.rules) * 1:54690 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WastedLocker binary download attempt (malware-other.rules) * 1:54691 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WastedLocker binary download attempt (malware-other.rules) * 1:54692 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.WastedLocker binary download attempt (malware-other.rules) * 1:54693 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Ursnif malicious outbound connection attempt - gravity generated detection (malware-other.rules) * 1:547 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD ' possible warez site (indicator-compromise.rules) * 1:54703 <-> ENABLED <-> MALWARE-CNC Unix.Malware.QSnatch infected QNAP device outbound communication attempt (malware-cnc.rules) * 1:54704 <-> DISABLED <-> SERVER-OTHER Sage SalesLogix database credential disclosure attempt (server-other.rules) * 1:54705 <-> DISABLED <-> PROTOCOL-DNS Treck TCP/IP stack CNAME record heap overflow attempt (protocol-dns.rules) * 1:54706 <-> DISABLED <-> PROTOCOL-DNS Treck TCP/IP stack CNAME record heap overflow attempt (protocol-dns.rules) * 1:54707 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agentb-9219640-0 download attempt (malware-other.rules) * 1:54708 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Agentb-9219640-0 download attempt (malware-other.rules) * 1:54709 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9219867-0 download attempt (malware-other.rules) * 1:54710 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9219867-0 download attempt (malware-other.rules) * 1:54711 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9220292-0 download attempt (malware-other.rules) * 1:54712 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9220292-0 download attempt (malware-other.rules) * 1:54713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9220295-0 download attempt (malware-other.rules) * 1:54714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9220295-0 download attempt (malware-other.rules) * 1:54715 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9220296-0 download attempt (malware-other.rules) * 1:54716 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9220296-0 download attempt (malware-other.rules) * 1:54717 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9220863-0 download attempt (malware-other.rules) * 1:54718 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9220863-0 download attempt (malware-other.rules) * 1:54719 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9222527-0 download attempt (malware-other.rules) * 1:54720 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9222527-0 download attempt (malware-other.rules) * 1:54721 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Banload-9221778-0 download attempt (malware-other.rules) * 1:54722 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Banload-9221778-0 download attempt (malware-other.rules) * 1:54723 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Banload-9221789-0 download attempt (malware-other.rules) * 1:54724 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Banload-9221789-0 download attempt (malware-other.rules) * 1:54725 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.SpyEye-9225535-0 download attempt (malware-other.rules) * 1:54726 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.SpyEye-9225535-0 download attempt (malware-other.rules) * 1:54727 <-> DISABLED <-> SERVER-WEBAPP ZoomOpener remote code execution attempt (server-webapp.rules) * 1:54728 <-> DISABLED <-> SERVER-WEBAPP ZoomOpener remote code execution attempt (server-webapp.rules) * 1:54733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD kernel driver privilege escalation attempt (os-windows.rules) * 1:54734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows AFD kernel driver privilege escalation attempt (os-windows.rules) * 1:54735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS Resolver local privilege escalation attempt (os-windows.rules) * 1:54736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS Resolver local privilege escalation attempt (os-windows.rules) * 1:54737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:54738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:54739 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54740 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54741 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:54742 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:54743 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54744 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:54745 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules) * 1:54746 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI elevation of privilege attempt (os-windows.rules) * 1:54747 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nephilim variant binary download attempt (malware-other.rules) * 1:54748 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nephilim variant binary download attempt (malware-other.rules) * 1:54749 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nephilim variant binary download attempt (malware-other.rules) * 1:54750 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nephilim variant binary download attempt (malware-other.rules) * 1:54751 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nephilim variant binary download attempt (malware-other.rules) * 1:54752 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nephilim variant binary download attempt (malware-other.rules) * 1:54753 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:54754 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel information disclosure attempt (os-windows.rules) * 1:54755 <-> ENABLED <-> SERVER-ORACLE Oracle Weblogic T3 remote code execution attempt (server-oracle.rules) * 1:54756 <-> DISABLED <-> FILE-OTHER Grub malicious grub.cfg download attempt (file-other.rules) * 1:54757 <-> DISABLED <-> FILE-OTHER Grub malicious grub.cfg download attempt (file-other.rules) * 1:54758 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9216554-0 download attempt (malware-other.rules) * 1:54759 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9216554-0 download attempt (malware-other.rules) * 1:54760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9242514-0 download attempt (malware-other.rules) * 1:54761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9242514-0 download attempt (malware-other.rules) * 1:54765 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCPIP kernel driver use-after-free attempt (os-windows.rules) * 1:54766 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCPIP kernel driver use-after-free attempt (os-windows.rules) * 1:54767 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:54768 <-> ENABLED <-> SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (server-webapp.rules) * 1:54769 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9253782-0 download attempt (malware-other.rules) * 1:54770 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9253782-0 download attempt (malware-other.rules) * 1:54771 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9255803-0 download attempt (malware-other.rules) * 1:54772 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9255803-0 download attempt (malware-other.rules) * 1:54773 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS URL reflected cross site scripting attempt (server-webapp.rules) * 1:54774 <-> DISABLED <-> SERVER-WEBAPP TerraMaster NAS URL reflected cross site scripting attempt (server-webapp.rules) * 1:54775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Johnnie-9294701-0 download attempt (malware-other.rules) * 1:54776 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Johnnie-9294701-0 download attempt (malware-other.rules) * 1:54777 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9294966-0 download attempt (malware-other.rules) * 1:54778 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9294966-0 download attempt (malware-other.rules) * 1:54779 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Ircbot-9310443-0 download attempt (malware-other.rules) * 1:54780 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Ircbot-9310443-0 download attempt (malware-other.rules) * 1:54781 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9315513-0 download attempt (malware-other.rules) * 1:54782 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9315513-0 download attempt (malware-other.rules) * 1:54783 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-9351552-0 download attempt (malware-other.rules) * 1:54784 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursnif-9351552-0 download attempt (malware-other.rules) * 1:54785 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sodinokibi-9367751-0 download attempt (malware-other.rules) * 1:54786 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sodinokibi-9367751-0 download attempt (malware-other.rules) * 1:54787 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Malware Protection Engine denial-of-service attempt (file-executable.rules) * 1:54788 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Malware Protection Engine denial-of-service attempt (file-executable.rules) * 1:54789 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules) * 1:54790 <-> DISABLED <-> SERVER-WEBAPP Microsoft Windows .NET API XML unsafe deserialization attempt (server-webapp.rules) * 1:54791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kovter variant payload download attempt (malware-other.rules) * 1:54792 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Kovter variant payload download attempt (malware-other.rules) * 1:54793 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Drovorub cnc inbound connection attempt (malware-cnc.rules) * 1:54794 <-> ENABLED <-> SERVER-WEBAPP Zeroshell Linux Router command injection attempt (server-webapp.rules) * 1:54795 <-> ENABLED <-> SERVER-WEBAPP Zeroshell Linux Router command injection attempt (server-webapp.rules) * 1:54796 <-> ENABLED <-> SERVER-WEBAPP Zeroshell Linux Router command injection attempt (server-webapp.rules) * 1:54797 <-> ENABLED <-> SERVER-WEBAPP Zeroshell Linux Router command injection attempt (server-webapp.rules) * 1:548 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD .' possible warez site (indicator-compromise.rules) * 1:54801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:54802 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Poison-9371279-0 download attempt (malware-other.rules) * 1:54803 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Poison-9371279-0 download attempt (malware-other.rules) * 1:54804 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Emotet-9371545-0 download attempt (malware-other.rules) * 1:54805 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Emotet-9371545-0 download attempt (malware-other.rules) * 1:54806 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9371729-0 download attempt (malware-other.rules) * 1:54807 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9371729-0 download attempt (malware-other.rules) * 1:54808 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9371733-0 download attempt (malware-other.rules) * 1:54809 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9371733-0 download attempt (malware-other.rules) * 1:54810 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fdld-9371797-0 download attempt (malware-other.rules) * 1:54811 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fdld-9371797-0 download attempt (malware-other.rules) * 1:54812 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9372655-0 download attempt (malware-other.rules) * 1:54813 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9372655-0 download attempt (malware-other.rules) * 1:54814 <-> DISABLED <-> SERVER-WEBAPP WordPress TinyMCE Thumbnail Gallery plugin directory traversal attempt (server-webapp.rules) * 1:54815 <-> DISABLED <-> SERVER-WEBAPP WordPress TinyMCE Thumbnail Gallery plugin directory traversal attempt (server-webapp.rules) * 1:54816 <-> DISABLED <-> SERVER-WEBAPP WordPress TinyMCE Thumbnail Gallery plugin directory traversal attempt (server-webapp.rules) * 1:54817 <-> DISABLED <-> OS-WINDOWS Windows Print Spooler elevation of privilege attempt (os-windows.rules) * 1:54818 <-> DISABLED <-> OS-WINDOWS Windows Print Spooler elevation of privilege attempt (os-windows.rules) * 1:54819 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:54820 <-> DISABLED <-> OS-WINDOWS Windows print spooler elevation of privilege attempt (os-windows.rules) * 1:54821 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9390803-0 download attempt (malware-other.rules) * 1:54822 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9390803-0 download attempt (malware-other.rules) * 1:54823 <-> ENABLED <-> MALWARE-OTHER Doc.Downloader.LokiBot variant payload download attempt (malware-other.rules) * 1:54824 <-> DISABLED <-> SERVER-WEBAPP Intellian Aptus Web arbitrary command execution attempt (server-webapp.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54827 <-> ENABLED <-> MALWARE-TOOLS dnscat dns tunneling detected (malware-tools.rules) * 1:54828 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RDAT EWS cnc outbound communication (malware-cnc.rules) * 1:54833 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules) * 1:54834 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9396574-0 download attempt (malware-other.rules) * 1:54835 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9396574-0 download attempt (malware-other.rules) * 1:54836 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules) * 1:54837 <-> DISABLED <-> MALWARE-OTHER Unix.Trojan.Gafgyt-9403217-0 download attempt (malware-other.rules) * 1:54838 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules) * 1:54839 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Vundo-9406789-0 download attempt (malware-other.rules) * 1:54840 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules) * 1:54841 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9406344-0 download attempt (malware-other.rules) * 1:54842 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules) * 1:54843 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeus-9415830-0 download attempt (malware-other.rules) * 1:54844 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules) * 1:54845 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427196-0 download attempt (malware-other.rules) * 1:54846 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules) * 1:54847 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Atraps-9427203-0 download attempt (malware-other.rules) * 1:54848 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules) * 1:54849 <-> DISABLED <-> MALWARE-OTHER Unix.Malware.Mrblack-9428384-0 download attempt (malware-other.rules) * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules) * 1:54850 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules) * 1:54851 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446016-0 download attempt (malware-other.rules) * 1:54852 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules) * 1:54853 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9446018-0 download attempt (malware-other.rules) * 1:54854 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules) * 1:54855 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Nebuler-9446495-0 download attempt (malware-other.rules) * 1:54856 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules) * 1:54857 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9446722-0 download attempt (malware-other.rules) * 1:54858 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules) * 1:54859 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9454056-0 download attempt (malware-other.rules) * 1:54860 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules) * 1:54861 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.QQpass-9455117-0 download attempt (malware-other.rules) * 1:54862 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules) * 1:54863 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467540-0 download attempt (malware-other.rules) * 1:54864 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules) * 1:54865 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9467542-0 download attempt (malware-other.rules) * 1:54868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9480629-0 download attempt (malware-other.rules) * 1:54869 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9480629-0 download attempt (malware-other.rules) * 1:54870 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Procpatcher-9481109-0 download attempt (malware-other.rules) * 1:54871 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Procpatcher-9481109-0 download attempt (malware-other.rules) * 1:54872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9497741-0 download attempt (malware-other.rules) * 1:54873 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9497741-0 download attempt (malware-other.rules) * 1:54874 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-9497863-0 download attempt (malware-other.rules) * 1:54875 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-9497863-0 download attempt (malware-other.rules) * 1:54876 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Spora-9525060-0 download attempt (malware-other.rules) * 1:54877 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Spora-9525060-0 download attempt (malware-other.rules) * 1:54878 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9525066-0 download attempt (malware-other.rules) * 1:54879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9525066-0 download attempt (malware-other.rules) * 1:54880 <-> ENABLED <-> MALWARE-CNC Win.Malware.Duri variant payload download attempt (malware-cnc.rules) * 1:54881 <-> DISABLED <-> MALWARE-OTHER Js.Dropper.Duri variant inbound payload drop attempt (malware-other.rules) * 1:54882 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Duri inbound payload download attempt (malware-other.rules) * 1:54883 <-> DISABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload drop attempt (malware-other.rules) * 1:54884 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Duri inbound payload download attempt (malware-other.rules) * 1:54885 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.GoldenSpy download attempt (indicator-compromise.rules) * 1:54886 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.GoldenSpy download attempt (indicator-compromise.rules) * 1:54887 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.GoldenSpy download attempt (indicator-compromise.rules) * 1:54888 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.GoldenSpy download attempt (indicator-compromise.rules) * 1:54889 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.GoldenSpy download attempt (indicator-compromise.rules) * 1:54890 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.GoldenSpy download attempt (indicator-compromise.rules) * 1:54891 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GoldenSpy variant outbound beaconing attempt (malware-cnc.rules) * 1:54892 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GoldenSpy variant outbound beaconing attempt (malware-cnc.rules) * 1:54893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GoldenSpy variant outbound beaconing attempt (malware-cnc.rules) * 1:54897 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Perlbot script variant download attempt (malware-other.rules) * 1:54898 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Perlbot script variant download attempt (malware-other.rules) * 1:54900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9527878-0 download attempt (malware-other.rules) * 1:54901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9527878-0 download attempt (malware-other.rules) * 1:54903 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP Framework remote code execution attempt (server-webapp.rules) * 1:54904 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54907 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54908 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious file download attempt (malware-other.rules) * 1:54909 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dridex malicious executable download attempt (malware-other.rules) * 1:54910 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54911 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54912 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54913 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54914 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54915 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54916 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54917 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.LockBit ransomware download attempt (malware-other.rules) * 1:54918 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54919 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k local privilege escalation attempt (os-windows.rules) * 1:54920 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54921 <-> ENABLED <-> MALWARE-TOOLS Win.Packer.Salfram packed executable download attempt (malware-tools.rules) * 1:54924 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9620982-0 download attempt (malware-other.rules) * 1:54925 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9620982-0 download attempt (malware-other.rules) * 1:54926 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Vobfus-9622213-0 download attempt (malware-other.rules) * 1:54927 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Vobfus-9622213-0 download attempt (malware-other.rules) * 1:54928 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9622173-0 download attempt (malware-other.rules) * 1:54929 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9622173-0 download attempt (malware-other.rules) * 1:54930 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9622177-0 download attempt (malware-other.rules) * 1:54931 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9622177-0 download attempt (malware-other.rules) * 1:54932 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9622157-0 download attempt (malware-other.rules) * 1:54933 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9622157-0 download attempt (malware-other.rules) * 1:54934 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Wapomi-9623880-0 download attempt (malware-other.rules) * 1:54935 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Wapomi-9623880-0 download attempt (malware-other.rules) * 1:54936 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9623918-0 download attempt (malware-other.rules) * 1:54937 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9623918-0 download attempt (malware-other.rules) * 1:54938 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9624350-0 download attempt (malware-other.rules) * 1:54939 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9624350-0 download attempt (malware-other.rules) * 1:54940 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9624358-0 download attempt (malware-other.rules) * 1:54941 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9624358-0 download attempt (malware-other.rules) * 1:54942 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9624093-0 download attempt (malware-other.rules) * 1:54943 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9624093-0 download attempt (malware-other.rules) * 1:54944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9624674-0 download attempt (malware-other.rules) * 1:54945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9624674-0 download attempt (malware-other.rules) * 1:54946 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9626237-0 download attempt (malware-other.rules) * 1:54947 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9626237-0 download attempt (malware-other.rules) * 1:54948 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9625450-0 download attempt (malware-other.rules) * 1:54949 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9625450-0 download attempt (malware-other.rules) * 1:54950 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ipamor-9625955-0 download attempt (malware-other.rules) * 1:54951 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ipamor-9625955-0 download attempt (malware-other.rules) * 1:54952 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9625456-0 download attempt (malware-other.rules) * 1:54953 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9625456-0 download attempt (malware-other.rules) * 1:54954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9625465-0 download attempt (malware-other.rules) * 1:54955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9625465-0 download attempt (malware-other.rules) * 1:54956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9625603-0 download attempt (malware-other.rules) * 1:54957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9625603-0 download attempt (malware-other.rules) * 1:54958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9625604-0 download attempt (malware-other.rules) * 1:54959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9625604-0 download attempt (malware-other.rules) * 1:54960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9626207-0 download attempt (malware-other.rules) * 1:54961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9626207-0 download attempt (malware-other.rules) * 1:54962 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9626227-0 download attempt (malware-other.rules) * 1:54963 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9626227-0 download attempt (malware-other.rules) * 1:54964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Egkk-9627862-0 download attempt (malware-other.rules) * 1:54965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Egkk-9627862-0 download attempt (malware-other.rules) * 1:54966 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9628660-0 download attempt (malware-other.rules) * 1:54967 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9628660-0 download attempt (malware-other.rules) * 1:54968 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zegost-9629018-0 download attempt (malware-other.rules) * 1:54969 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zegost-9629018-0 download attempt (malware-other.rules) * 1:54970 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9628903-0 download attempt (malware-other.rules) * 1:54971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9628903-0 download attempt (malware-other.rules) * 1:54972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9628909-0 download attempt (malware-other.rules) * 1:54973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9628909-0 download attempt (malware-other.rules) * 1:54974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9628915-0 download attempt (malware-other.rules) * 1:54975 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9628915-0 download attempt (malware-other.rules) * 1:54976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9629621-0 download attempt (malware-other.rules) * 1:54977 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9629621-0 download attempt (malware-other.rules) * 1:54978 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9629623-0 download attempt (malware-other.rules) * 1:54979 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9629623-0 download attempt (malware-other.rules) * 1:54980 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Virlock-9629641-0 download attempt (malware-other.rules) * 1:54981 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Virlock-9629641-0 download attempt (malware-other.rules) * 1:54982 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Razy-9629407-0 download attempt (malware-other.rules) * 1:54983 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Razy-9629407-0 download attempt (malware-other.rules) * 1:54984 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Virlock-9629553-0 download attempt (malware-other.rules) * 1:54985 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Virlock-9629553-0 download attempt (malware-other.rules) * 1:54986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9630071-0 download attempt (malware-other.rules) * 1:54987 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9630071-0 download attempt (malware-other.rules) * 1:54988 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9631864-0 download attempt (malware-other.rules) * 1:54989 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9631864-0 download attempt (malware-other.rules) * 1:54990 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9631318-0 download attempt (malware-other.rules) * 1:54991 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9631318-0 download attempt (malware-other.rules) * 1:54992 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9631863-0 download attempt (malware-other.rules) * 1:54993 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9631863-0 download attempt (malware-other.rules) * 1:54994 <-> DISABLED <-> SERVER-WEBAPP TeamViewer custom URL protocol handler SMB connection attempt (server-webapp.rules) * 1:54995 <-> DISABLED <-> SERVER-WEBAPP TeamViewer custom URL protocol handler SMB connection attempt (server-webapp.rules) * 1:54996 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9632958-0 download attempt (malware-other.rules) * 1:54997 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9632958-0 download attempt (malware-other.rules) * 1:54998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9632943-0 download attempt (malware-other.rules) * 1:54999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9632943-0 download attempt (malware-other.rules) * 1:55000 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Delf-9632869-0 download attempt (malware-other.rules) * 1:55001 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Delf-9632869-0 download attempt (malware-other.rules) * 1:55002 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Trickbot-9633223-0 download attempt (malware-other.rules) * 1:55003 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Trickbot-9633223-0 download attempt (malware-other.rules) * 1:55004 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Trickbot-9633236-0 download attempt (malware-other.rules) * 1:55005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Trickbot-9633236-0 download attempt (malware-other.rules) * 1:55006 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9633079-0 download attempt (malware-other.rules) * 1:55007 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9633079-0 download attempt (malware-other.rules) * 1:55008 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Cynic-9634045-0 download attempt (malware-other.rules) * 1:55009 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Cynic-9634045-0 download attempt (malware-other.rules) * 1:55010 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9634189-0 download attempt (malware-other.rules) * 1:55011 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9634189-0 download attempt (malware-other.rules) * 1:55012 <-> DISABLED <-> BROWSER-WEBKIT WebKit AudioArray allocate out of bounds access attempt (browser-webkit.rules) * 1:55013 <-> DISABLED <-> BROWSER-WEBKIT WebKit AudioArray allocate out of bounds access attempt (browser-webkit.rules) * 1:55014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9634380-0 download attempt (malware-other.rules) * 1:55015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9634380-0 download attempt (malware-other.rules) * 1:55019 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9635731-0 download attempt (malware-other.rules) * 1:55020 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9635731-0 download attempt (malware-other.rules) * 1:55021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9635944-0 download attempt (malware-other.rules) * 1:55022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9635944-0 download attempt (malware-other.rules) * 1:55023 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9635959-0 download attempt (malware-other.rules) * 1:55024 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9635959-0 download attempt (malware-other.rules) * 1:55025 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Multibanker-9635794-0 download attempt (malware-other.rules) * 1:55026 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Multibanker-9635794-0 download attempt (malware-other.rules) * 1:55027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9636020-0 download attempt (malware-other.rules) * 1:55028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9636020-0 download attempt (malware-other.rules) * 1:55029 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9636401-0 download attempt (malware-other.rules) * 1:55030 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9636401-0 download attempt (malware-other.rules) * 1:55031 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9637278-0 download attempt (malware-other.rules) * 1:55032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9637278-0 download attempt (malware-other.rules) * 1:55033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ipamor-9637309-0 download attempt (malware-other.rules) * 1:55034 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ipamor-9637309-0 download attempt (malware-other.rules) * 1:55038 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9637493-0 download attempt (malware-other.rules) * 1:55040 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55041 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9638383-0 download attempt (malware-other.rules) * 1:55042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638741-0 download attempt (malware-other.rules) * 1:55044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55045 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9638751-0 download attempt (malware-other.rules) * 1:55046 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55047 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638414-0 download attempt (malware-other.rules) * 1:55048 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55049 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Genpack-9638419-0 download attempt (malware-other.rules) * 1:55050 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55051 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9638614-0 download attempt (malware-other.rules) * 1:55052 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55053 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9639796-0 download attempt (malware-other.rules) * 1:55054 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9641287-0 download attempt (malware-other.rules) * 1:55056 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55057 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9640596-0 download attempt (malware-other.rules) * 1:55058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55059 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9642391-0 download attempt (malware-other.rules) * 1:55060 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55061 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Sytro-9644119-0 download attempt (malware-other.rules) * 1:55062 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55063 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644504-0 download attempt (malware-other.rules) * 1:55064 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55065 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9644516-0 download attempt (malware-other.rules) * 1:55066 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9644138-0 download attempt (malware-other.rules) * 1:55068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55069 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9644345-0 download attempt (malware-other.rules) * 1:55070 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55071 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645230-0 download attempt (malware-other.rules) * 1:55072 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55073 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Zusy-9645231-0 download attempt (malware-other.rules) * 1:55074 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55075 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645233-0 download attempt (malware-other.rules) * 1:55076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645326-0 download attempt (malware-other.rules) * 1:55078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dropperx-9645502-0 download attempt (malware-other.rules) * 1:55080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55081 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645329-0 download attempt (malware-other.rules) * 1:55082 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55083 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645330-0 download attempt (malware-other.rules) * 1:55084 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55085 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9645384-0 download attempt (malware-other.rules) * 1:55086 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55087 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bqrf-9645595-0 download attempt (malware-other.rules) * 1:55088 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55089 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9645450-0 download attempt (malware-other.rules) * 1:55090 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55091 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Mikey-9645700-0 download attempt (malware-other.rules) * 1:55092 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55093 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9645872-0 download attempt (malware-other.rules) * 1:55094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9646220-0 download attempt (malware-other.rules) * 1:55096 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55097 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Kuaizip-9646234-0 download attempt (malware-other.rules) * 1:55098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55099 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9649168-0 download attempt (malware-other.rules) * 1:55100 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55101 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9651402-0 download attempt (malware-other.rules) * 1:55102 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55103 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9652317-0 download attempt (malware-other.rules) * 1:55104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651428-0 download attempt (malware-other.rules) * 1:55106 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55107 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9651455-0 download attempt (malware-other.rules) * 1:55108 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55109 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9652796-0 download attempt (malware-other.rules) * 1:55110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Blackmoon-9653251-0 download attempt (malware-other.rules) * 1:55112 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55113 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9653263-0 download attempt (malware-other.rules) * 1:55114 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55115 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9653265-0 download attempt (malware-other.rules) * 1:55116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzf-9653274-0 download attempt (malware-other.rules) * 1:55118 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55119 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Azzo-9653275-0 download attempt (malware-other.rules) * 1:55120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9653298-0 download attempt (malware-other.rules) * 1:55122 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55123 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter-9654223-0 download attempt (malware-other.rules) * 1:55124 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55125 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9653715-0 download attempt (malware-other.rules) * 1:55126 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55127 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerspider-9654501-0 download attempt (malware-other.rules) * 1:55128 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55129 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9654608-0 download attempt (malware-other.rules) * 1:55130 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55131 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9654634-0 download attempt (malware-other.rules) * 1:55132 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55133 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655576-0 download attempt (malware-other.rules) * 1:55134 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55135 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9655589-0 download attempt (malware-other.rules) * 1:55136 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55137 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Urelas-9655843-0 download attempt (malware-other.rules) * 1:55138 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pioneer outbound communication attempt (malware-cnc.rules) * 1:55139 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55140 <-> DISABLED <-> SERVER-OTHER Microsoft Windows Active Directory information disclosure attempt (server-other.rules) * 1:55141 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55142 <-> DISABLED <-> FILE-OTHER Microsoft Windows CLFS Driver elevation of privilege attempt (file-other.rules) * 1:55143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k kernel driver use after free attempt (os-windows.rules) * 1:55145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver local privilege escalation attempt (os-windows.rules) * 1:55147 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55148 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Burden-9681817-0 download attempt (malware-other.rules) * 1:55149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9681016-0 download attempt (malware-other.rules) * 1:55151 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55152 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683280-0 download attempt (malware-other.rules) * 1:55153 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55154 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9683289-0 download attempt (malware-other.rules) * 1:55155 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55156 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9683300-0 download attempt (malware-other.rules) * 1:55157 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55158 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9684939-0 download attempt (malware-other.rules) * 1:55159 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55160 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9684412-0 download attempt (malware-other.rules) * 1:55161 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55162 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel DirectComposition use after free attempt (os-windows.rules) * 1:55163 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55164 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9732721-0 download attempt (malware-other.rules) * 1:55165 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55166 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9732633-0 download attempt (malware-other.rules) * 1:55167 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55168 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732988-0 download attempt (malware-other.rules) * 1:55169 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upantix-9732991-0 download attempt (malware-other.rules) * 1:55171 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55172 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733007-0 download attempt (malware-other.rules) * 1:55173 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55174 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9733010-0 download attempt (malware-other.rules) * 1:55175 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55176 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733145-0 download attempt (malware-other.rules) * 1:55177 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55178 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9733191-0 download attempt (malware-other.rules) * 1:55179 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55180 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9733244-0 download attempt (malware-other.rules) * 1:55181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9733416-0 download attempt (malware-other.rules) * 1:55183 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55184 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Trustezeb-9733534-0 download attempt (malware-other.rules) * 1:55185 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55186 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733639-0 download attempt (malware-other.rules) * 1:55187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55188 <-> DISABLED <-> OS-WINDOWS Microsoft Windows kernel driver escalation of privilege attempt (os-windows.rules) * 1:55189 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55190 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9733671-0 download attempt (malware-other.rules) * 1:55191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Midie-9733689-0 download attempt (malware-other.rules) * 1:55193 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55194 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733669-0 download attempt (malware-other.rules) * 1:55195 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55196 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9733685-0 download attempt (malware-other.rules) * 1:55197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDIS.SYS driver buffer overflow attempt (os-windows.rules) * 1:55199 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55200 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Delf-9733756-0 download attempt (malware-other.rules) * 1:55201 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55202 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9733739-0 download attempt (malware-other.rules) * 1:55203 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55204 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.SoreFang malicious executable download attempt (malware-other.rules) * 1:55205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoreFang initial outbound connection attempt (malware-cnc.rules) * 1:55206 <-> ENABLED <-> SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt (server-other.rules) * 1:55207 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55208 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP invalid chunk size attempt (server-other.rules) * 1:55209 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55210 <-> DISABLED <-> SERVER-OTHER Intel AMT HTTP negative content-length attempt (server-other.rules) * 1:55211 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9734874-0 download attempt (malware-other.rules) * 1:55212 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9734874-0 download attempt (malware-other.rules) * 1:55213 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Midie-9739435-0 download attempt (malware-other.rules) * 1:55214 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Midie-9739435-0 download attempt (malware-other.rules) * 1:55215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Delf-9739875-0 download attempt (malware-other.rules) * 1:55216 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Delf-9739875-0 download attempt (malware-other.rules) * 1:55217 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9740021-0 download attempt (malware-other.rules) * 1:55218 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9740021-0 download attempt (malware-other.rules) * 1:55219 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9741251-0 download attempt (malware-other.rules) * 1:55220 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9741251-0 download attempt (malware-other.rules) * 1:55221 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Virlock-9743340-0 download attempt (malware-other.rules) * 1:55222 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Virlock-9743340-0 download attempt (malware-other.rules) * 1:55223 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Darkside binary download attempt (malware-other.rules) * 1:55224 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Darkside binary download attempt (malware-other.rules) * 1:55225 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Wapomi-9751900-0 download attempt (malware-other.rules) * 1:55226 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Wapomi-9751900-0 download attempt (malware-other.rules) * 1:55227 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Hiddentear-9752356-0 download attempt (malware-other.rules) * 1:55228 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Hiddentear-9752356-0 download attempt (malware-other.rules) * 1:55229 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9752404-0 download attempt (malware-other.rules) * 1:55230 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9752404-0 download attempt (malware-other.rules) * 1:55231 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9752406-0 download attempt (malware-other.rules) * 1:55232 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9752406-0 download attempt (malware-other.rules) * 1:55233 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9752335-0 download attempt (malware-other.rules) * 1:55234 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9752335-0 download attempt (malware-other.rules) * 1:55235 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Xetapp-9752373-0 download attempt (malware-other.rules) * 1:55236 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Xetapp-9752373-0 download attempt (malware-other.rules) * 1:55237 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ursu-9752377-0 download attempt (malware-other.rules) * 1:55238 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ursu-9752377-0 download attempt (malware-other.rules) * 1:55239 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9752450-0 download attempt (malware-other.rules) * 1:55240 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fugrafa-9752450-0 download attempt (malware-other.rules) * 1:55241 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Malwarex-9752454-0 download attempt (malware-other.rules) * 1:55242 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Malwarex-9752454-0 download attempt (malware-other.rules) * 1:55243 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Elzob-9752485-0 download attempt (malware-other.rules) * 1:55244 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Elzob-9752485-0 download attempt (malware-other.rules) * 1:55245 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Awdfvxk-9752552-0 download attempt (malware-other.rules) * 1:55246 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Awdfvxk-9752552-0 download attempt (malware-other.rules) * 1:55247 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Trojanx-9752983-0 download attempt (malware-other.rules) * 1:55248 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Trojanx-9752983-0 download attempt (malware-other.rules) * 1:55249 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9752957-0 download attempt (malware-other.rules) * 1:55250 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9752957-0 download attempt (malware-other.rules) * 1:55251 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9752577-0 download attempt (malware-other.rules) * 1:55252 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9752577-0 download attempt (malware-other.rules) * 1:55253 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Emotet-9753016-0 download attempt (malware-other.rules) * 1:55254 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Emotet-9753016-0 download attempt (malware-other.rules) * 1:55255 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Linkury-9752549-0 download attempt (malware-other.rules) * 1:55256 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Linkury-9752549-0 download attempt (malware-other.rules) * 1:55257 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Xga5jam-9753060-0 download attempt (malware-other.rules) * 1:55258 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Xga5jam-9753060-0 download attempt (malware-other.rules) * 1:55259 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9753243-0 download attempt (malware-other.rules) * 1:55260 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9753243-0 download attempt (malware-other.rules) * 1:55261 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9753337-0 download attempt (malware-other.rules) * 1:55262 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9753337-0 download attempt (malware-other.rules) * 1:55263 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9753116-0 download attempt (malware-other.rules) * 1:55264 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9753116-0 download attempt (malware-other.rules) * 1:55265 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Reveton-9753409-0 download attempt (malware-other.rules) * 1:55266 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Reveton-9753409-0 download attempt (malware-other.rules) * 1:55267 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Softcnapp-9753177-0 download attempt (malware-other.rules) * 1:55268 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Softcnapp-9753177-0 download attempt (malware-other.rules) * 1:55269 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fakesysdef-9753248-0 download attempt (malware-other.rules) * 1:55270 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fakesysdef-9753248-0 download attempt (malware-other.rules) * 1:55271 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Softcnapp-9753183-0 download attempt (malware-other.rules) * 1:55272 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Softcnapp-9753183-0 download attempt (malware-other.rules) * 1:55273 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Hlux-9753302-0 download attempt (malware-other.rules) * 1:55274 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Hlux-9753302-0 download attempt (malware-other.rules) * 1:55275 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9753125-0 download attempt (malware-other.rules) * 1:55276 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9753125-0 download attempt (malware-other.rules) * 1:55277 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9753155-0 download attempt (malware-other.rules) * 1:55278 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9753155-0 download attempt (malware-other.rules) * 1:55279 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Karagany-9753308-0 download attempt (malware-other.rules) * 1:55280 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Karagany-9753308-0 download attempt (malware-other.rules) * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:55282 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules) * 1:55283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bublik-9753310-0 download attempt (malware-other.rules) * 1:55284 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bublik-9753310-0 download attempt (malware-other.rules) * 1:55285 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9753315-0 download attempt (malware-other.rules) * 1:55286 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9753315-0 download attempt (malware-other.rules) * 1:55287 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753095-0 download attempt (malware-other.rules) * 1:55288 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753095-0 download attempt (malware-other.rules) * 1:55289 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753096-0 download attempt (malware-other.rules) * 1:55290 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753096-0 download attempt (malware-other.rules) * 1:55291 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bublik-9753317-0 download attempt (malware-other.rules) * 1:55292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bublik-9753317-0 download attempt (malware-other.rules) * 1:55293 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bublik-9753312-0 download attempt (malware-other.rules) * 1:55294 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bublik-9753312-0 download attempt (malware-other.rules) * 1:55295 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753099-0 download attempt (malware-other.rules) * 1:55296 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753099-0 download attempt (malware-other.rules) * 1:55297 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753100-0 download attempt (malware-other.rules) * 1:55298 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753100-0 download attempt (malware-other.rules) * 1:55299 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753102-0 download attempt (malware-other.rules) * 1:553 <-> DISABLED <-> POLICY-OTHER FTP anonymous login attempt (policy-other.rules) * 1:55300 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753102-0 download attempt (malware-other.rules) * 1:55301 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9753197-0 download attempt (malware-other.rules) * 1:55302 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Razy-9753197-0 download attempt (malware-other.rules) * 1:55303 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753103-0 download attempt (malware-other.rules) * 1:55304 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Razy-9753103-0 download attempt (malware-other.rules) * 1:55305 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9753105-0 download attempt (malware-other.rules) * 1:55306 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9753105-0 download attempt (malware-other.rules) * 1:55307 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9753391-0 download attempt (malware-other.rules) * 1:55308 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9753391-0 download attempt (malware-other.rules) * 1:55309 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Kovter-9753452-0 download attempt (malware-other.rules) * 1:55310 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Kovter-9753452-0 download attempt (malware-other.rules) * 1:55311 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9753454-0 download attempt (malware-other.rules) * 1:55312 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9753454-0 download attempt (malware-other.rules) * 1:55313 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9753468-0 download attempt (malware-other.rules) * 1:55314 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9753468-0 download attempt (malware-other.rules) * 1:55315 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redosdru-9753542-0 download attempt (malware-other.rules) * 1:55316 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redosdru-9753542-0 download attempt (malware-other.rules) * 1:55317 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9753546-0 download attempt (malware-other.rules) * 1:55318 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9753546-0 download attempt (malware-other.rules) * 1:55319 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Poison-9753599-0 download attempt (malware-other.rules) * 1:55320 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Poison-9753599-0 download attempt (malware-other.rules) * 1:55321 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9753680-0 download attempt (malware-other.rules) * 1:55322 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9753680-0 download attempt (malware-other.rules) * 1:55323 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9753857-0 download attempt (malware-other.rules) * 1:55324 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9753857-0 download attempt (malware-other.rules) * 1:55325 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9753942-0 download attempt (malware-other.rules) * 1:55326 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9753942-0 download attempt (malware-other.rules) * 1:55327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9753975-0 download attempt (malware-other.rules) * 1:55328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9753975-0 download attempt (malware-other.rules) * 1:55329 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9754025-0 download attempt (malware-other.rules) * 1:55330 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9754025-0 download attempt (malware-other.rules) * 1:55331 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-9754178-0 download attempt (malware-other.rules) * 1:55332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-9754178-0 download attempt (malware-other.rules) * 1:55333 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Palevo-9754103-0 download attempt (malware-other.rules) * 1:55334 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Palevo-9754103-0 download attempt (malware-other.rules) * 1:55335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Patcher-9753989-0 download attempt (malware-other.rules) * 1:55336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Tool.Patcher-9753989-0 download attempt (malware-other.rules) * 1:55337 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9754286-0 download attempt (malware-other.rules) * 1:55338 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9754286-0 download attempt (malware-other.rules) * 1:55339 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9754219-0 download attempt (malware-other.rules) * 1:55340 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9754219-0 download attempt (malware-other.rules) * 1:55341 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Reveton-9754019-0 download attempt (malware-other.rules) * 1:55342 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Reveton-9754019-0 download attempt (malware-other.rules) * 1:55343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9754156-0 download attempt (malware-other.rules) * 1:55344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9754156-0 download attempt (malware-other.rules) * 1:55345 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9754318-0 download attempt (malware-other.rules) * 1:55346 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9754318-0 download attempt (malware-other.rules) * 1:55347 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9754356-0 download attempt (malware-other.rules) * 1:55348 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9754356-0 download attempt (malware-other.rules) * 1:55349 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9754374-0 download attempt (malware-other.rules) * 1:55350 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9754374-0 download attempt (malware-other.rules) * 1:55351 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9754450-0 download attempt (malware-other.rules) * 1:55352 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9754450-0 download attempt (malware-other.rules) * 1:55353 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-9754805-0 download attempt (malware-other.rules) * 1:55354 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Barys-9754805-0 download attempt (malware-other.rules) * 1:55355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9754577-0 download attempt (malware-other.rules) * 1:55356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9754577-0 download attempt (malware-other.rules) * 1:55357 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9754886-0 download attempt (malware-other.rules) * 1:55358 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9754886-0 download attempt (malware-other.rules) * 1:55359 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9754812-0 download attempt (malware-other.rules) * 1:55360 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9754812-0 download attempt (malware-other.rules) * 1:55361 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Battdil-9755096-0 download attempt (malware-other.rules) * 1:55362 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Battdil-9755096-0 download attempt (malware-other.rules) * 1:55363 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9755097-0 download attempt (malware-other.rules) * 1:55364 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9755097-0 download attempt (malware-other.rules) * 1:55365 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9754741-0 download attempt (malware-other.rules) * 1:55366 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9754741-0 download attempt (malware-other.rules) * 1:55367 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9754748-0 download attempt (malware-other.rules) * 1:55368 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9754748-0 download attempt (malware-other.rules) * 1:55369 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Kranet-9754977-0 download attempt (malware-other.rules) * 1:55370 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Kranet-9754977-0 download attempt (malware-other.rules) * 1:55371 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9754465-0 download attempt (malware-other.rules) * 1:55372 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9754465-0 download attempt (malware-other.rules) * 1:55373 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9754466-0 download attempt (malware-other.rules) * 1:55374 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9754466-0 download attempt (malware-other.rules) * 1:55375 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9754980-0 download attempt (malware-other.rules) * 1:55376 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9754980-0 download attempt (malware-other.rules) * 1:55377 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Linkury-9755039-0 download attempt (malware-other.rules) * 1:55378 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Linkury-9755039-0 download attempt (malware-other.rules) * 1:55379 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Presenoker-9754467-0 download attempt (malware-other.rules) * 1:55380 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Presenoker-9754467-0 download attempt (malware-other.rules) * 1:55381 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9755111-0 download attempt (malware-other.rules) * 1:55382 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9755111-0 download attempt (malware-other.rules) * 1:55383 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Hlux-9754904-0 download attempt (malware-other.rules) * 1:55384 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Hlux-9754904-0 download attempt (malware-other.rules) * 1:55385 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9754905-0 download attempt (malware-other.rules) * 1:55386 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9754905-0 download attempt (malware-other.rules) * 1:55387 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Hlux-9754909-0 download attempt (malware-other.rules) * 1:55388 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Hlux-9754909-0 download attempt (malware-other.rules) * 1:55389 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Kranet-9754985-0 download attempt (malware-other.rules) * 1:55390 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Kranet-9754985-0 download attempt (malware-other.rules) * 1:55391 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ponmocup-9754986-0 download attempt (malware-other.rules) * 1:55392 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ponmocup-9754986-0 download attempt (malware-other.rules) * 1:55393 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tofsee-9754919-0 download attempt (malware-other.rules) * 1:55394 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Tofsee-9754919-0 download attempt (malware-other.rules) * 1:55395 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redosdru-9754696-0 download attempt (malware-other.rules) * 1:55396 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redosdru-9754696-0 download attempt (malware-other.rules) * 1:55397 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9755067-0 download attempt (malware-other.rules) * 1:55398 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9755067-0 download attempt (malware-other.rules) * 1:55399 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9754492-0 download attempt (malware-other.rules) * 1:554 <-> DISABLED <-> INDICATOR-COMPROMISE FTP 'MKD / ' possible warez site (indicator-compromise.rules) * 1:55400 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9754492-0 download attempt (malware-other.rules) * 1:55401 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9754785-0 download attempt (malware-other.rules) * 1:55402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9754785-0 download attempt (malware-other.rules) * 1:55403 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aqaatbp-9754496-0 download attempt (malware-other.rules) * 1:55404 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Aqaatbp-9754496-0 download attempt (malware-other.rules) * 1:55405 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Istartsurf-9755079-0 download attempt (malware-other.rules) * 1:55406 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Istartsurf-9755079-0 download attempt (malware-other.rules) * 1:55407 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Istartsurf-9755081-0 download attempt (malware-other.rules) * 1:55408 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Istartsurf-9755081-0 download attempt (malware-other.rules) * 1:55409 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lurk-9754564-0 download attempt (malware-other.rules) * 1:55410 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lurk-9754564-0 download attempt (malware-other.rules) * 1:55411 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-9754646-0 download attempt (malware-other.rules) * 1:55412 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bladabindi-9754646-0 download attempt (malware-other.rules) * 1:55413 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Winwebsec-9754570-0 download attempt (malware-other.rules) * 1:55414 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Winwebsec-9754570-0 download attempt (malware-other.rules) * 1:55415 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Battdil-9755088-0 download attempt (malware-other.rules) * 1:55416 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Battdil-9755088-0 download attempt (malware-other.rules) * 1:55417 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9755091-0 download attempt (malware-other.rules) * 1:55418 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9755091-0 download attempt (malware-other.rules) * 1:55419 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9755181-0 download attempt (malware-other.rules) * 1:55420 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9755181-0 download attempt (malware-other.rules) * 1:55421 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-9755251-0 download attempt (malware-other.rules) * 1:55422 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-9755251-0 download attempt (malware-other.rules) * 1:55423 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-9755622-0 download attempt (malware-other.rules) * 1:55424 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-9755622-0 download attempt (malware-other.rules) * 1:55425 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9755634-0 download attempt (malware-other.rules) * 1:55426 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9755634-0 download attempt (malware-other.rules) * 1:55427 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-9755671-0 download attempt (malware-other.rules) * 1:55428 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-9755671-0 download attempt (malware-other.rules) * 1:55429 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-9755779-0 download attempt (malware-other.rules) * 1:55430 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-9755779-0 download attempt (malware-other.rules) * 1:55431 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-9755640-0 download attempt (malware-other.rules) * 1:55432 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Gh0stRAT-9755640-0 download attempt (malware-other.rules) * 1:55433 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-9755764-0 download attempt (malware-other.rules) * 1:55434 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.DarkKomet-9755764-0 download attempt (malware-other.rules) * 1:55435 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-9756061-0 download attempt (malware-other.rules) * 1:55436 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.XtremeRAT-9756061-0 download attempt (malware-other.rules) * 1:55437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9756656-0 download attempt (malware-other.rules) * 1:55438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9756656-0 download attempt (malware-other.rules) * 1:55439 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9756790-0 download attempt (malware-other.rules) * 1:55440 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9756790-0 download attempt (malware-other.rules) * 1:55441 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9756930-0 download attempt (malware-other.rules) * 1:55442 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9756930-0 download attempt (malware-other.rules) * 1:55443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9756791-0 download attempt (malware-other.rules) * 1:55444 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9756791-0 download attempt (malware-other.rules) * 1:55445 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9756755-0 download attempt (malware-other.rules) * 1:55446 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9756755-0 download attempt (malware-other.rules) * 1:55447 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9756756-0 download attempt (malware-other.rules) * 1:55448 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9756756-0 download attempt (malware-other.rules) * 1:55449 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9756805-0 download attempt (malware-other.rules) * 1:55450 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9756805-0 download attempt (malware-other.rules) * 1:55451 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Reveton-9756813-0 download attempt (malware-other.rules) * 1:55452 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Reveton-9756813-0 download attempt (malware-other.rules) * 1:55453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9756766-0 download attempt (malware-other.rules) * 1:55454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9756766-0 download attempt (malware-other.rules) * 1:55455 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9756770-0 download attempt (malware-other.rules) * 1:55456 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9756770-0 download attempt (malware-other.rules) * 1:55457 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9756772-0 download attempt (malware-other.rules) * 1:55458 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9756772-0 download attempt (malware-other.rules) * 1:55459 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9756996-0 download attempt (malware-other.rules) * 1:55460 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9756996-0 download attempt (malware-other.rules) * 1:55461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9756837-0 download attempt (malware-other.rules) * 1:55462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9756837-0 download attempt (malware-other.rules) * 1:55463 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9756916-0 download attempt (malware-other.rules) * 1:55464 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9756916-0 download attempt (malware-other.rules) * 1:55465 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Deepscan-9757176-0 download attempt (malware-other.rules) * 1:55466 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Deepscan-9757176-0 download attempt (malware-other.rules) * 1:55467 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9757204-0 download attempt (malware-other.rules) * 1:55468 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9757204-0 download attempt (malware-other.rules) * 1:55469 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9757205-0 download attempt (malware-other.rules) * 1:55470 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9757205-0 download attempt (malware-other.rules) * 1:55471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9757272-0 download attempt (malware-other.rules) * 1:55472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9757272-0 download attempt (malware-other.rules) * 1:55473 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9757277-0 download attempt (malware-other.rules) * 1:55474 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9757277-0 download attempt (malware-other.rules) * 1:55475 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Ransomer-9757261-0 download attempt (malware-other.rules) * 1:55476 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Ransomer-9757261-0 download attempt (malware-other.rules) * 1:55477 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Kranet-9757293-0 download attempt (malware-other.rules) * 1:55478 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Kranet-9757293-0 download attempt (malware-other.rules) * 1:55479 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9757531-0 download attempt (malware-other.rules) * 1:55480 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9757531-0 download attempt (malware-other.rules) * 1:55481 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Hlux-9757571-0 download attempt (malware-other.rules) * 1:55482 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Hlux-9757571-0 download attempt (malware-other.rules) * 1:55483 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-9757564-0 download attempt (malware-other.rules) * 1:55484 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zusy-9757564-0 download attempt (malware-other.rules) * 1:55485 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Reveton-9757590-0 download attempt (malware-other.rules) * 1:55486 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Reveton-9757590-0 download attempt (malware-other.rules) * 1:55487 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9757600-0 download attempt (malware-other.rules) * 1:55488 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9757600-0 download attempt (malware-other.rules) * 1:55489 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9757775-0 download attempt (malware-other.rules) * 1:55490 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9757775-0 download attempt (malware-other.rules) * 1:55491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9757778-0 download attempt (malware-other.rules) * 1:55492 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9757778-0 download attempt (malware-other.rules) * 1:55493 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9757645-0 download attempt (malware-other.rules) * 1:55494 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9757645-0 download attempt (malware-other.rules) * 1:55495 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9757656-0 download attempt (malware-other.rules) * 1:55496 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9757656-0 download attempt (malware-other.rules) * 1:55497 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9757745-0 download attempt (malware-other.rules) * 1:55498 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9757745-0 download attempt (malware-other.rules) * 1:55499 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9757805-0 download attempt (malware-other.rules) * 1:555 <-> DISABLED <-> POLICY-OTHER WinGate telnet server response (policy-other.rules) * 1:55500 <-> DISABLED <-> MALWARE-OTHER Win.Ircbot.Ircbot-9757805-0 download attempt (malware-other.rules) * 1:55501 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Conjar-9757807-0 download attempt (malware-other.rules) * 1:55502 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Conjar-9757807-0 download attempt (malware-other.rules) * 1:55503 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9757820-0 download attempt (malware-other.rules) * 1:55504 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9757820-0 download attempt (malware-other.rules) * 1:55505 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9757823-0 download attempt (malware-other.rules) * 1:55506 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9757823-0 download attempt (malware-other.rules) * 1:55507 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9757843-0 download attempt (malware-other.rules) * 1:55508 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9757843-0 download attempt (malware-other.rules) * 1:55509 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9758012-0 download attempt (malware-other.rules) * 1:55510 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9758012-0 download attempt (malware-other.rules) * 1:55511 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9758052-0 download attempt (malware-other.rules) * 1:55512 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9758052-0 download attempt (malware-other.rules) * 1:55513 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9758013-0 download attempt (malware-other.rules) * 1:55514 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9758013-0 download attempt (malware-other.rules) * 1:55515 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9758053-0 download attempt (malware-other.rules) * 1:55516 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9758053-0 download attempt (malware-other.rules) * 1:55517 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Tinba-9758102-0 download attempt (malware-other.rules) * 1:55518 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Tinba-9758102-0 download attempt (malware-other.rules) * 1:55519 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Tinba-9758104-0 download attempt (malware-other.rules) * 1:55520 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Tinba-9758104-0 download attempt (malware-other.rules) * 1:55521 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9758034-0 download attempt (malware-other.rules) * 1:55522 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9758034-0 download attempt (malware-other.rules) * 1:55523 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tinba-9758106-0 download attempt (malware-other.rules) * 1:55524 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tinba-9758106-0 download attempt (malware-other.rules) * 1:55525 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9758117-0 download attempt (malware-other.rules) * 1:55526 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9758117-0 download attempt (malware-other.rules) * 1:55527 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9757974-0 download attempt (malware-other.rules) * 1:55528 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9757974-0 download attempt (malware-other.rules) * 1:55529 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9757870-0 download attempt (malware-other.rules) * 1:55530 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9757870-0 download attempt (malware-other.rules) * 1:55531 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9758048-0 download attempt (malware-other.rules) * 1:55532 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9758048-0 download attempt (malware-other.rules) * 1:55533 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Winwebsec-9758126-0 download attempt (malware-other.rules) * 1:55534 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Winwebsec-9758126-0 download attempt (malware-other.rules) * 1:55535 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9758127-0 download attempt (malware-other.rules) * 1:55536 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9758127-0 download attempt (malware-other.rules) * 1:55537 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Trojanx-9758137-0 download attempt (malware-other.rules) * 1:55538 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Trojanx-9758137-0 download attempt (malware-other.rules) * 1:55539 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Spyeye-9758171-0 download attempt (malware-other.rules) * 1:55540 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Spyeye-9758171-0 download attempt (malware-other.rules) * 1:55541 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9758186-0 download attempt (malware-other.rules) * 1:55542 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9758186-0 download attempt (malware-other.rules) * 1:55543 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dorkbot-9758280-0 download attempt (malware-other.rules) * 1:55544 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Dorkbot-9758280-0 download attempt (malware-other.rules) * 1:55545 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9758291-0 download attempt (malware-other.rules) * 1:55546 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9758291-0 download attempt (malware-other.rules) * 1:55547 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9758294-0 download attempt (malware-other.rules) * 1:55548 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9758294-0 download attempt (malware-other.rules) * 1:55549 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9758347-0 download attempt (malware-other.rules) * 1:55550 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9758347-0 download attempt (malware-other.rules) * 1:55551 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Regrun-9758329-0 download attempt (malware-other.rules) * 1:55552 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Regrun-9758329-0 download attempt (malware-other.rules) * 1:55553 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9758363-0 download attempt (malware-other.rules) * 1:55554 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9758363-0 download attempt (malware-other.rules) * 1:55555 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Manna-9758481-0 download attempt (malware-other.rules) * 1:55556 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Manna-9758481-0 download attempt (malware-other.rules) * 1:55557 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Yakes-9758524-0 download attempt (malware-other.rules) * 1:55558 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Yakes-9758524-0 download attempt (malware-other.rules) * 1:55559 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9758572-0 download attempt (malware-other.rules) * 1:55560 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9758572-0 download attempt (malware-other.rules) * 1:55561 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9758579-0 download attempt (malware-other.rules) * 1:55562 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9758579-0 download attempt (malware-other.rules) * 1:55563 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9758633-0 download attempt (malware-other.rules) * 1:55564 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9758633-0 download attempt (malware-other.rules) * 1:55565 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Plugx-9758632-0 download attempt (malware-other.rules) * 1:55566 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Plugx-9758632-0 download attempt (malware-other.rules) * 1:55567 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Magania-9758831-0 download attempt (malware-other.rules) * 1:55568 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Magania-9758831-0 download attempt (malware-other.rules) * 1:55569 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9758586-0 download attempt (malware-other.rules) * 1:55570 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9758586-0 download attempt (malware-other.rules) * 1:55571 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9758839-0 download attempt (malware-other.rules) * 1:55572 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9758839-0 download attempt (malware-other.rules) * 1:55573 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9758840-0 download attempt (malware-other.rules) * 1:55574 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9758840-0 download attempt (malware-other.rules) * 1:55575 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9758597-0 download attempt (malware-other.rules) * 1:55576 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9758597-0 download attempt (malware-other.rules) * 1:55577 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fusing-9758602-0 download attempt (malware-other.rules) * 1:55578 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fusing-9758602-0 download attempt (malware-other.rules) * 1:55579 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9758659-0 download attempt (malware-other.rules) * 1:55580 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9758659-0 download attempt (malware-other.rules) * 1:55581 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9758623-0 download attempt (malware-other.rules) * 1:55582 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9758623-0 download attempt (malware-other.rules) * 1:55583 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-9758910-0 download attempt (malware-other.rules) * 1:55584 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ngrbot-9758910-0 download attempt (malware-other.rules) * 1:55585 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9758965-0 download attempt (malware-other.rules) * 1:55586 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9758965-0 download attempt (malware-other.rules) * 1:55587 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Banload-9758978-0 download attempt (malware-other.rules) * 1:55588 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Banload-9758978-0 download attempt (malware-other.rules) * 1:55589 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sinowal-9759014-0 download attempt (malware-other.rules) * 1:55590 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Sinowal-9759014-0 download attempt (malware-other.rules) * 1:55591 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9759052-0 download attempt (malware-other.rules) * 1:55592 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9759052-0 download attempt (malware-other.rules) * 1:55593 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Smartfortress-9759254-0 download attempt (malware-other.rules) * 1:55594 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Smartfortress-9759254-0 download attempt (malware-other.rules) * 1:55595 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9759311-0 download attempt (malware-other.rules) * 1:55596 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9759311-0 download attempt (malware-other.rules) * 1:55597 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9759168-0 download attempt (malware-other.rules) * 1:55598 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9759168-0 download attempt (malware-other.rules) * 1:55599 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9759316-0 download attempt (malware-other.rules) * 1:556 <-> DISABLED <-> PUA-P2P Outbound GNUTella client request (pua-p2p.rules) * 1:55600 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9759316-0 download attempt (malware-other.rules) * 1:55601 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jrcx-9759211-0 download attempt (malware-other.rules) * 1:55602 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jrcx-9759211-0 download attempt (malware-other.rules) * 1:55603 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Kovter-9759186-0 download attempt (malware-other.rules) * 1:55604 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Kovter-9759186-0 download attempt (malware-other.rules) * 1:55605 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Gamarue-9759119-0 download attempt (malware-other.rules) * 1:55606 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Gamarue-9759119-0 download attempt (malware-other.rules) * 1:55607 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Gamarue-9759120-0 download attempt (malware-other.rules) * 1:55608 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Gamarue-9759120-0 download attempt (malware-other.rules) * 1:55609 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9759193-0 download attempt (malware-other.rules) * 1:55610 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9759193-0 download attempt (malware-other.rules) * 1:55611 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Rincux-9759478-0 download attempt (malware-other.rules) * 1:55612 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Rincux-9759478-0 download attempt (malware-other.rules) * 1:55613 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9759475-0 download attempt (malware-other.rules) * 1:55614 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9759475-0 download attempt (malware-other.rules) * 1:55615 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9759456-0 download attempt (malware-other.rules) * 1:55616 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9759456-0 download attempt (malware-other.rules) * 1:55617 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9759474-0 download attempt (malware-other.rules) * 1:55618 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9759474-0 download attempt (malware-other.rules) * 1:55619 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9759529-0 download attempt (malware-other.rules) * 1:55620 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9759529-0 download attempt (malware-other.rules) * 1:55621 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zbot-9759575-0 download attempt (malware-other.rules) * 1:55622 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Zbot-9759575-0 download attempt (malware-other.rules) * 1:55623 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zpack-9759629-0 download attempt (malware-other.rules) * 1:55624 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zpack-9759629-0 download attempt (malware-other.rules) * 1:55625 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9759650-0 download attempt (malware-other.rules) * 1:55626 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9759650-0 download attempt (malware-other.rules) * 1:55627 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9759663-0 download attempt (malware-other.rules) * 1:55628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9759663-0 download attempt (malware-other.rules) * 1:55629 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9759774-0 download attempt (malware-other.rules) * 1:55630 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9759774-0 download attempt (malware-other.rules) * 1:55631 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9759926-0 download attempt (malware-other.rules) * 1:55632 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9759926-0 download attempt (malware-other.rules) * 1:55633 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Torr-9759942-0 download attempt (malware-other.rules) * 1:55634 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Torr-9759942-0 download attempt (malware-other.rules) * 1:55635 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Syddldg-9759963-0 download attempt (malware-other.rules) * 1:55636 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Syddldg-9759963-0 download attempt (malware-other.rules) * 1:55637 <-> DISABLED <-> SERVER-WEBAPP Pulse Connect Secure SSL VPN command injection attempt (server-webapp.rules) * 1:55638 <-> DISABLED <-> SERVER-WEBAPP Pulse Connect Secure SSL VPN command injection attempt (server-webapp.rules) * 1:55639 <-> DISABLED <-> SERVER-WEBAPP Pulse Connect Secure SSL VPN command injection attempt (server-webapp.rules) * 1:55640 <-> DISABLED <-> SERVER-WEBAPP Pulse Connect Secure SSL VPN command injection attempt (server-webapp.rules) * 1:55647 <-> DISABLED <-> INDICATOR-SCAN PHP backdoor scan attempt (indicator-scan.rules) * 1:55648 <-> DISABLED <-> INDICATOR-SCAN Drupal PHP remote debug attempt (indicator-scan.rules) * 1:55649 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9759981-0 download attempt (malware-other.rules) * 1:55650 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Reveton-9759981-0 download attempt (malware-other.rules) * 1:55651 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9760099-0 download attempt (malware-other.rules) * 1:55652 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9760099-0 download attempt (malware-other.rules) * 1:55653 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9760103-0 download attempt (malware-other.rules) * 1:55654 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9760103-0 download attempt (malware-other.rules) * 1:55655 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9760106-0 download attempt (malware-other.rules) * 1:55656 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9760106-0 download attempt (malware-other.rules) * 1:55657 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9760150-0 download attempt (malware-other.rules) * 1:55658 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9760150-0 download attempt (malware-other.rules) * 1:55659 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9760168-0 download attempt (malware-other.rules) * 1:55660 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Karagany-9760168-0 download attempt (malware-other.rules) * 1:55661 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9760197-0 download attempt (malware-other.rules) * 1:55662 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9760197-0 download attempt (malware-other.rules) * 1:55663 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9760284-0 download attempt (malware-other.rules) * 1:55664 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9760284-0 download attempt (malware-other.rules) * 1:55665 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Pcclient-9760332-0 download attempt (malware-other.rules) * 1:55666 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Pcclient-9760332-0 download attempt (malware-other.rules) * 1:55667 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Farfli-9760391-0 download attempt (malware-other.rules) * 1:55668 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Farfli-9760391-0 download attempt (malware-other.rules) * 1:55669 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9760447-0 download attempt (malware-other.rules) * 1:55670 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9760447-0 download attempt (malware-other.rules) * 1:55671 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9760518-0 download attempt (malware-other.rules) * 1:55672 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9760518-0 download attempt (malware-other.rules) * 1:55673 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9760560-0 download attempt (malware-other.rules) * 1:55674 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9760560-0 download attempt (malware-other.rules) * 1:55675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dalexis-9760553-0 download attempt (malware-other.rules) * 1:55676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dalexis-9760553-0 download attempt (malware-other.rules) * 1:55677 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9760556-0 download attempt (malware-other.rules) * 1:55678 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9760556-0 download attempt (malware-other.rules) * 1:55679 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9760594-0 download attempt (malware-other.rules) * 1:55680 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9760594-0 download attempt (malware-other.rules) * 1:55681 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9760677-0 download attempt (malware-other.rules) * 1:55682 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9760677-0 download attempt (malware-other.rules) * 1:55683 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9760773-0 download attempt (malware-other.rules) * 1:55684 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9760773-0 download attempt (malware-other.rules) * 1:55685 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Slenfbot-9760649-0 download attempt (malware-other.rules) * 1:55686 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Slenfbot-9760649-0 download attempt (malware-other.rules) * 1:55687 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Elzob-9760696-0 download attempt (malware-other.rules) * 1:55688 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Elzob-9760696-0 download attempt (malware-other.rules) * 1:55689 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Pakes-9760698-0 download attempt (malware-other.rules) * 1:55690 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Pakes-9760698-0 download attempt (malware-other.rules) * 1:55691 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9760798-0 download attempt (malware-other.rules) * 1:55692 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9760798-0 download attempt (malware-other.rules) * 1:55693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9760939-0 download attempt (malware-other.rules) * 1:55694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9760939-0 download attempt (malware-other.rules) * 1:55695 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Rincux-9760859-0 download attempt (malware-other.rules) * 1:55696 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Rincux-9760859-0 download attempt (malware-other.rules) * 1:55697 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9761006-0 download attempt (malware-other.rules) * 1:55698 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9761006-0 download attempt (malware-other.rules) * 1:55699 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9761062-0 download attempt (malware-other.rules) * 1:557 <-> DISABLED <-> PUA-P2P GNUTella client request (pua-p2p.rules) * 1:55700 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9761062-0 download attempt (malware-other.rules) * 1:55701 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9761063-0 download attempt (malware-other.rules) * 1:55702 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9761063-0 download attempt (malware-other.rules) * 1:55703 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerReqChallenge elevation of privilege attempt (os-windows.rules) * 1:55704 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Netlogon crafted NetrServerAuthenticate elevation of privilege attempt (os-windows.rules) * 1:55705 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cryptowall-9761312-0 download attempt (malware-other.rules) * 1:55706 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cryptowall-9761312-0 download attempt (malware-other.rules) * 1:55707 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9761337-0 download attempt (malware-other.rules) * 1:55708 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Urausy-9761337-0 download attempt (malware-other.rules) * 1:55709 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9761339-0 download attempt (malware-other.rules) * 1:55710 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9761339-0 download attempt (malware-other.rules) * 1:55711 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tdss-9761341-0 download attempt (malware-other.rules) * 1:55712 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tdss-9761341-0 download attempt (malware-other.rules) * 1:55713 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9761347-0 download attempt (malware-other.rules) * 1:55714 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zbot-9761347-0 download attempt (malware-other.rules) * 1:55715 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9761556-0 download attempt (malware-other.rules) * 1:55716 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9761556-0 download attempt (malware-other.rules) * 1:55717 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9761391-0 download attempt (malware-other.rules) * 1:55718 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Slenfbot-9761391-0 download attempt (malware-other.rules) * 1:55719 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9761421-0 download attempt (malware-other.rules) * 1:55720 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9761421-0 download attempt (malware-other.rules) * 1:55721 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9761424-0 download attempt (malware-other.rules) * 1:55722 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9761424-0 download attempt (malware-other.rules) * 1:55723 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9761425-0 download attempt (malware-other.rules) * 1:55724 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9761425-0 download attempt (malware-other.rules) * 1:55725 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9761426-0 download attempt (malware-other.rules) * 1:55726 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9761426-0 download attempt (malware-other.rules) * 1:55727 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9761427-0 download attempt (malware-other.rules) * 1:55728 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9761427-0 download attempt (malware-other.rules) * 1:55729 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9761414-0 download attempt (malware-other.rules) * 1:55730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9761414-0 download attempt (malware-other.rules) * 1:55731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9761624-0 download attempt (malware-other.rules) * 1:55732 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9761624-0 download attempt (malware-other.rules) * 1:55733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9761753-0 download attempt (malware-other.rules) * 1:55734 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9761753-0 download attempt (malware-other.rules) * 1:55735 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762029-0 download attempt (malware-other.rules) * 1:55736 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762029-0 download attempt (malware-other.rules) * 1:55737 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9762035-0 download attempt (malware-other.rules) * 1:55738 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ircbot-9762035-0 download attempt (malware-other.rules) * 1:55739 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762049-0 download attempt (malware-other.rules) * 1:55740 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762049-0 download attempt (malware-other.rules) * 1:55741 <-> DISABLED <-> FILE-IMAGE Foxit Reader parsing JPEG with ConvertToPDF remote code execution attempt (file-image.rules) * 1:55742 <-> DISABLED <-> FILE-IMAGE Foxit Reader parsing JPEG with ConvertToPDF remote code execution attempt (file-image.rules) * 1:55743 <-> DISABLED <-> SERVER-OTHER Rockwell Automation FactoryTalk Diagnostics remote code execution attempt (server-other.rules) * 1:55744 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Eorezo-9762085-0 download attempt (malware-other.rules) * 1:55745 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Eorezo-9762085-0 download attempt (malware-other.rules) * 1:55746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Trojanx-9762074-0 download attempt (malware-other.rules) * 1:55747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Trojanx-9762074-0 download attempt (malware-other.rules) * 1:55750 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules) * 1:55751 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762111-0 download attempt (malware-other.rules) * 1:55752 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules) * 1:55753 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Urausy-9762145-0 download attempt (malware-other.rules) * 1:55754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules) * 1:55755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9762149-0 download attempt (malware-other.rules) * 1:55756 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules) * 1:55757 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762150-0 download attempt (malware-other.rules) * 1:55758 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules) * 1:55759 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762151-0 download attempt (malware-other.rules) * 1:55760 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules) * 1:55761 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Fareit-9762193-0 download attempt (malware-other.rules) * 1:55762 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules) * 1:55763 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762160-0 download attempt (malware-other.rules) * 1:55764 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules) * 1:55765 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9762176-0 download attempt (malware-other.rules) * 1:55766 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules) * 1:55767 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9762177-0 download attempt (malware-other.rules) * 1:55768 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules) * 1:55769 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762179-0 download attempt (malware-other.rules) * 1:55770 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules) * 1:55771 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Zeroaccess-9762346-0 download attempt (malware-other.rules) * 1:55772 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules) * 1:55773 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zeroaccess-9762336-0 download attempt (malware-other.rules) * 1:55774 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules) * 1:55775 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Ardamax-9762361-0 download attempt (malware-other.rules) * 1:55776 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules) * 1:55777 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Variadic-9762514-0 download attempt (malware-other.rules) * 1:55778 <-> ENABLED <-> SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (server-webapp.rules) * 1:55779 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules) * 1:55780 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9762933-0 download attempt (malware-other.rules) * 1:55781 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules) * 1:55782 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9762950-0 download attempt (malware-other.rules) * 1:55783 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules) * 1:55784 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Avira-9762997-0 download attempt (malware-other.rules) * 1:55785 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules) * 1:55786 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9763167-0 download attempt (malware-other.rules) * 1:55787 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules) * 1:55788 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9763169-0 download attempt (malware-other.rules) * 1:55789 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules) * 1:55790 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9763527-0 download attempt (malware-other.rules) * 1:55791 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9763835-0 download attempt (malware-other.rules) * 1:55792 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Farfli-9763835-0 download attempt (malware-other.rules) * 1:55793 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hupigon-9763906-0 download attempt (malware-other.rules) * 1:55794 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Hupigon-9763906-0 download attempt (malware-other.rules) * 1:55795 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Cimpli-9764278-0 download attempt (malware-other.rules) * 1:55796 <-> DISABLED <-> MALWARE-OTHER PUA.Unix.Adware.Cimpli-9764278-0 download attempt (malware-other.rules) * 1:55797 <-> DISABLED <-> SERVER-WEBAPP Wordpress plugin WP Database Reset database reset attempt (server-webapp.rules) * 1:55798 <-> DISABLED <-> FILE-OTHER Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt (file-other.rules) * 1:55799 <-> DISABLED <-> FILE-OTHER Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt (file-other.rules) * 1:55800 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat HTTP/2 denial of service attempt (server-webapp.rules) * 1:55801 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat HTTP/2 denial of service attempt (server-webapp.rules) * 1:55802 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disabling attempt (os-windows.rules) * 1:55803 <-> DISABLED <-> SERVER-OTHER Redis replication arbitrary code execution attempt (server-other.rules) * 1:55804 <-> DISABLED <-> SERVER-OTHER Redis replication arbitrary code execution attempt (server-other.rules) * 1:55805 <-> DISABLED <-> SERVER-OTHER Redis replication arbitrary code execution attempt (server-other.rules) * 1:55809 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55810 <-> DISABLED <-> BROWSER-CHROME Google Chrome AudioArray memory corruption attempt (browser-chrome.rules) * 1:55811 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55812 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mekotio variant second stage dropper download attempt (malware-other.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55821 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails command injection attempt (server-webapp.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet CnCContactAlertResult SQL injection attempt (server-webapp.rules) * 1:55826 <-> DISABLED <-> SERVER-WEBAPP Microsoft Exchange Server DlpUtils remote code execution attempt (server-webapp.rules) * 1:55827 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55828 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55829 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet multiple functions SQL injection attempt (server-webapp.rules) * 1:55834 <-> DISABLED <-> SERVER-WEBAPP Wordpress Nexos theme cross site scripting attempt (server-webapp.rules) * 1:55835 <-> DISABLED <-> SERVER-WEBAPP Wordpress Nexos theme cross site scripting attempt (server-webapp.rules) * 1:55836 <-> DISABLED <-> SERVER-WEBAPP Wordpress Nexos theme SQL injection attempt (server-webapp.rules) * 1:55837 <-> DISABLED <-> SERVER-WEBAPP Wordpress Nexos theme SQL injection attempt (server-webapp.rules) * 1:55838 <-> DISABLED <-> SERVER-WEBAPP Wordpress Nexos theme SQL injection attempt (server-webapp.rules) * 1:55839 <-> ENABLED <-> SERVER-WEBAPP Multiple products DVR admin password leak attempt (server-webapp.rules) * 1:55840 <-> DISABLED <-> SERVER-WEBAPP Multiple products DVR arbitrary command execution attempt (server-webapp.rules) * 1:55841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Uppercut inbound payload download (malware-cnc.rules) * 1:55846 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Delf-9768673-0 download attempt (malware-other.rules) * 1:55847 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Delf-9768673-0 download attempt (malware-other.rules) * 1:55848 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Delf-9768956-0 download attempt (malware-other.rules) * 1:55849 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Delf-9768956-0 download attempt (malware-other.rules) * 1:55850 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Auqyqcbi-9769106-0 download attempt (malware-other.rules) * 1:55851 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Auqyqcbi-9769106-0 download attempt (malware-other.rules) * 1:55852 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9769241-0 download attempt (malware-other.rules) * 1:55853 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9769241-0 download attempt (malware-other.rules) * 1:55854 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9769405-0 download attempt (malware-other.rules) * 1:55855 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9769405-0 download attempt (malware-other.rules) * 1:55856 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ulise-9769434-0 download attempt (malware-other.rules) * 1:55857 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ulise-9769434-0 download attempt (malware-other.rules) * 1:55858 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9769447-0 download attempt (malware-other.rules) * 1:55859 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9769447-0 download attempt (malware-other.rules) * 1:55860 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Gamarue-9769424-0 download attempt (malware-other.rules) * 1:55861 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Gamarue-9769424-0 download attempt (malware-other.rules) * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules) * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules) * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules) * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules) * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules) * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules) * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules) * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules) * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules) * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules) * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules) * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules) * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules) * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules) * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules) * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules) * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules) * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules) * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules) * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules) * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules) * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules) * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules) * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules) * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules) * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules) * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules) * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules) * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules) * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules) * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules) * 1:55929 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55930 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9774504-0 download attempt (malware-other.rules) * 1:55931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant outbound connection attempt (malware-cnc.rules) * 1:55932 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55933 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic malicious RemoteConstructor deserialization attempt (server-other.rules) * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules) * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules) * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules) * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules) * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules) * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules) * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules) * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules) * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules) * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules) * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules) * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules) * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules) * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules) * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules) * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules) * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules) * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules) * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules) * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules) * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules) * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules) * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules) * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules) * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules) * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules) * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules) * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules) * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules) * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules) * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules) * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules) * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules) * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules) * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules) * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules) * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules) * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules) * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules) * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules) * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules) * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules) * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules) * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules) * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules) * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules) * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules) * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules) * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules) * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules) * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (protocol-icmp.rules) * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules) * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules) * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules) * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules) * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules) * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules) * 1:55999 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:560 <-> DISABLED <-> APP-DETECT VNC server response (app-detect.rules) * 1:56000 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56001 <-> DISABLED <-> SERVER-APACHE Apache Struts denial of service attempt (server-apache.rules) * 1:56002 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 SQL injection attempt (server-webapp.rules) * 1:56003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emotet variant initial outbound request detected (malware-cnc.rules) * 1:56004 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CMW 100 cross site scripting attempt (server-webapp.rules) * 1:56005 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56006 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56007 <-> ENABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 SQL injection attempt (server-webapp.rules) * 1:56008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt (browser-webkit.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56092 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-9781821-0 download attempt (malware-other.rules) * 1:56093 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-9781821-0 download attempt (malware-other.rules) * 1:56094 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Alyak-9781952-0 download attempt (malware-other.rules) * 1:56095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Alyak-9781952-0 download attempt (malware-other.rules) * 1:56096 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9782626-0 download attempt (malware-other.rules) * 1:56097 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9782626-0 download attempt (malware-other.rules) * 1:56098 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Patcher-9782697-0 download attempt (malware-other.rules) * 1:56099 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Patcher-9782697-0 download attempt (malware-other.rules) * 1:56100 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9782745-0 download attempt (malware-other.rules) * 1:56101 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9782745-0 download attempt (malware-other.rules) * 1:56102 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9782798-0 download attempt (malware-other.rules) * 1:56103 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9782798-0 download attempt (malware-other.rules) * 1:56104 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Xkjdi-9782808-0 download attempt (malware-other.rules) * 1:56105 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Xkjdi-9782808-0 download attempt (malware-other.rules) * 1:56106 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9782972-0 download attempt (malware-other.rules) * 1:56107 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9782972-0 download attempt (malware-other.rules) * 1:56108 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redyms-9783100-0 download attempt (malware-other.rules) * 1:56109 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Redyms-9783100-0 download attempt (malware-other.rules) * 1:56110 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-9783104-0 download attempt (malware-other.rules) * 1:56111 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Reconyc-9783104-0 download attempt (malware-other.rules) * 1:56112 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9783140-0 download attempt (malware-other.rules) * 1:56113 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9783140-0 download attempt (malware-other.rules) * 1:56114 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-9783183-0 download attempt (malware-other.rules) * 1:56115 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generic-9783183-0 download attempt (malware-other.rules) * 1:56116 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9783298-0 download attempt (malware-other.rules) * 1:56117 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nitol-9783298-0 download attempt (malware-other.rules) * 1:56118 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Cosmu-9783404-0 download attempt (malware-other.rules) * 1:56119 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Cosmu-9783404-0 download attempt (malware-other.rules) * 1:56120 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9783664-0 download attempt (malware-other.rules) * 1:56121 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9783664-0 download attempt (malware-other.rules) * 1:56124 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9783912-0 download attempt (malware-other.rules) * 1:56125 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9783912-0 download attempt (malware-other.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56134 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint DataFormWebPart remote code execution attempt (server-webapp.rules) * 1:56135 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint DataFormWebPart remote code execution attempt (server-webapp.rules) * 1:56136 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint DataFormWebPart remote code execution attempt (server-webapp.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56168 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Komodia-9784770-0 download attempt (malware-other.rules) * 1:56169 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Komodia-9784770-0 download attempt (malware-other.rules) * 1:56170 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9784823-0 download attempt (malware-other.rules) * 1:56171 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9784823-0 download attempt (malware-other.rules) * 1:56172 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Komodia-9784896-0 download attempt (malware-other.rules) * 1:56173 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Komodia-9784896-0 download attempt (malware-other.rules) * 1:56174 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9784897-0 download attempt (malware-other.rules) * 1:56175 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9784897-0 download attempt (malware-other.rules) * 1:56176 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9784898-0 download attempt (malware-other.rules) * 1:56177 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9784898-0 download attempt (malware-other.rules) * 1:56178 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9784988-0 download attempt (malware-other.rules) * 1:56179 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9784988-0 download attempt (malware-other.rules) * 1:56180 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9784989-0 download attempt (malware-other.rules) * 1:56181 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9784989-0 download attempt (malware-other.rules) * 1:56182 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9785115-0 download attempt (malware-other.rules) * 1:56183 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9785115-0 download attempt (malware-other.rules) * 1:56184 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Banload-9785270-0 download attempt (malware-other.rules) * 1:56185 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Banload-9785270-0 download attempt (malware-other.rules) * 1:56186 <-> DISABLED <-> FILE-OTHER Citrix Gateway executable search order hijack attempt (file-other.rules) * 1:56187 <-> DISABLED <-> FILE-OTHER Citrix Gateway executable search order hijack attempt (file-other.rules) * 1:56188 <-> DISABLED <-> FILE-OTHER Citrix Gateway executable search order hijack attempt (file-other.rules) * 1:56189 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9785657-0 download attempt (malware-other.rules) * 1:56190 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9785657-0 download attempt (malware-other.rules) * 1:56191 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9785658-0 download attempt (malware-other.rules) * 1:56192 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9785658-0 download attempt (malware-other.rules) * 1:56193 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9785801-0 download attempt (malware-other.rules) * 1:56194 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9785801-0 download attempt (malware-other.rules) * 1:56195 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9785971-0 download attempt (malware-other.rules) * 1:56196 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9785971-0 download attempt (malware-other.rules) * 1:56197 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9785980-0 download attempt (malware-other.rules) * 1:56198 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9785980-0 download attempt (malware-other.rules) * 1:56200 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server command injection attempt (server-webapp.rules) * 1:56201 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server command injection attempt (server-webapp.rules) * 1:56202 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server command injection attempt (server-webapp.rules) * 1:56203 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic Server command injection attempt (server-webapp.rules) * 1:56204 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Kimsuky variant outbound connection (malware-cnc.rules) * 1:56205 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules) * 1:56206 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Kimsuky variant outbound connection (malware-cnc.rules) * 1:56207 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Kimsuky variant outbound connection (malware-cnc.rules) * 1:56214 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9786645-0 download attempt (malware-other.rules) * 1:56215 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9786645-0 download attempt (malware-other.rules) * 1:56223 <-> DISABLED <-> POLICY-OTHER PyYAML Python object serialization attempt (policy-other.rules) * 1:56224 <-> DISABLED <-> POLICY-OTHER PyYAML Python object serialization attempt (policy-other.rules) * 1:56230 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Cryptography Driver privilege escalation attempt (os-windows.rules) * 1:56231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel Cryptography Driver privilege escalation attempt (os-windows.rules) * 1:56232 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Scar-9787415-0 download attempt (malware-other.rules) * 1:56233 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Scar-9787415-0 download attempt (malware-other.rules) * 1:56234 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Scar-9787423-0 download attempt (malware-other.rules) * 1:56235 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Scar-9787423-0 download attempt (malware-other.rules) * 1:56236 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-9787439-0 download attempt (malware-other.rules) * 1:56237 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-9787439-0 download attempt (malware-other.rules) * 1:56238 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9787440-0 download attempt (malware-other.rules) * 1:56239 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9787440-0 download attempt (malware-other.rules) * 1:56240 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Scar-9787525-0 download attempt (malware-other.rules) * 1:56241 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Scar-9787525-0 download attempt (malware-other.rules) * 1:56242 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Scar-9787528-0 download attempt (malware-other.rules) * 1:56243 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Scar-9787528-0 download attempt (malware-other.rules) * 1:56244 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-9787572-0 download attempt (malware-other.rules) * 1:56245 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nitol-9787572-0 download attempt (malware-other.rules) * 1:56246 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9789017-0 download attempt (malware-other.rules) * 1:56247 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9789017-0 download attempt (malware-other.rules) * 1:56248 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9789055-0 download attempt (malware-other.rules) * 1:56249 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9789055-0 download attempt (malware-other.rules) * 1:56250 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9789215-0 download attempt (malware-other.rules) * 1:56251 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9789215-0 download attempt (malware-other.rules) * 1:56252 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Burda-9789442-0 download attempt (malware-other.rules) * 1:56253 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Burda-9789442-0 download attempt (malware-other.rules) * 1:56254 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX graphics kernel subsystem privilege escalation attempt (os-windows.rules) * 1:56255 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX graphics kernel subsystem privilege escalation attempt (os-windows.rules) * 1:56256 <-> ENABLED <-> MALWARE-OTHER Unix.Worm.Gitpaste12 variant download attempt (malware-other.rules) * 1:56257 <-> ENABLED <-> MALWARE-OTHER Unix.Worm.Gitpaste12 variant download attempt (malware-other.rules) * 1:56258 <-> DISABLED <-> MALWARE-OTHER Unix.Worm.Gitpaste12 variant outbound infection attempt (malware-other.rules) * 1:56259 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k DirectComposition privilege escalation attempt (os-windows.rules) * 1:56260 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k DirectComposition privilege escalation attempt (os-windows.rules) * 1:56261 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:56262 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:56263 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32k privilege escalation attempt (file-executable.rules) * 1:56264 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Win32k privilege escalation attempt (file-executable.rules) * 1:56276 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crat variant outbound connection (malware-cnc.rules) * 1:56277 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious document download (malware-other.rules) * 1:56278 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious document download (malware-other.rules) * 1:56279 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56280 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56282 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56283 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56284 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56285 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56286 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:56287 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:56288 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:56289 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:56290 <-> ENABLED <-> OS-WINDOWS Microsoft Windows malicious Netlogon NetrServerAuthenticate3 request attempt (os-windows.rules) * 1:56291 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download attempt (malware-other.rules) * 1:56292 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56293 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:56295 <-> DISABLED <-> FILE-OTHER Microsoft Windows Common Log Files System driver privilege escalation attempt (file-other.rules) * 1:56296 <-> DISABLED <-> FILE-OTHER Microsoft Windows Common Log Files System driver privilege escalation attempt (file-other.rules) * 1:56299 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9789726-0 download attempt (malware-other.rules) * 1:56300 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9789726-0 download attempt (malware-other.rules) * 1:56301 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS read procedure remote code execution attempt (os-windows.rules) * 1:56302 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NFS read procedure remote code execution attempt (os-windows.rules) * 1:56303 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint machineKey information disclosure attempt (server-webapp.rules) * 1:56304 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:56305 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint remote code execution attempt (server-webapp.rules) * 1:56309 <-> DISABLED <-> PROTOCOL-RPC Windows Network File System denial of service attempt (protocol-rpc.rules) * 1:56310 <-> ENABLED <-> PROTOCOL-RPC Windows Network File System RPCSEC_GSS_INIT message attempt (protocol-rpc.rules) * 1:56311 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS v3 Server heap overflow denial of service attempt (os-windows.rules) * 1:56312 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NFS v3 Server heap overflow denial of service attempt (os-windows.rules) * 1:56313 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56314 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Crat malicious executable download (malware-other.rules) * 1:56315 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9790943-0 download attempt (malware-other.rules) * 1:56316 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9790943-0 download attempt (malware-other.rules) * 1:56317 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9791097-0 download attempt (malware-other.rules) * 1:56318 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9791097-0 download attempt (malware-other.rules) * 1:56319 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Yifgvsfb-9791273-0 download attempt (malware-other.rules) * 1:56320 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Yifgvsfb-9791273-0 download attempt (malware-other.rules) * 1:56321 <-> DISABLED <-> POLICY-OTHER IBM Spectrum Protect Plus admin credentials reset attempt (policy-other.rules) * 1:56322 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Adf67bab-9789932-0 download attempt (malware-other.rules) * 1:56323 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Adf67bab-9789932-0 download attempt (malware-other.rules) * 1:56324 <-> DISABLED <-> SERVER-WEBAPP KingComposer plugin for WordPress cross site scripting attempt (server-webapp.rules) * 1:56325 <-> DISABLED <-> SERVER-WEBAPP KingComposer plugin for WordPress cross site scripting attempt (server-webapp.rules) * 1:56326 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fusioncoredownldr-9790249-0 download attempt (malware-other.rules) * 1:56327 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fusioncoredownldr-9790249-0 download attempt (malware-other.rules) * 1:56328 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56329 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9791863-0 download attempt (malware-other.rules) * 1:56330 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56331 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Rukoma-9792185-0 download attempt (malware-other.rules) * 1:56332 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56333 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9792718-0 download attempt (malware-other.rules) * 1:56334 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56335 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Ursu-9792860-0 download attempt (malware-other.rules) * 1:56336 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56337 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Zusy-9792896-0 download attempt (malware-other.rules) * 1:56338 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56339 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dagava-9793006-0 download attempt (malware-other.rules) * 1:56340 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56341 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Daws-9793378-0 download attempt (malware-other.rules) * 1:56342 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56343 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793635-0 download attempt (malware-other.rules) * 1:56344 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56345 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793638-0 download attempt (malware-other.rules) * 1:56346 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56347 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Icloader-9793684-0 download attempt (malware-other.rules) * 1:56348 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56349 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Chen-9793785-0 download attempt (malware-other.rules) * 1:56350 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56351 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793863-0 download attempt (malware-other.rules) * 1:56352 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56353 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793788-0 download attempt (malware-other.rules) * 1:56354 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56355 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9793953-0 download attempt (malware-other.rules) * 1:56356 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56357 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9794293-0 download attempt (malware-other.rules) * 1:56358 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56359 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ulise-9794347-0 download attempt (malware-other.rules) * 1:56360 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56361 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Playtech-9794342-0 download attempt (malware-other.rules) * 1:56362 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56363 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9794403-0 download attempt (malware-other.rules) * 1:56364 <-> DISABLED <-> SERVER-WEBAPP D-Link DSR-250N denial of service attempt (server-webapp.rules) * 1:56367 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56368 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GlitchPOS variant outbound connection attempt (malware-cnc.rules) * 1:56369 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56370 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.GlitchPOS malicious executable download attempt (malware-other.rules) * 1:56371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56372 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant download attempt (malware-cnc.rules) * 1:56377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ComRAT variant binary download attempt (malware-cnc.rules) * 1:56383 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56384 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56385 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56386 <-> DISABLED <-> PROTOCOL-SCADA Advantech DiagAnywhere remote code execution attempt (protocol-scada.rules) * 1:56387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raccoon CNC decryption key response (malware-cnc.rules) * 1:56388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Raccoon data exfiltration attempt (malware-cnc.rules) * 1:56391 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Racoon outbound connection attempt (malware-cnc.rules) * 1:56392 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56393 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794567-0 download attempt (malware-other.rules) * 1:56394 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56395 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9794593-0 download attempt (malware-other.rules) * 1:56396 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56397 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9794604-0 download attempt (malware-other.rules) * 1:56398 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56399 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot-9794652-0 download attempt (malware-other.rules) * 1:56400 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56401 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9794901-0 download attempt (malware-other.rules) * 1:56402 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56403 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9795078-0 download attempt (malware-other.rules) * 1:56404 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:56405 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:56406 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56407 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules) * 1:56408 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CsJaasServiceServlet access detected (policy-other.rules) * 1:56409 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretService.jsp access detected (policy-other.rules) * 1:56410 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable AuthTokenServlet access detected (policy-other.rules) * 1:56411 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable ClientServicesServlet access detected (policy-other.rules) * 1:56412 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable CTMServlet access detected (policy-other.rules) * 1:56413 <-> DISABLED <-> POLICY-OTHER Cisco Security Manager vulnerable SecretServiceServlet access detected (policy-other.rules) * 1:56414 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56415 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56416 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager XmpFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56417 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56418 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56419 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager SampleFileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:56420 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56421 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56422 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager resultsFrame directory traversal attempt (server-webapp.rules) * 1:56423 <-> ENABLED <-> SERVER-WEBAPP Cisco Security Manager xdmProxy directory traversal attempt (server-webapp.rules) * 1:56425 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules) * 1:56426 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Genpack-9795954-0 download attempt (malware-other.rules) * 1:56427 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:56428 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:56429 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:56430 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:56432 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:56433 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:56434 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:56435 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules) * 1:56436 <-> DISABLED <-> SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt (server-webapp.rules) * 1:56437 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules) * 1:56438 <-> DISABLED <-> BROWSER-CHROME Google Chrome Blink Renderer MediaElementEventListener memory corruption attempt (browser-chrome.rules) * 1:56439 <-> DISABLED <-> POLICY-OTHER Kubernetes Dashboard authentication bypass information disclosure attempt (policy-other.rules) * 1:56445 <-> ENABLED <-> SERVER-WEBAPP Java Library UniversalExtractor unauthorized deserialization attempt (server-webapp.rules) * 1:56446 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules) * 1:56449 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules) * 1:56450 <-> DISABLED <-> BROWSER-CHROME Microsoft Teams Electron framework command injection attempt (browser-chrome.rules) * 1:56453 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules) * 1:56454 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9796608-0 download attempt (malware-other.rules) * 1:56455 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules) * 1:56456 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9797289-0 download attempt (malware-other.rules) * 1:56457 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules) * 1:56458 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Nwh1dlg-9797380-0 download attempt (malware-other.rules) * 1:56459 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules) * 1:56460 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9797422-0 download attempt (malware-other.rules) * 1:56461 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules) * 1:56462 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9797509-0 download attempt (malware-other.rules) * 1:56463 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules) * 1:56464 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Morto-9797503-0 download attempt (malware-other.rules) * 1:56465 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules) * 1:56466 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Amonetize-9797769-0 download attempt (malware-other.rules) * 1:56467 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules) * 1:56468 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Downloader.Amonetize-9797772-0 download attempt (malware-other.rules) * 1:56469 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules) * 1:56470 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Uztub-9798162-0 download attempt (malware-other.rules) * 1:56471 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules) * 1:56472 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798777-0 download attempt (malware-other.rules) * 1:56473 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules) * 1:56474 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Budt-9798951-0 download attempt (malware-other.rules) * 1:56484 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules) * 1:56485 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ursu-9799226-0 download attempt (malware-other.rules) * 1:56490 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules) * 1:56491 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9799256-0 download attempt (malware-other.rules) * 1:56492 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules) * 1:56493 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agen-9799302-0 download attempt (malware-other.rules) * 1:56494 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules) * 1:56495 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9799298-0 download attempt (malware-other.rules) * 1:56497 <-> DISABLED <-> SERVER-WEBAPP Multiple Products Java Faces ViewState deserialization remote code execution attempt (server-webapp.rules) * 1:56498 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules) * 1:56499 <-> DISABLED <-> SERVER-WEBAPP Oracle ADF Faces potential ViewState deserialization remote code execution attempt (server-webapp.rules) * 1:56511 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9800082-0 download attempt (malware-other.rules) * 1:56512 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9800082-0 download attempt (malware-other.rules) * 1:56513 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9800462-0 download attempt (malware-other.rules) * 1:56514 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9800462-0 download attempt (malware-other.rules) * 1:56515 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9800465-0 download attempt (malware-other.rules) * 1:56516 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Zeus-9800465-0 download attempt (malware-other.rules) * 1:56517 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9801059-0 download attempt (malware-other.rules) * 1:56518 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Remcos-9801059-0 download attempt (malware-other.rules) * 1:56519 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Autoptimize arbitrary PHP file upload attempt (server-webapp.rules) * 1:56520 <-> DISABLED <-> SERVER-WEBAPP QNAP QTS and Photo Station directory traversal attempt (server-webapp.rules) * 1:56521 <-> DISABLED <-> SERVER-WEBAPP QNAP QTS and Photo Station directory traversal attempt (server-webapp.rules) * 1:56522 <-> DISABLED <-> SERVER-WEBAPP QNAP QTS and Photo Station directory traversal attempt (server-webapp.rules) * 1:56523 <-> DISABLED <-> SERVER-WEBAPP Joomla Core Featured Article SQL injection attempt (server-webapp.rules) * 1:56524 <-> DISABLED <-> SERVER-WEBAPP Joomla Core Featured Article SQL injection attempt (server-webapp.rules) * 1:56525 <-> DISABLED <-> SERVER-WEBAPP Joomla Core Featured Article SQL injection attempt (server-webapp.rules) * 1:56528 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9801895-0 download attempt (malware-other.rules) * 1:56529 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9801895-0 download attempt (malware-other.rules) * 1:56530 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound communication attempt (malware-cnc.rules) * 1:56531 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.IcedId payload download attempt (malware-other.rules) * 1:56532 <-> ENABLED <-> SERVER-WEBAPP Advantech WebAccess NMS directory traversal attempt (server-webapp.rules) * 1:56533 <-> ENABLED <-> SERVER-WEBAPP Advantech WebAccess NMS directory traversal attempt (server-webapp.rules) * 1:56534 <-> ENABLED <-> SERVER-WEBAPP Advantech WebAccess NMS directory traversal attempt (server-webapp.rules) * 1:56535 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9802270-0 download attempt (malware-other.rules) * 1:56536 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9802270-0 download attempt (malware-other.rules) * 1:56537 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter POS variant download attempt (malware-other.rules) * 1:56538 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Dexter POS variant download attempt (malware-other.rules) * 1:56541 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox default content process DACL sandbox escape attempt (browser-firefox.rules) * 1:56542 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox default content process DACL sandbox escape attempt (browser-firefox.rules) * 1:56543 <-> DISABLED <-> SERVER-OTHER AnyDesk Discovery Feature crafted hostname remote code execution attempt (server-other.rules) * 1:56544 <-> DISABLED <-> SERVER-OTHER AnyDesk Discovery Feature crafted username remote code execution attempt (server-other.rules) * 1:56545 <-> DISABLED <-> SERVER-WEBAPP rConfig commands.inc.php SQL injection attempt (server-webapp.rules) * 1:56546 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Alina variant download attempt (malware-other.rules) * 1:56547 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Alina variant download attempt (malware-other.rules) * 1:56550 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI authentication bypass attempt (server-webapp.rules) * 1:56551 <-> DISABLED <-> SERVER-WEBAPP Ruckus IoT Controller Web UI OS username command injection attempt (server-webapp.rules) * 1:56554 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server 2010 deserialization attempt (server-other.rules) * 1:56555 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.RegretLocker malicious executable download attempt (malware-other.rules) * 1:56556 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.RegretLocker malicious executable download attempt (malware-other.rules) * 1:56557 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules) * 1:56558 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics365 Finance and Operations remote code execution attempt (server-webapp.rules) * 1:56559 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint web.config access attempt (policy-other.rules) * 1:56560 <-> DISABLED <-> POLICY-OTHER Microsoft SharePoint external ImportWeb attempt (policy-other.rules) * 1:56561 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB authenticated remote code execution attempt (os-windows.rules) * 1:56562 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB authenticated remote code execution attempt (os-windows.rules) * 1:56563 <-> DISABLED <-> SERVER-WEBAPP Apache Server mod_proxy Error Page cross site scripting attempt (server-webapp.rules) * 1:56564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PowerRatankba variant download attempt (malware-cnc.rules) * 1:56565 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Trojan.AnchorBotDNS variant outbound ICMP connection (indicator-compromise.rules) * 1:56566 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorInstaller variant download attempt (malware-tools.rules) * 1:56567 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.AnchorbotDNS variant download attempt (malware-tools.rules) * 1:56568 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Anchorbot variant download attempt (malware-tools.rules) * 1:56569 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.MemscraperDNS variant download attempt (malware-tools.rules) * 1:56570 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Memscraper variant download attempt (malware-tools.rules) * 1:56571 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 SET_INFO information disclosure attempt (os-windows.rules) * 1:56574 <-> DISABLED <-> BROWSER-OTHER Microsoft Teams mention functionality displayName remote code execution attempt (browser-other.rules) * 1:56577 <-> ENABLED <-> MALWARE-CNC Lokibot outbound connection attempt (malware-cnc.rules) * 1:56578 <-> ENABLED <-> MALWARE-OTHER Lokibot download attempt (malware-other.rules) * 1:56579 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo Insight Smart Plug libUPnPHndlr.so stack buffer overflow attempt (server-webapp.rules) * 1:56580 <-> DISABLED <-> POLICY-OTHER file URI redirect attempt (policy-other.rules) * 1:56581 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56582 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56583 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56584 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56585 <-> DISABLED <-> MALWARE-TOOLS GhostPack Rubeus kerberos request attempt (malware-tools.rules) * 1:56586 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ServiceDesk Plus arbitrary JSP file upload attempt (server-webapp.rules) * 1:56587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.SSLBeacon variant certificate exchange attempt (malware-cnc.rules) * 1:56592 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56593 <-> DISABLED <-> MALWARE-CNC Cobalt Strike DNS beacon inbound TXT record (malware-cnc.rules) * 1:56594 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56595 <-> DISABLED <-> MALWARE-BACKDOOR MultiOS.Malware.GORAT malware download attempt (malware-backdoor.rules) * 1:56596 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56597 <-> DISABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communications attempt (malware-cnc.rules) * 1:56598 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original inbound connection attempt (malware-cnc.rules) * 1:56599 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original stager outbound connection attempt (malware-cnc.rules) * 1:566 <-> DISABLED <-> APP-DETECT PCAnywhere server response (app-detect.rules) * 1:56600 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56601 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Stager 2 download attempt (malware-cnc.rules) * 1:56602 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original Server 3 inbound beacon attempt (malware-cnc.rules) * 1:56603 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.CSBundle_Original outbound connection attempt (malware-cnc.rules) * 1:56604 <-> DISABLED <-> SERVER-WEBAPP Microsoft Dynamics NAV remote code execution attempt (server-webapp.rules) * 1:56605 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56606 <-> ENABLED <-> MALWARE-CNC Rat.Tool.CSBundleUSATodayServer variant inbound command attempt (malware-cnc.rules) * 1:56607 <-> DISABLED <-> MALWARE-CNC potential Rat.Tool.CSBundleUSAToday connectivity check (malware-cnc.rules) * 1:56608 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon inbound connection attempt (malware-other.rules) * 1:56609 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56610 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56611 <-> DISABLED <-> MALWARE-OTHER Cobalt Strike beacon outbound connection attempt (malware-other.rules) * 1:56612 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56613 <-> DISABLED <-> MALWARE-CNC Rat.Tool.FeyeYelp variant outbound beacon attempt (malware-cnc.rules) * 1:56614 <-> DISABLED <-> MALWARE-BACKDOOR Cobalt Strike beacon connection attempt (malware-backdoor.rules) * 1:56615 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56616 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon outbound connection attempt (malware-cnc.rules) * 1:56617 <-> DISABLED <-> MALWARE-CNC Cobalt Strike beacon inbound connection attempt (malware-cnc.rules) * 1:56618 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Waldek-9805060-0 download attempt (malware-other.rules) * 1:56619 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Waldek-9805060-0 download attempt (malware-other.rules) * 1:56620 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9805443-0 download attempt (malware-other.rules) * 1:56621 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9805443-0 download attempt (malware-other.rules) * 1:56622 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9805453-0 download attempt (malware-other.rules) * 1:56623 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9805453-0 download attempt (malware-other.rules) * 1:56624 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56625 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56626 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56627 <-> DISABLED <-> SERVER-WEBAPP rConfig command injection attempt (server-webapp.rules) * 1:56628 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules) * 1:56629 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Ap0calypseRAT-9805570-0 download attempt (malware-other.rules) * 1:56630 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules) * 1:56631 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opesup-9805608-0 download attempt (malware-other.rules) * 1:56632 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules) * 1:56633 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Ezsoftwareupdater-9805635-0 download attempt (malware-other.rules) * 1:56634 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules) * 1:56635 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Jpbv-9805695-0 download attempt (malware-other.rules) * 1:56636 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules) * 1:56637 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9806289-0 download attempt (malware-other.rules) * 1:56638 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules) * 1:56639 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mahato-9806484-0 download attempt (malware-other.rules) * 1:56640 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules) * 1:56641 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9806564-0 download attempt (malware-other.rules) * 1:56642 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules) * 1:56643 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9807018-0 download attempt (malware-other.rules) * 1:56644 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules) * 1:56645 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Nanocore-9807037-0 download attempt (malware-other.rules) * 1:56646 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules) * 1:56647 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807047-0 download attempt (malware-other.rules) * 1:56648 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules) * 1:56649 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Crossrider-9807045-0 download attempt (malware-other.rules) * 1:56650 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules) * 1:56651 <-> DISABLED <-> MALWARE-OTHER Win.Adware.Esprot-9807942-0 download attempt (malware-other.rules) * 1:56652 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules) * 1:56653 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Esprot-9807946-0 download attempt (malware-other.rules) * 1:56654 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules) * 1:56655 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Smalltrojan-9807963-0 download attempt (malware-other.rules) * 1:56656 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules) * 1:56657 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9808656-0 download attempt (malware-other.rules) * 1:56660 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:56661 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:56662 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules) * 1:56663 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules) * 1:56664 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules) * 1:56665 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:56666 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules) * 1:56667 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst inbound connection attempt (malware-cnc.rules) * 1:56668 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:56669 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules) * 1:56670 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ramnit-9808983-0 download attempt (malware-other.rules) * 1:56671 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules) * 1:56672 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9809114-0 download attempt (malware-other.rules) * 1:56673 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules) * 1:56674 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809232-0 download attempt (malware-other.rules) * 1:56675 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules) * 1:56676 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809233-0 download attempt (malware-other.rules) * 1:56677 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules) * 1:56678 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809234-0 download attempt (malware-other.rules) * 1:56679 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules) * 1:56680 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809236-0 download attempt (malware-other.rules) * 1:56681 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules) * 1:56682 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809289-0 download attempt (malware-other.rules) * 1:56683 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules) * 1:56684 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809288-0 download attempt (malware-other.rules) * 1:56685 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules) * 1:56686 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809290-0 download attempt (malware-other.rules) * 1:56687 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules) * 1:56688 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809291-0 download attempt (malware-other.rules) * 1:56689 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules) * 1:56690 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809292-0 download attempt (malware-other.rules) * 1:56691 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules) * 1:56692 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809293-0 download attempt (malware-other.rules) * 1:56693 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules) * 1:56694 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809302-0 download attempt (malware-other.rules) * 1:56695 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules) * 1:56696 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9809303-0 download attempt (malware-other.rules) * 1:56697 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules) * 1:56698 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809310-0 download attempt (malware-other.rules) * 1:56699 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules) * 1:567 <-> DISABLED <-> SERVER-MAIL SMTP relaying denied (server-mail.rules) * 1:56700 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809311-0 download attempt (malware-other.rules) * 1:56701 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules) * 1:56702 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Napolar-9809317-0 download attempt (malware-other.rules) * 1:56703 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules) * 1:56704 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9809358-0 download attempt (malware-other.rules) * 1:56705 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules) * 1:56706 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809405-0 download attempt (malware-other.rules) * 1:56707 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules) * 1:56708 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809423-0 download attempt (malware-other.rules) * 1:56709 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules) * 1:56710 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Magania-9809425-0 download attempt (malware-other.rules) * 1:56711 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules) * 1:56712 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9809656-0 download attempt (malware-other.rules) * 1:56713 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules) * 1:56714 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9809680-0 download attempt (malware-other.rules) * 1:56715 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules) * 1:56716 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Priplut-9809769-0 download attempt (malware-other.rules) * 1:56717 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Egregor variant outbound connection (malware-cnc.rules) * 1:56718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules) * 1:56719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.xDLL variant outbound communication attempt (malware-cnc.rules) * 1:56720 <-> DISABLED <-> SERVER-WEBAPP Citrix ADC and Gateway authentication bypass attempt (server-webapp.rules) * 1:56730 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56731 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fareit-9810681-0 download attempt (malware-other.rules) * 1:56732 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56733 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zeroaccess-9811539-0 download attempt (malware-other.rules) * 1:56734 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56735 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Pcclient-9811524-0 download attempt (malware-other.rules) * 1:56736 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56737 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generic-9812011-0 download attempt (malware-other.rules) * 1:56738 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56739 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812035-0 download attempt (malware-other.rules) * 1:56740 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56741 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812036-0 download attempt (malware-other.rules) * 1:56742 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56743 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812037-0 download attempt (malware-other.rules) * 1:56744 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56745 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9811987-0 download attempt (malware-other.rules) * 1:56746 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56747 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9811997-0 download attempt (malware-other.rules) * 1:56748 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56749 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812114-0 download attempt (malware-other.rules) * 1:56750 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56751 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812058-0 download attempt (malware-other.rules) * 1:56752 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56753 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9812070-0 download attempt (malware-other.rules) * 1:56754 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56755 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Generickdz-9812083-0 download attempt (malware-other.rules) * 1:56756 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56757 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zusy-9812442-0 download attempt (malware-other.rules) * 1:56758 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56759 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ceeinject-9812597-0 download attempt (malware-other.rules) * 1:56760 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56761 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9812612-0 download attempt (malware-other.rules) * 1:56762 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56763 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upantix-9812630-0 download attempt (malware-other.rules) * 1:56764 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56765 <-> DISABLED <-> MALWARE-OTHER Win.Malware.3400da6c-9812978-0 download attempt (malware-other.rules) * 1:56766 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56767 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Shiz-9814645-0 download attempt (malware-other.rules) * 1:56768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Supernova Webshell Command and Control attempt (malware-cnc.rules) * 1:56769 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:5677 <-> DISABLED <-> NETBIOS SMB Session Setup username overflow attempt (netbios.rules) * 1:56770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qbot outbound connection attempt (malware-cnc.rules) * 1:56772 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56773 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56774 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56775 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qbot variant download attempt (malware-other.rules) * 1:56776 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56777 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Gamarue-9811452-0 download attempt (malware-other.rules) * 1:56778 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:56779 <-> DISABLED <-> SERVER-WEBAPP ARRIS VAP2500 list_mac_address cmb_macaddrfilter command injection attempt (server-webapp.rules) * 1:5678 <-> DISABLED <-> NETBIOS SMB-DS Session Setup username overflow attempt (netbios.rules) * 1:56780 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56781 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Cerber-9815517-0 download attempt (malware-other.rules) * 1:56782 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56783 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Bunitu-9815611-0 download attempt (malware-other.rules) * 1:56784 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56785 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56786 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56787 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56788 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56789 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:5679 <-> DISABLED <-> NETBIOS SMB-DS Session Setup unicode username overflow attempt (netbios.rules) * 1:56790 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56791 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56792 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56793 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56794 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56795 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56796 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56798 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Qbot outbound connection attempt (malware-cnc.rules) * 1:56799 <-> DISABLED <-> SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:568 <-> DISABLED <-> POLICY-OTHER HP JetDirect LCD modification attempt (policy-other.rules) * 1:5680 <-> DISABLED <-> NETBIOS SMB Session Setup username overflow attempt (netbios.rules) * 1:56800 <-> DISABLED <-> SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56801 <-> DISABLED <-> SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:56802 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56803 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Kuluoz-9815697-0 download attempt (malware-other.rules) * 1:56804 <-> DISABLED <-> SERVER-IIS Microsoft ASP.NET bad request denial of service attempt (server-iis.rules) * 1:56805 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Yddld-9815757-0 download attempt (malware-other.rules) * 1:56806 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Yddld-9815757-0 download attempt (malware-other.rules) * 1:56807 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9815758-0 download attempt (malware-other.rules) * 1:56808 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9815758-0 download attempt (malware-other.rules) * 1:56809 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Yddld-9816553-0 download attempt (malware-other.rules) * 1:5681 <-> DISABLED <-> NETBIOS SMB Session Setup unicode username overflow attempt (netbios.rules) * 1:56810 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Yddld-9816553-0 download attempt (malware-other.rules) * 1:56811 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bladabindi-9816601-0 download attempt (malware-other.rules) * 1:56812 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Bladabindi-9816601-0 download attempt (malware-other.rules) * 1:56813 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Qbot-9817504-0 download attempt (malware-other.rules) * 1:56814 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Qbot-9817504-0 download attempt (malware-other.rules) * 1:56815 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Trojanx-9818175-0 download attempt (malware-other.rules) * 1:56816 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Trojanx-9818175-0 download attempt (malware-other.rules) * 1:56817 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Quchispy-9818300-0 download attempt (malware-other.rules) * 1:56818 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Quchispy-9818300-0 download attempt (malware-other.rules) * 1:56819 <-> DISABLED <-> MALWARE-OTHER Unix.Miner.PGMiner variant exploit attempt (malware-other.rules) * 1:5682 <-> DISABLED <-> NETBIOS SMB Session Setup unicode andx username overflow attempt (netbios.rules) * 1:56820 <-> DISABLED <-> MALWARE-OTHER Unix.Miner.PGMiner variant dropped bash script (malware-other.rules) * 1:56821 <-> DISABLED <-> MALWARE-OTHER Unix.Miner.PGMiner variant exploit attempt (malware-other.rules) * 1:56822 <-> DISABLED <-> SERVER-WEBAPP Grafana Labs Grafana denial of service attempt (server-webapp.rules) * 1:56823 <-> DISABLED <-> SERVER-WEBAPP Citrix CakePHP command injection attempt (server-webapp.rules) * 1:56824 <-> DISABLED <-> SERVER-WEBAPP Citrix CakePHP command injection attempt (server-webapp.rules) * 1:56825 <-> DISABLED <-> POLICY-OTHER SolarWinds Orion version lookup attempt (policy-other.rules) * 1:56826 <-> ENABLED <-> SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (server-webapp.rules) * 1:56827 <-> ENABLED <-> SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (server-webapp.rules) * 1:56828 <-> ENABLED <-> SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (server-webapp.rules) * 1:56829 <-> ENABLED <-> SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (server-webapp.rules) * 1:5683 <-> DISABLED <-> NETBIOS SMB Session Setup andx username overflow attempt (netbios.rules) * 1:56830 <-> DISABLED <-> SERVER-WEBAPP WordPress Adning Advertising plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:56831 <-> DISABLED <-> SERVER-WEBAPP WordPress Adning Advertising plugin arbitrary PHP file upload attempt (server-webapp.rules) * 1:56833 <-> DISABLED <-> SERVER-WEBAPP WordPress plugin Total Upkeep database backup download attempt (server-webapp.rules) * 1:56834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TroubleGrabber outbound communication attempt (malware-cnc.rules) * 1:56836 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:56837 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.TroubleGrabber external tools download attempt (malware-other.rules) * 1:5684 <-> DISABLED <-> NETBIOS SMB Session Setup unicode andx username overflow attempt (netbios.rules) * 1:56845 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules) * 1:56846 <-> ENABLED <-> BROWSER-OTHER Cisco Jabber protocol cross-site scripting attempt (browser-other.rules) * 1:56849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:56850 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:56851 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:56852 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:56853 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:56854 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:56855 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:56856 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules) * 1:56857 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Defender buffer overflow attempt (file-executable.rules) * 1:56858 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Defender buffer overflow attempt (file-executable.rules) * 1:56859 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Defender buffer overflow attempt (file-executable.rules) * 1:56860 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Defender buffer overflow attempt (file-executable.rules) * 1:56862 <-> ENABLED <-> MALWARE-CNC MultiOS.Malware.GORAT outbound communication attempt (malware-cnc.rules) * 1:56863 <-> ENABLED <-> MALWARE-CNC MultiOS.Malware.GORAT command and control response attempt (malware-cnc.rules) * 1:56864 <-> ENABLED <-> MALWARE-CNC MultiOS.Malware.GORAT command and control SSL certificate (malware-cnc.rules) * 1:56865 <-> ENABLED <-> SERVER-OTHER Microsoft Sharepoint Server remote code execution attempt (server-other.rules) * 1:56877 <-> DISABLED <-> SERVER-WEBAPP Nagios XI mibs.php remote command injection attempt (server-webapp.rules) * 1:56878 <-> DISABLED <-> SERVER-WEBAPP Nagios XI mibs.php remote command injection attempt (server-webapp.rules) * 1:56879 <-> DISABLED <-> SERVER-WEBAPP Nagios XI mibs.php remote command injection attempt (server-webapp.rules) * 1:56880 <-> DISABLED <-> SERVER-WEBAPP Nagios XI mibs.php remote command injection attempt (server-webapp.rules) * 1:56886 <-> DISABLED <-> EXPLOIT-KIT RIG EK GandCrab page access attempt (exploit-kit.rules) * 1:56887 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.BumbleBee webshell access detected (malware-backdoor.rules) * 1:56888 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.BumbleBee webshell transfer attempt (malware-backdoor.rules) * 1:56889 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.BumbleBee webshell access detected (malware-backdoor.rules) * 1:56890 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.BumbleBee webshell transfer attempt (malware-backdoor.rules) * 1:56891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BasicPipeShell variant communication attempt (malware-cnc.rules) * 1:56892 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BasicPipeShell variant communication attempt (malware-cnc.rules) * 1:56895 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Xowgc8j-9819208-0 download attempt (malware-other.rules) * 1:56896 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Xowgc8j-9819208-0 download attempt (malware-other.rules) * 1:56897 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9819490-0 download attempt (malware-other.rules) * 1:56898 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9819490-0 download attempt (malware-other.rules) * 1:56899 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9819505-0 download attempt (malware-other.rules) * 1:569 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt TCP (protocol-rpc.rules) * 1:56900 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Tiny-9819505-0 download attempt (malware-other.rules) * 1:56901 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9819756-0 download attempt (malware-other.rules) * 1:56902 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9819756-0 download attempt (malware-other.rules) * 1:56903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9820100-0 download attempt (malware-other.rules) * 1:56904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Mikey-9820100-0 download attempt (malware-other.rules) * 1:56905 <-> DISABLED <-> POLICY-OTHER WordPress Easy WP SMTP plugin debug log file access attempt (policy-other.rules) * 1:56906 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9821266-0 download attempt (malware-other.rules) * 1:56907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Emotet-9821266-0 download attempt (malware-other.rules) * 1:56908 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9821529-0 download attempt (malware-other.rules) * 1:56909 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9821529-0 download attempt (malware-other.rules) * 1:56910 <-> DISABLED <-> MALWARE-OTHER Unix.Keylogger.Asacub-9821542-0 download attempt (malware-other.rules) * 1:56911 <-> DISABLED <-> MALWARE-OTHER Unix.Keylogger.Asacub-9821542-0 download attempt (malware-other.rules) * 1:56912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9821797-0 download attempt (malware-other.rules) * 1:56913 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ursu-9821797-0 download attempt (malware-other.rules) * 1:56914 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9822059-0 download attempt (malware-other.rules) * 1:56915 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cerbu-9822059-0 download attempt (malware-other.rules) * 1:56916 <-> ENABLED <-> SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (server-webapp.rules) * 1:56917 <-> ENABLED <-> SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (server-webapp.rules) * 1:56918 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qqpass-9822210-0 download attempt (malware-other.rules) * 1:56919 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qqpass-9822210-0 download attempt (malware-other.rules) * 1:5692 <-> DISABLED <-> PUA-P2P Skype client successful install (pua-p2p.rules) * 1:56920 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qqpass-9822211-0 download attempt (malware-other.rules) * 1:56921 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qqpass-9822211-0 download attempt (malware-other.rules) * 1:56922 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qqpass-9822241-0 download attempt (malware-other.rules) * 1:56923 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Qqpass-9822241-0 download attempt (malware-other.rules) * 1:56924 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9822370-0 download attempt (malware-other.rules) * 1:56925 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9822370-0 download attempt (malware-other.rules) * 1:56926 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Trickbot Trickboot module download attempt (malware-tools.rules) * 1:56927 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Trickbot Trickboot module download attempt (malware-tools.rules) * 1:56928 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Trickbot Trickboot module download attempt (malware-tools.rules) * 1:56929 <-> DISABLED <-> MALWARE-TOOLS Win.Trojan.Trickbot Trickboot module download attempt (malware-tools.rules) * 1:5693 <-> DISABLED <-> PUA-P2P Skype client start up get latest version attempt (pua-p2p.rules) * 1:56930 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.FANCYBEAR variant binary download attempt (malware-other.rules) * 1:56931 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.FANCYBEAR variant binary download attempt (malware-other.rules) * 1:56932 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.FANCYBEAR variant binary download attempt (malware-other.rules) * 1:56933 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.FANCYBEAR variant binary download attempt (malware-other.rules) * 1:56934 <-> ENABLED <-> SERVER-WEBAPP Nagios XI ajaxhelper command injection attempt (server-webapp.rules) * 1:56935 <-> ENABLED <-> SERVER-WEBAPP Nagios XI ajaxhelper command injection attempt (server-webapp.rules) * 1:56936 <-> ENABLED <-> SERVER-WEBAPP Nagios XI ajaxhelper command injection attempt (server-webapp.rules) * 1:56937 <-> ENABLED <-> SERVER-WEBAPP Nagios XI ajaxhelper command injection attempt (server-webapp.rules) * 1:5694 <-> DISABLED <-> PUA-P2P Skype client setup get newest version attempt (pua-p2p.rules) * 1:56948 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Stantinko-9822477-0 download attempt (malware-other.rules) * 1:56949 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Stantinko-9822477-0 download attempt (malware-other.rules) * 1:56951 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Medfos-9822521-0 download attempt (malware-other.rules) * 1:56952 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Medfos-9822521-0 download attempt (malware-other.rules) * 1:5696 <-> DISABLED <-> PROTOCOL-IMAP delete directory traversal attempt (protocol-imap.rules) * 1:56964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9822841-0 download attempt (malware-other.rules) * 1:56965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9822841-0 download attempt (malware-other.rules) * 1:56966 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound communication attempt (malware-cnc.rules) * 1:56967 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules) * 1:56968 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823253-0 download attempt (malware-other.rules) * 1:56969 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules) * 1:5697 <-> DISABLED <-> PROTOCOL-IMAP examine directory traversal attempt (protocol-imap.rules) * 1:56970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Emotet-9823374-0 download attempt (malware-other.rules) * 1:56971 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules) * 1:56972 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823442-0 download attempt (malware-other.rules) * 1:56973 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules) * 1:56974 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823448-0 download attempt (malware-other.rules) * 1:56975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules) * 1:56976 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9823510-0 download attempt (malware-other.rules) * 1:56977 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules) * 1:56978 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823545-0 download attempt (malware-other.rules) * 1:56979 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules) * 1:5698 <-> DISABLED <-> PROTOCOL-IMAP list directory traversal attempt (protocol-imap.rules) * 1:56980 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Winsecsrv-9823554-0 download attempt (malware-other.rules) * 1:56981 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules) * 1:56982 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823887-0 download attempt (malware-other.rules) * 1:56983 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules) * 1:56984 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Emotet-9823901-0 download attempt (malware-other.rules) * 1:56985 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules) * 1:56986 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9823969-0 download attempt (malware-other.rules) * 1:56987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules) * 1:56988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedID variant extra payload download attempt (malware-cnc.rules) * 1:56989 <-> DISABLED <-> SERVER-WEBAPP Apache OpenMeetings NetTest denial of service attempt (server-webapp.rules) * 1:5699 <-> DISABLED <-> PROTOCOL-IMAP lsub directory traversal attempt (protocol-imap.rules) * 1:56990 <-> DISABLED <-> SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (server-webapp.rules) * 1:56991 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules) * 1:56992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules) * 1:56993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ElectroRat outbound connection attempt (malware-cnc.rules) * 1:56996 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules) * 1:56997 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urelas-9825378-0 download attempt (malware-other.rules) * 1:56998 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules) * 1:56999 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cowq-9825380-0 download attempt (malware-other.rules) * 1:5700 <-> DISABLED <-> PROTOCOL-IMAP rename directory traversal attempt (protocol-imap.rules) * 1:57002 <-> DISABLED <-> SERVER-WEBAPP Belkin Wemo UPnP cross site scripting attempt (server-webapp.rules) * 1:57003 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules) * 1:57004 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9825516-0 download attempt (malware-other.rules) * 1:57005 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules) * 1:57006 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9825410-0 download attempt (malware-other.rules) * 1:57007 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules) * 1:57008 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Demp-9825500-0 download attempt (malware-other.rules) * 1:57009 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules) * 1:5701 <-> DISABLED <-> PROTOCOL-IMAP status directory traversal attempt (protocol-imap.rules) * 1:57010 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9825486-0 download attempt (malware-other.rules) * 1:57019 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:57020 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generickdz-9825913-0 download attempt (malware-other.rules) * 1:57021 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57022 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ceyc-9825747-0 download attempt (malware-other.rules) * 1:57023 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.RansomLock-9825921-0 download attempt (malware-other.rules) * 1:57025 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57026 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Urausy-9825941-0 download attempt (malware-other.rules) * 1:57027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57028 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826021-0 download attempt (malware-other.rules) * 1:57029 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:5703 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe directory traversal attempt (protocol-imap.rules) * 1:57030 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Lockscreen-9826040-0 download attempt (malware-other.rules) * 1:57031 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57032 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zbot-9826061-0 download attempt (malware-other.rules) * 1:57033 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57034 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826539-0 download attempt (malware-other.rules) * 1:57035 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57036 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Urausy-9826537-0 download attempt (malware-other.rules) * 1:57037 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57038 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Generickdz-9826546-0 download attempt (malware-other.rules) * 1:57039 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:57040 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Karagany-9826730-0 download attempt (malware-other.rules) * 1:57041 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57042 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Nymaim-9826797-0 download attempt (malware-other.rules) * 1:57043 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57044 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Fugrafa-9826819-0 download attempt (malware-other.rules) * 1:57047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Covicli variant download attempt (malware-cnc.rules) * 1:57048 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:57049 <-> DISABLED <-> SERVER-WEBAPP SaltStack Salt API SSH Client command injection attempt (server-webapp.rules) * 1:5705 <-> DISABLED <-> PROTOCOL-IMAP CAPABILITY overflow attempt (protocol-imap.rules) * 1:57050 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules) * 1:57051 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Generickdz-9827137-0 download attempt (malware-other.rules) * 1:57054 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules) * 1:57055 <-> DISABLED <-> INDICATOR-COMPROMISE RTF objdata file download attempt (indicator-compromise.rules) * 1:5706 <-> DISABLED <-> POLICY-SOCIAL Namazu incoming namazu.cgi access (policy-social.rules) * 1:57061 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57062 <-> ENABLED <-> OS-WINDOWS GDI+ printer out of bounds write attempt (os-windows.rules) * 1:57063 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57064 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57065 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57066 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Word internal OLE object update attempt (indicator-compromise.rules) * 1:57067 <-> DISABLED <-> SERVER-OTHER HP Web JetAdmin file write attempt (server-other.rules) * 1:57068 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57069 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:5707 <-> DISABLED <-> POLICY-SOCIAL Namazu outbound namazu.cgi access (policy-social.rules) * 1:57070 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57071 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager diagnostics_doit outputfile directory traversal attempt (server-webapp.rules) * 1:57072 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57073 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57074 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers directory traversal attempt (server-webapp.rules) * 1:57075 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57076 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57077 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57078 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57079 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:57080 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57081 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57082 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57083 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57084 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57085 <-> DISABLED <-> SERVER-WEBAPP Cisco RV series routers command injection attempt (server-webapp.rules) * 1:57086 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57087 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57088 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:57089 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV Series routers command injection attempt (server-webapp.rules) * 1:5709 <-> DISABLED <-> SERVER-WEBAPP file upload directory traversal (server-webapp.rules) * 1:57090 <-> DISABLED <-> SERVER-WEBAPP Cisco Small Business RV series routers denial of service attempt (server-webapp.rules) * 1:57091 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57092 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57093 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57094 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 1:57095 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57096 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers command injection attempt (server-webapp.rules) * 1:57097 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57098 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:57099 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules) * 1:5710 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (os-windows.rules) * 1:57100 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57101 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57102 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57103 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:57104 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:57105 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57106 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules) * 1:57107 <-> DISABLED <-> OS-WINDOWS Microsoft Win32k Windows privilege escalation attempt (os-windows.rules) * 1:57108 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint Server XML external entity injection attempt (server-webapp.rules) * 1:57109 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:5711 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player zero length bitmap heap overflow attempt (file-image.rules) * 1:57110 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57111 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:57112 <-> DISABLED <-> SERVER-OTHER OpenSLP slp_process.c heap overflow attempt (server-other.rules) * 1:57113 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:57114 <-> DISABLED <-> SERVER-WEBAPP Cisco RV Series routers stack overflow attempt (server-webapp.rules) * 1:5712 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (file-image.rules) * 1:57123 <-> ENABLED <-> SERVER-OTHER Microsoft Windows DNS server remote code execution attempt (server-other.rules) * 1:57126 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules) * 1:57127 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross-site scripting attempt (server-webapp.rules) * 1:57129 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:5713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Metafile invalid header size integer overflow attempt (os-windows.rules) * 1:57130 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57131 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:57132 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57133 <-> DISABLED <-> SERVER-WEBAPP Barcodes Generator cross site scripting attempt (server-webapp.rules) * 1:57137 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:57138 <-> ENABLED <-> FILE-PDF Adobe Acrobat heap buffer overflow attempt (file-pdf.rules) * 1:5714 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari x-unix-mode executable mail attachment (browser-webkit.rules) * 1:57141 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:57142 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57143 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant F binary download attempt (malware-other.rules) * 1:57144 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57145 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57146 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57147 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant A binary download attempt (malware-other.rules) * 1:57148 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant G binary download attempt (malware-other.rules) * 1:57149 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant E binary download attempt (malware-other.rules) * 1:5715 <-> DISABLED <-> SERVER-APACHE Apache malformed ipv6 uri overflow attempt (server-apache.rules) * 1:57150 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant D binary download attempt (malware-other.rules) * 1:57151 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant C binary download attempt (malware-other.rules) * 1:57152 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57153 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger variant B binary download attempt (malware-other.rules) * 1:57154 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Masslogger download request attempt (malware-other.rules) * 1:57155 <-> DISABLED <-> PROTOCOL-SCADA Real-time Automation Ethernet/IP buffer over flow attempt (protocol-scada.rules) * 1:57156 <-> DISABLED <-> OS-LINUX Linux Kernel 4.17 out of bound access attempt (os-linux.rules) * 1:57157 <-> DISABLED <-> OS-LINUX Linux Kernel 4.17 out of bound access attempt (os-linux.rules) * 1:57158 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic consolejndi remote code execution attempt (server-webapp.rules) * 1:57159 <-> DISABLED <-> SERVER-WEBAPP Oracle WebLogic consolejndi remote code execution attempt (server-webapp.rules) * 1:5716 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57160 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using window global (indicator-obfuscation.rules) * 1:57161 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:57168 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.ObliqueRAT outbound connection attempt (malware-cnc.rules) * 1:57169 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.ObliqueRAT outbound connection attempt (malware-cnc.rules) * 1:5717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57170 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.ObliqueRAT outbound connection attempt (malware-cnc.rules) * 1:57171 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.ObliqueRAT outbound connection attempt (malware-cnc.rules) * 1:57172 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.ObliqueRAT outbound connection attempt (malware-cnc.rules) * 1:57173 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.ObliqueRAT outbound connection attempt (malware-cnc.rules) * 1:57174 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.ObliqueRAT outbound connection attempt (malware-cnc.rules) * 1:57175 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.ObliqueRAT outbound connection attempt (malware-cnc.rules) * 1:57176 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57177 <-> DISABLED <-> SERVER-WEBAPP MikroTik RouterOS buffer overflow attempt (server-webapp.rules) * 1:57178 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:57179 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS registration form cross site scripting attempt (server-webapp.rules) * 1:5718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param/Count attempt (os-windows.rules) * 1:57180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Array.prototype.pop type confusion attempt (browser-firefox.rules) * 1:57182 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57183 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57184 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57185 <-> ENABLED <-> SERVER-WEBAPP VMware administrative configurator component command injection attempt (server-webapp.rules) * 1:57188 <-> DISABLED <-> SERVER-WEBAPP Hewlett Packard Enterprise Intelligent Management Center arbitrary Java object deserialization attempt (server-webapp.rules) * 1:5719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57193 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP/IP Remote Code Execution Vulnerability attempt (os-windows.rules) * 1:57194 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57195 <-> ENABLED <-> MALWARE-CNC Doc.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57196 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Gamaredon variant outbound connection (malware-cnc.rules) * 1:57197 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57198 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57199 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to SIP port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:572 <-> DISABLED <-> PROTOCOL-RPC DOS ttdbserv Solaris (protocol-rpc.rules) * 1:5720 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57200 <-> DISABLED <-> SERVER-OTHER Multiple products outbound HTTP request to H.323 port and potential NAT slipstreaming attack attempt (server-other.rules) * 1:57201 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57202 <-> DISABLED <-> SERVER-OTHER SolarWinds Orion platform unrestricted database access attempt (server-other.rules) * 1:57203 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko outbound connection attempt (malware-cnc.rules) * 1:57204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey outbound connection attempt (malware-cnc.rules) * 1:57205 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57206 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:57207 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57208 <-> DISABLED <-> FILE-OTHER SolarWinds Serv-U FTP Server admin profile download attempt (file-other.rules) * 1:57209 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:5721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57210 <-> DISABLED <-> SERVER-WEBAPP Monstra CMS cross site scripting attempt (server-webapp.rules) * 1:57211 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57212 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57213 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57214 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Agent variant binary download attempt (malware-cnc.rules) * 1:57215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CrimsonRAT inbound connection attempt (malware-cnc.rules) * 1:57217 <-> DISABLED <-> SERVER-WEBAPP SAP Solution Manager EEM uploadResource command execution attempt (server-webapp.rules) * 1:57218 <-> DISABLED <-> SERVER-WEBAPP SAP Solution Manager EEM uploadResource server side request forgery attempt (server-webapp.rules) * 1:57219 <-> DISABLED <-> POLICY-OTHER SAP Solution Manager EEM endpoint external access attempt (policy-other.rules) * 1:5722 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57220 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Micropsia variant outbound connection attempt (malware-cnc.rules) * 1:57221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyMicropsia variant outbound connection attempt (malware-cnc.rules) * 1:57224 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager directory traversal attempt (server-webapp.rules) * 1:57225 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager directory traversal attempt (server-webapp.rules) * 1:57226 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager directory traversal attempt (server-webapp.rules) * 1:57229 <-> ENABLED <-> SERVER-WEBAPP VMware vSphere Client vROPs plugin remote code execution attempt (server-webapp.rules) * 1:5723 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57233 <-> ENABLED <-> SERVER-OTHER Microsoft Exchange Server Unified Messaging arbitrary code execution attempt (server-other.rules) * 1:57234 <-> ENABLED <-> SERVER-OTHER Microsoft Exchange Server Unified Messaging arbitrary code execution attempt (server-other.rules) * 1:57235 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57236 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57237 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57238 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57239 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:5724 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57240 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57241 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (server-webapp.rules) * 1:57242 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (server-webapp.rules) * 1:57243 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (server-webapp.rules) * 1:57244 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (server-webapp.rules) * 1:57245 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server arbitrary file write attempt (server-webapp.rules) * 1:57246 <-> ENABLED <-> SERVER-WEBAPP Microsoft Exchange Server arbitrary file write attempt (server-webapp.rules) * 1:57247 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.ColdChristmas variant binary download attempt (malware-other.rules) * 1:57248 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.ColdChristmas variant binary download attempt (malware-other.rules) * 1:5725 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57251 <-> ENABLED <-> SERVER-MAIL Microsoft Exchange Server certificate leak attempt (server-mail.rules) * 1:57252 <-> ENABLED <-> SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt (server-mail.rules) * 1:57253 <-> ENABLED <-> SERVER-MAIL Microsoft Exchange Server arbitrary file write attempt (server-mail.rules) * 1:57254 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 Beta BGsound denial of service attempt (browser-ie.rules) * 1:57255 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Same Origin Policy bypass attempt (browser-firefox.rules) * 1:57256 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC TTF parsing heap overflow attempt (file-pdf.rules) * 1:57257 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader DC TTF parsing heap overflow attempt (file-pdf.rules) * 1:57258 <-> DISABLED <-> INDICATOR-COMPROMISE suspicious generation of space character for shell attacks attempt (indicator-compromise.rules) * 1:57259 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver use after free attempt (os-windows.rules) * 1:5726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules) * 1:57260 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX kernel driver use after free attempt (os-windows.rules) * 1:57261 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component privilege escalation attempt (os-windows.rules) * 1:57262 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component privilege escalation attempt (os-windows.rules) * 1:57263 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:57264 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:57268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:57269 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:5727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules) * 1:57274 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS Server out of bounds read attempt (os-windows.rules) * 1:57275 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint attachment upload deserialization attempt (server-webapp.rules) * 1:57276 <-> DISABLED <-> SERVER-WEBAPP Microsoft SharePoint potential deserialization attempt (server-webapp.rules) * 1:57277 <-> DISABLED <-> FILE-OTHER Metasploit Gather Exchange post-exploitation tool download attempt (file-other.rules) * 1:57278 <-> DISABLED <-> FILE-OTHER Metasploit Gather Exchange post-exploitation tool download attempt (file-other.rules) * 1:57279 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Netlogon DCERPC over SMB NetrServerAuthenticate failed elevation of privilege attempt (os-windows.rules) * 1:5728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules) * 1:57280 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Netlogon NetrServerAuthenticate failed elevation of privilege attempt (os-windows.rules) * 1:57281 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Netlogon NetrServerAuthenticate failed elevation of privilege attempt (os-windows.rules) * 1:57283 <-> DISABLED <-> SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (server-webapp.rules) * 1:57284 <-> DISABLED <-> MALWARE-BACKDOOR DEWMODE webshell upload attempt (malware-backdoor.rules) * 1:57285 <-> ENABLED <-> MALWARE-BACKDOOR DEWMODE webshell cleanup attempt (malware-backdoor.rules) * 1:57286 <-> ENABLED <-> MALWARE-BACKDOOR DEWMODE webshell cleanup attempt (malware-backdoor.rules) * 1:57287 <-> ENABLED <-> MALWARE-BACKDOOR DEWMODE webshell file download attempt (malware-backdoor.rules) * 1:57288 <-> ENABLED <-> MALWARE-BACKDOOR DEWMODE webshell file download attempt (malware-backdoor.rules) * 1:57289 <-> ENABLED <-> MALWARE-BACKDOOR DEWMODE webshell outbound connection attempt (malware-backdoor.rules) * 1:5729 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules) * 1:57298 <-> ENABLED <-> SERVER-WEBAPP F5 iControl REST interface command injection attempt (server-webapp.rules) * 1:57299 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_rewrite external URL redirection attempt (server-webapp.rules) * 1:5730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param OS-WINDOWS attempt (os-windows.rules) * 1:5731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules) * 1:57311 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57312 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57313 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57314 <-> DISABLED <-> MALWARE-BACKDOOR Asp.Trojan.Hafnium web shell upload attempt (malware-backdoor.rules) * 1:57315 <-> DISABLED <-> MALWARE-BACKDOOR Asp.Trojan.Hafnium web shell upload attempt (malware-backdoor.rules) * 1:57316 <-> DISABLED <-> MALWARE-BACKDOOR Asp.Trojan.Hafnium web shell upload attempt (malware-backdoor.rules) * 1:57317 <-> DISABLED <-> MALWARE-BACKDOOR Asp.Trojan.Hafnium web shell upload attempt (malware-backdoor.rules) * 1:57318 <-> DISABLED <-> MALWARE-BACKDOOR Asp.Trojan.Hafnium web shell upload attempt (malware-backdoor.rules) * 1:57319 <-> DISABLED <-> MALWARE-BACKDOOR Asp.Trojan.Hafnium web shell upload attempt (malware-backdoor.rules) * 1:5732 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules) * 1:57320 <-> DISABLED <-> MALWARE-BACKDOOR Asp.Trojan.Hafnium web shell upload attempt (malware-backdoor.rules) * 1:57321 <-> DISABLED <-> MALWARE-BACKDOOR Asp.Trojan.Hafnium web shell upload attempt (malware-backdoor.rules) * 1:57322 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoejoCrypt variant binary download attempt (malware-other.rules) * 1:57323 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoejoCrypt variant binary download attempt (malware-other.rules) * 1:57324 <-> DISABLED <-> SERVER-WEBAPP Netis WF2419 router command injection attempt (server-webapp.rules) * 1:57325 <-> DISABLED <-> SERVER-WEBAPP Netis WF2419 router command injection attempt (server-webapp.rules) * 1:57326 <-> DISABLED <-> SERVER-WEBAPP Netis WF2419 router command injection attempt (server-webapp.rules) * 1:57327 <-> DISABLED <-> SERVER-WEBAPP Netis WF2419 router command injection attempt (server-webapp.rules) * 1:57328 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-320 Firewall command injection attempt (server-webapp.rules) * 1:57329 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-320 Firewall command injection attempt (server-webapp.rules) * 1:5733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules) * 1:57330 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-320 Firewall command injection attempt (server-webapp.rules) * 1:57331 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-320 Firewall command injection attempt (server-webapp.rules) * 1:57332 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSAFE Plus unauthenticated command injection attempt (server-webapp.rules) * 1:57333 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSAFE Plus unauthenticated command injection attempt (server-webapp.rules) * 1:57334 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSAFE Plus unauthenticated command injection attempt (server-webapp.rules) * 1:57335 <-> DISABLED <-> SERVER-WEBAPP Netgear ProSAFE Plus unauthenticated command injection attempt (server-webapp.rules) * 1:57336 <-> DISABLED <-> POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (policy-other.rules) * 1:57337 <-> ENABLED <-> SERVER-WEBAPP F5 iControl REST interface ssrf attempt (server-webapp.rules) * 1:5734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules) * 1:57341 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Patchwork variant beaconing attempt (malware-cnc.rules) * 1:57342 <-> ENABLED <-> MALWARE-CNC Html.Webshell.Hafnium inbound request attempt (malware-cnc.rules) * 1:57347 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:57348 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k elevation of privilege attempt (os-windows.rules) * 1:5735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules) * 1:5736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param OS-WINDOWS attempt (os-windows.rules) * 1:5737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules) * 1:5738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules) * 1:5739 <-> DISABLED <-> SERVER-MAIL headers too long server response (server-mail.rules) * 1:574 <-> DISABLED <-> PROTOCOL-RPC mountd TCP export request (protocol-rpc.rules) * 1:5740 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows HTML help workshop file download request (file-identify.rules) * 1:5741 <-> DISABLED <-> FILE-OTHER Microsoft HTML help workshop buffer overflow attempt (file-other.rules) * 1:5742 <-> DISABLED <-> MALWARE-OTHER Keylogger activitylogger runtime detection (malware-other.rules) * 1:5743 <-> DISABLED <-> PUA-ADWARE Hijacker actualnames outbound connection - plugin list (pua-adware.rules) * 1:5744 <-> DISABLED <-> PUA-ADWARE Hijacker actualnames outbound connection - online.php request (pua-adware.rules) * 1:5745 <-> DISABLED <-> PUA-ADWARE Hijacker adultlinks outbound connection - redirect (pua-adware.rules) * 1:5746 <-> DISABLED <-> PUA-ADWARE Hijacker adultlinks outbound connection - load url (pua-adware.rules) * 1:5747 <-> DISABLED <-> PUA-ADWARE Hijacker adultlinks outbound connection - log hits (pua-adware.rules) * 1:5748 <-> DISABLED <-> PUA-ADWARE Hijacker adultlinks outbound connection - ads (pua-adware.rules) * 1:5749 <-> DISABLED <-> PUA-TOOLBARS Trackware alexa runtime detection (pua-toolbars.rules) * 1:575 <-> DISABLED <-> PROTOCOL-RPC portmap admind request UDP (protocol-rpc.rules) * 1:5750 <-> DISABLED <-> PUA-TOOLBARS Adware dogpile runtime detection (pua-toolbars.rules) * 1:5751 <-> DISABLED <-> PUA-ADWARE Adware exactsearch runtime detection - switch search engine 1 (pua-adware.rules) * 1:5752 <-> DISABLED <-> PUA-ADWARE Adware exactsearch runtime detection - switch search engine 2 (pua-adware.rules) * 1:5753 <-> DISABLED <-> PUA-ADWARE Adware exactsearch runtime detection - topsearches (pua-adware.rules) * 1:5754 <-> DISABLED <-> PUA-ADWARE Hijacker ezcybersearch outbound connection - ie auto search hijack (pua-adware.rules) * 1:5755 <-> DISABLED <-> PUA-ADWARE Hijacker ezcybersearch outbound connection - check update (pua-adware.rules) * 1:5756 <-> DISABLED <-> PUA-ADWARE Hijacker ezcybersearch outbound connection - add coolsites to ie favorites (pua-adware.rules) * 1:5757 <-> DISABLED <-> PUA-TOOLBARS Hijacker ezcybersearch runtime detection - check toolbar setting (pua-toolbars.rules) * 1:5758 <-> DISABLED <-> PUA-ADWARE Hijacker ezcybersearch outbound connection - download fastclick pop-under code (pua-adware.rules) * 1:5759 <-> DISABLED <-> MALWARE-OTHER Keylogger fearlesskeyspy runtime detection (malware-other.rules) * 1:576 <-> DISABLED <-> PROTOCOL-RPC portmap amountd request UDP (protocol-rpc.rules) * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules) * 1:5761 <-> DISABLED <-> PUA-ADWARE Trickler bearshare outbound connection - ads popup (pua-adware.rules) * 1:5762 <-> DISABLED <-> PUA-ADWARE Trickler bearshare outbound connection - p2p information request (pua-adware.rules) * 1:5763 <-> DISABLED <-> PUA-ADWARE Trickler bearshare outbound connection - chat request (pua-adware.rules) * 1:5764 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - fcgi query (pua-adware.rules) * 1:5765 <-> DISABLED <-> PUA-TOOLBARS Hijacker begin2search runtime detection - ico query (pua-toolbars.rules) * 1:5766 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - install spyware trafficsector (pua-adware.rules) * 1:5767 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - download unauthorized code (pua-adware.rules) * 1:5768 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - pass information (pua-adware.rules) * 1:5769 <-> DISABLED <-> PUA-ADWARE Hijacker begin2search outbound connection - play bingo ads (pua-adware.rules) * 1:577 <-> DISABLED <-> PROTOCOL-RPC portmap bootparam request UDP (protocol-rpc.rules) * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules) * 1:5771 <-> DISABLED <-> PUA-ADWARE Screen-Scraper farsighter outbound connection - initial connection (pua-adware.rules) * 1:5772 <-> DISABLED <-> PUA-ADWARE Screen-Scraper farsighter outbound connection - initial connection (pua-adware.rules) * 1:5773 <-> DISABLED <-> PUA-ADWARE Adware forbes runtime detection (pua-adware.rules) * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules) * 1:5775 <-> DISABLED <-> PUA-ADWARE Hijacker freescratch outbound connection - scratch card (pua-adware.rules) * 1:5776 <-> DISABLED <-> PUA-ADWARE Trickler grokster outbound connection (pua-adware.rules) * 1:5777 <-> DISABLED <-> MALWARE-OTHER Keylogger gurl watcher runtime detection (malware-other.rules) * 1:5778 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe windows activity logs (malware-other.rules) * 1:5779 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe shell file logs (malware-other.rules) * 1:578 <-> DISABLED <-> PROTOCOL-RPC portmap cmsd request UDP (protocol-rpc.rules) * 1:5780 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe word filtered echelon log (malware-other.rules) * 1:5781 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae windows activity logs (malware-other.rules) * 1:5782 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae word filtered echelon log (malware-other.rules) * 1:5783 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae keystrokes log (malware-other.rules) * 1:5784 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae urls browsed log (malware-other.rules) * 1:5785 <-> DISABLED <-> PUA-ADWARE Adware hithopper runtime detection - get xml setting (pua-adware.rules) * 1:5786 <-> DISABLED <-> PUA-ADWARE Adware hithopper runtime detection - redirect (pua-adware.rules) * 1:5787 <-> DISABLED <-> PUA-ADWARE Adware hithopper runtime detection - search (pua-adware.rules) * 1:5788 <-> DISABLED <-> PUA-TOOLBARS Adware hithopper runtime detection - click toolbar buttons (pua-toolbars.rules) * 1:5789 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ActMon (malware-cnc.rules) * 1:579 <-> DISABLED <-> PROTOCOL-RPC portmap mountd request UDP (protocol-rpc.rules) * 1:5790 <-> DISABLED <-> MALWARE-OTHER Keylogger pc actmon pro runtime detection - smtp (malware-other.rules) * 1:5791 <-> DISABLED <-> PUA-ADWARE Dialer pluginaccess outbound connection - get pin (pua-adware.rules) * 1:5792 <-> DISABLED <-> PUA-ADWARE Dialer pluginaccess outbound connection - active proxy (pua-adware.rules) * 1:5793 <-> DISABLED <-> PUA-ADWARE Dialer pluginaccess outbound connection - redirect (pua-adware.rules) * 1:5794 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch.aboutblank variant outbound connection (pua-adware.rules) * 1:5795 <-> DISABLED <-> PUA-ADWARE Adware ist powerscan runtime detection (pua-adware.rules) * 1:5796 <-> DISABLED <-> PUA-ADWARE Adware keenvalue runtime detection (pua-adware.rules) * 1:5797 <-> DISABLED <-> APP-DETECT Kontiki runtime detection (app-detect.rules) * 1:5798 <-> DISABLED <-> PUA-ADWARE Adware mydailyhoroscope runtime detection (pua-adware.rules) * 1:5799 <-> DISABLED <-> BROWSER-PLUGINS mydailyhoroscope update or installation in progress (browser-plugins.rules) * 1:580 <-> DISABLED <-> PROTOCOL-RPC portmap nisd request UDP (protocol-rpc.rules) * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules) * 1:5801 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (pua-toolbars.rules) * 1:5802 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (pua-toolbars.rules) * 1:5803 <-> DISABLED <-> PUA-TOOLBARS Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (pua-toolbars.rules) * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules) * 1:5807 <-> DISABLED <-> PUA-ADWARE Hijacker shopathomeselect outbound connection (pua-adware.rules) * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:5809 <-> DISABLED <-> PUA-ADWARE Hijacker shop at home select merchant redirect in progress (pua-adware.rules) * 1:581 <-> DISABLED <-> PROTOCOL-RPC portmap pcnfsd request UDP (protocol-rpc.rules) * 1:5810 <-> DISABLED <-> PUA-ADWARE Hijacker shop at home select installation in progress (pua-adware.rules) * 1:5811 <-> DISABLED <-> PUA-ADWARE shop at home select installation in progress - clsid detected (pua-adware.rules) * 1:5812 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - email notification (malware-tools.rules) * 1:5813 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules) * 1:5814 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules) * 1:5815 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules) * 1:5816 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules) * 1:5817 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules) * 1:5818 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules) * 1:5819 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules) * 1:582 <-> DISABLED <-> PROTOCOL-RPC portmap rexd request UDP (protocol-rpc.rules) * 1:5820 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules) * 1:5821 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules) * 1:5822 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules) * 1:5823 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules) * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules) * 1:5825 <-> DISABLED <-> PUA-ADWARE Adware broadcasturban tuner runtime detection - start tuner (pua-adware.rules) * 1:5826 <-> DISABLED <-> PUA-ADWARE Adware broadcasturban tuner runtime detection - pass user info to server (pua-adware.rules) * 1:5827 <-> DISABLED <-> PUA-ADWARE Adware broadcasturban tuner runtime detection - get gateway (pua-adware.rules) * 1:5828 <-> DISABLED <-> PUA-ADWARE Adware broadcasturban tuner runtime detection - connect to station (pua-adware.rules) * 1:5829 <-> DISABLED <-> PUA-ADWARE Trickler clipgenie outbound connection (pua-adware.rules) * 1:583 <-> DISABLED <-> PROTOCOL-RPC portmap rstatd request UDP (protocol-rpc.rules) * 1:5835 <-> DISABLED <-> PUA-ADWARE Adware gamespy_arcade runtime detection (pua-adware.rules) * 1:5836 <-> DISABLED <-> PUA-ADWARE Trickler nictech.bm2 outbound connection (pua-adware.rules) * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules) * 1:5839 <-> DISABLED <-> MALWARE-OTHER Trackware ucmore runtime detection - click sponsor/ad link (malware-other.rules) * 1:584 <-> DISABLED <-> PROTOCOL-RPC portmap rusers request UDP (protocol-rpc.rules) * 1:5840 <-> DISABLED <-> PUA-ADWARE Hijacker sep outbound connection (pua-adware.rules) * 1:5841 <-> DISABLED <-> PUA-ADWARE Trickler minibug outbound connection - retrieve weather information (pua-adware.rules) * 1:5842 <-> DISABLED <-> PUA-ADWARE Trickler minibug outbound connection - ads (pua-adware.rules) * 1:5843 <-> DISABLED <-> PUA-ADWARE Hijacker surfsidekick outbound connection - hijack ie auto search (pua-adware.rules) * 1:5844 <-> DISABLED <-> PUA-ADWARE Hijacker surfsidekick outbound connection - post request (pua-adware.rules) * 1:5845 <-> DISABLED <-> PUA-ADWARE Hijacker surfsidekick outbound connection - update request (pua-adware.rules) * 1:5846 <-> DISABLED <-> PUA-ADWARE Trickler VX2/DLmax/BestOffers/Aurora outbound connection (pua-adware.rules) * 1:5847 <-> DISABLED <-> PUA-ADWARE Adware warez_p2p runtime detection - p2p client home (pua-adware.rules) * 1:5848 <-> DISABLED <-> PUA-ADWARE Adware warez_p2p runtime detection - ip.php request (pua-adware.rules) * 1:5849 <-> DISABLED <-> PUA-ADWARE Adware warez_p2p runtime detection - update request (pua-adware.rules) * 1:585 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:5850 <-> DISABLED <-> PUA-ADWARE Adware warez_p2p runtime detection - check update (pua-adware.rules) * 1:5851 <-> DISABLED <-> PUA-ADWARE Adware warez_p2p runtime detection - .txt .dat and .lst requests (pua-adware.rules) * 1:5852 <-> DISABLED <-> PUA-ADWARE Adware warez_p2p runtime detection - cache.dat request (pua-adware.rules) * 1:5853 <-> DISABLED <-> PUA-ADWARE Adware warez_p2p runtime detection - download ads (pua-adware.rules) * 1:5854 <-> DISABLED <-> PUA-ADWARE Adware warez_p2p runtime detection - pass user information (pua-adware.rules) * 1:5855 <-> DISABLED <-> PUA-ADWARE Hijacker funbuddyicons outbound connection - request config (pua-adware.rules) * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules) * 1:5858 <-> DISABLED <-> PUA-TOOLBARS Adware praizetoolbar runtime detection (pua-toolbars.rules) * 1:5859 <-> DISABLED <-> PUA-ADWARE Hijacker daosearch outbound connection - information request (pua-adware.rules) * 1:586 <-> DISABLED <-> PROTOCOL-RPC portmap selection_svc request UDP (protocol-rpc.rules) * 1:5860 <-> DISABLED <-> PUA-ADWARE Hijacker daosearch outbound connection - search hijack (pua-adware.rules) * 1:5861 <-> DISABLED <-> PUA-TOOLBARS Hijacker isearch runtime detection - toolbar information request (pua-toolbars.rules) * 1:5862 <-> DISABLED <-> PUA-ADWARE Hijacker isearch outbound connection - search hijack 1 (pua-adware.rules) * 1:5863 <-> DISABLED <-> PUA-ADWARE Hijacker isearch outbound connection - search hijack 2 (pua-adware.rules) * 1:5864 <-> DISABLED <-> PUA-TOOLBARS Hijacker isearch runtime detection - search in toolbar (pua-toolbars.rules) * 1:5865 <-> DISABLED <-> PUA-ADWARE Adware zapspot runtime detection - pop up ads (pua-adware.rules) * 1:5866 <-> DISABLED <-> PUA-TOOLBARS Hijacker couponbar runtime detection - download new coupon offers and links (pua-toolbars.rules) * 1:5867 <-> DISABLED <-> PUA-TOOLBARS Hijacker couponbar runtime detection - get updates to toolbar buttons (pua-toolbars.rules) * 1:5868 <-> DISABLED <-> PUA-ADWARE Hijacker couponbar outbound connection - view coupon offers (pua-adware.rules) * 1:587 <-> DISABLED <-> PROTOCOL-RPC portmap status request UDP (protocol-rpc.rules) * 1:5871 <-> DISABLED <-> PUA-ADWARE Trickler VX2/ABetterInternet transponder thinstaller outbound connection - post information (pua-adware.rules) * 1:5872 <-> DISABLED <-> PUA-ADWARE Snoopware hyperlinker outbound connection (pua-adware.rules) * 1:5873 <-> DISABLED <-> PUA-ADWARE Snoopware pc acme pro outbound connection (pua-adware.rules) * 1:5874 <-> DISABLED <-> PUA-ADWARE Snoopware pc acme pro outbound connection (pua-adware.rules) * 1:5875 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - detonate (malware-tools.rules) * 1:5876 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - disinfect (malware-tools.rules) * 1:588 <-> DISABLED <-> PROTOCOL-RPC portmap ttdbserv request UDP (protocol-rpc.rules) * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules) * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules) * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules) * 1:5883 <-> DISABLED <-> PUA-ADWARE Other-Technologies saria 1.0 outbound connection - send user information (pua-adware.rules) * 1:5884 <-> DISABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - check toolbar & category info (pua-toolbars.rules) * 1:5885 <-> DISABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - ie autosearch & search assistant hijack (pua-toolbars.rules) * 1:5886 <-> DISABLED <-> PUA-TOOLBARS Hijacker copernic meta toolbar runtime detection - pass info to server (pua-toolbars.rules) * 1:5887 <-> DISABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - ie search assistant hijack (pua-adware.rules) * 1:5888 <-> DISABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - ie auto search hijack (pua-adware.rules) * 1:5889 <-> DISABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - collect information (pua-adware.rules) * 1:589 <-> DISABLED <-> PROTOCOL-RPC portmap yppasswd request UDP (protocol-rpc.rules) * 1:5890 <-> DISABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - self-update request 1 (pua-adware.rules) * 1:5891 <-> DISABLED <-> PUA-ADWARE Hijacker shopnav outbound connection - self-update request 2 (pua-adware.rules) * 1:5892 <-> DISABLED <-> PUA-TOOLBARS Trackware wordiq toolbar runtime detection - get link info (pua-toolbars.rules) * 1:5893 <-> DISABLED <-> PUA-TOOLBARS Trackware wordiq toolbar runtime detection - search keyword (pua-toolbars.rules) * 1:5894 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - smb (malware-tools.rules) * 1:5895 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - tcp port 407 (malware-tools.rules) * 1:5896 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - tcp port 407 (malware-tools.rules) * 1:5897 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool timbuktu pro runtime detection - udp port 407 (malware-tools.rules) * 1:590 <-> DISABLED <-> PROTOCOL-RPC portmap ypserv request UDP (protocol-rpc.rules) * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules) * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules) * 1:5902 <-> DISABLED <-> PUA-ADWARE Adware download accelerator plus runtime detection - startup (pua-adware.rules) * 1:5903 <-> DISABLED <-> PUA-ADWARE Adware download accelerator plus runtime detection - get ads (pua-adware.rules) * 1:5904 <-> DISABLED <-> PUA-ADWARE Adware download accelerator plus runtime detection - download files (pua-adware.rules) * 1:5905 <-> DISABLED <-> PUA-ADWARE Adware download accelerator plus runtime detection - games center request (pua-adware.rules) * 1:5906 <-> DISABLED <-> PUA-ADWARE Adware download accelerator plus runtime detection - update (pua-adware.rules) * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules) * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules) * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:5911 <-> DISABLED <-> PUA-ADWARE Adware smartpops runtime detection (pua-adware.rules) * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules) * 1:5914 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - configuration download (pua-toolbars.rules) * 1:5915 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - autosearch hijack (pua-toolbars.rules) * 1:5916 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - sidebar search (pua-toolbars.rules) * 1:5917 <-> DISABLED <-> PUA-TOOLBARS Hijacker locatorstoolbar runtime detection - toolbar search (pua-toolbars.rules) * 1:5918 <-> DISABLED <-> PUA-ADWARE Hijacker painter outbound connection - ping 'alive' signal (pua-adware.rules) * 1:5919 <-> DISABLED <-> PUA-ADWARE Hijacker painter outbound connection - redirect to klikvipsearch (pua-adware.rules) * 1:5920 <-> DISABLED <-> PUA-ADWARE Hijacker painter outbound connection - redirect yahoo search through online-casino-searcher (pua-adware.rules) * 1:5921 <-> DISABLED <-> PUA-TOOLBARS Trackware fftoolbar toolbar runtime detection - send user url request (pua-toolbars.rules) * 1:5922 <-> DISABLED <-> PUA-TOOLBARS Trackware fftoolbar toolbar runtime detection - display advertisement news (pua-toolbars.rules) * 1:5923 <-> DISABLED <-> PUA-ADWARE Adware active shopper runtime detection - side search request (pua-adware.rules) * 1:5924 <-> DISABLED <-> PUA-ADWARE Adware active shopper runtime detection - redirect (pua-adware.rules) * 1:5925 <-> DISABLED <-> PUA-ADWARE Adware active shopper runtime detection - check (pua-adware.rules) * 1:5926 <-> DISABLED <-> PUA-ADWARE Adware active shopper runtime detection - collect information (pua-adware.rules) * 1:5927 <-> DISABLED <-> PUA-ADWARE Adware cashbar runtime detection - .smx requests (pua-adware.rules) * 1:5928 <-> DISABLED <-> PUA-ADWARE Adware cashbar runtime detection - ads request (pua-adware.rules) * 1:5929 <-> DISABLED <-> PUA-ADWARE Adware cashbar runtime detection - pop-up ad 1 (pua-adware.rules) * 1:593 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request TCP (protocol-rpc.rules) * 1:5930 <-> DISABLED <-> PUA-ADWARE Adware cashbar runtime detection - pop-up ad 2 (pua-adware.rules) * 1:5932 <-> DISABLED <-> PUA-ADWARE Adware cashbar runtime detection - stats track (pua-adware.rules) * 1:5933 <-> DISABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - search request 1 (pua-adware.rules) * 1:5934 <-> DISABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - search request 2 (pua-adware.rules) * 1:5935 <-> DISABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - search request 3 (pua-adware.rules) * 1:5936 <-> DISABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - side search (pua-adware.rules) * 1:5937 <-> DISABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - pass information to its controlling server (pua-adware.rules) * 1:5938 <-> DISABLED <-> PUA-ADWARE Hijacker dropspam outbound connection - third party information collection (pua-adware.rules) * 1:5939 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - get cfg (pua-toolbars.rules) * 1:5940 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - search request (pua-toolbars.rules) * 1:5941 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - track (pua-toolbars.rules) * 1:5942 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - pass information to its controlling server (pua-toolbars.rules) * 1:5943 <-> DISABLED <-> PUA-TOOLBARS Trackware supreme toolbar runtime detection - third party information collection (pua-toolbars.rules) * 1:5944 <-> DISABLED <-> PUA-ADWARE Adware free access bar runtime detection 1 (pua-adware.rules) * 1:5945 <-> DISABLED <-> PUA-ADWARE Adware weirdontheweb runtime detection - track.cgi request (pua-adware.rules) * 1:5946 <-> DISABLED <-> PUA-ADWARE Adware weirdontheweb runtime detection - monitor user web activity (pua-adware.rules) * 1:5947 <-> DISABLED <-> PUA-ADWARE Adware weirdontheweb runtime detection - log url (pua-adware.rules) * 1:5948 <-> DISABLED <-> PUA-ADWARE Adware weirdontheweb runtime detection - update notifier (pua-adware.rules) * 1:5949 <-> DISABLED <-> PUA-TOOLBARS Trackware iggsey toolbar detection - simpleticker.htm request (pua-toolbars.rules) * 1:595 <-> DISABLED <-> PROTOCOL-RPC portmap espd request TCP (protocol-rpc.rules) * 1:5951 <-> DISABLED <-> PUA-TOOLBARS Trackware iggsey toolbar detection - search request (pua-toolbars.rules) * 1:5952 <-> DISABLED <-> PUA-ADWARE Hijacker 123mania outbound connection - autosearch hijacking (pua-adware.rules) * 1:5953 <-> DISABLED <-> PUA-ADWARE Hijacker 123mania outbound connection - sidesearch hijacking (pua-adware.rules) * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules) * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules) * 1:5956 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 icq notification of server installation (malware-tools.rules) * 1:5957 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection (malware-tools.rules) * 1:5958 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (malware-tools.rules) * 1:5959 <-> DISABLED <-> PUA-ADWARE Hijacker raxsearch detection - send search keywords to raxsearch (pua-adware.rules) * 1:5960 <-> DISABLED <-> PUA-ADWARE Hijacker raxsearch detection - pop-up raxsearch window (pua-adware.rules) * 1:5961 <-> DISABLED <-> PUA-ADWARE Hijacker searchfast detection - news ticker (pua-adware.rules) * 1:5962 <-> DISABLED <-> PUA-ADWARE Hijacker searchfast detection - catch search keyword (pua-adware.rules) * 1:5963 <-> DISABLED <-> PUA-ADWARE Hijacker searchfast detection - search request (pua-adware.rules) * 1:5964 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchfast detection - track user activity & get 'relates links' of the toolbar (pua-toolbars.rules) * 1:5965 <-> DISABLED <-> PUA-TOOLBARS Hijacker searchfast detection - get toolbar cfg (pua-toolbars.rules) * 1:5966 <-> DISABLED <-> PUA-ADWARE trackware searchinweb detection - search request (pua-adware.rules) * 1:5967 <-> DISABLED <-> PUA-ADWARE trackware searchinweb detection - click result links (pua-adware.rules) * 1:5968 <-> DISABLED <-> PUA-ADWARE trackware searchinweb detection - redirect (pua-adware.rules) * 1:5969 <-> DISABLED <-> PUA-ADWARE trackware searchinweb detection - collect information (pua-adware.rules) * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules) * 1:5972 <-> DISABLED <-> PUA-ADWARE hijacker smart finder detection - ie autosearch hijack 1 (pua-adware.rules) * 1:5973 <-> DISABLED <-> PUA-ADWARE hijacker smart finder detection - search engines hijack (pua-adware.rules) * 1:5974 <-> DISABLED <-> PUA-ADWARE hijacker smart finder detection - pop-up ads (pua-adware.rules) * 1:5975 <-> DISABLED <-> PUA-ADWARE hijacker topfive searchassistant detection - search request (pua-adware.rules) * 1:5976 <-> DISABLED <-> PUA-ADWARE hijacker topfive searchassistant detection - side search (pua-adware.rules) * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules) * 1:5979 <-> DISABLED <-> PUA-TOOLBARS Trackware anwb toolbar runtime detection - track user ip address (pua-toolbars.rules) * 1:598 <-> DISABLED <-> PROTOCOL-RPC portmap listing TCP 111 (protocol-rpc.rules) * 1:5980 <-> DISABLED <-> PUA-TOOLBARS Trackware anwb toolbar runtime detection - display advertisement (pua-toolbars.rules) * 1:5981 <-> DISABLED <-> PUA-TOOLBARS Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (pua-toolbars.rules) * 1:5982 <-> DISABLED <-> PUA-TOOLBARS Hijacker seeqtoolbar runtime detection - email login page (pua-toolbars.rules) * 1:5983 <-> DISABLED <-> PUA-ADWARE Adware powerstrip runtime detection (pua-adware.rules) * 1:5984 <-> DISABLED <-> PUA-TOOLBARS Trackware push toolbar installtime detection - user information collect (pua-toolbars.rules) * 1:5985 <-> DISABLED <-> PUA-TOOLBARS Trackware push toolbar runtime detection - toolbar information request (pua-toolbars.rules) * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules) * 1:5987 <-> DISABLED <-> PUA-TOOLBARS Hijacker wishbone runtime detection (pua-toolbars.rules) * 1:5988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZC-Bridge (malware-cnc.rules) * 1:5989 <-> DISABLED <-> PUA-ADWARE Adware broadcastpc runtime detection - get config (pua-adware.rules) * 1:599 <-> DISABLED <-> PROTOCOL-RPC portmap listing TCP 32771 (protocol-rpc.rules) * 1:5990 <-> DISABLED <-> PUA-ADWARE Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (pua-adware.rules) * 1:5992 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mirar_KeywordContentHijacker (malware-cnc.rules) * 1:5993 <-> DISABLED <-> PUA-ADWARE Hijacker getmirar outbound connection - track activity (pua-adware.rules) * 1:5994 <-> DISABLED <-> PUA-ADWARE Hijacker getmirar outbound connection - click related button (pua-adware.rules) * 1:5995 <-> DISABLED <-> PUA-ADWARE Adware offeragent runtime detection - information checking (pua-adware.rules) * 1:5996 <-> DISABLED <-> PUA-ADWARE Adware offeragent runtime detection - ads request (pua-adware.rules) * 1:5997 <-> DISABLED <-> SERVER-WEBAPP WinProxy host header port buffer overflow attempt (server-webapp.rules) * 1:5998 <-> ENABLED <-> PUA-P2P Skype client login startup (pua-p2p.rules) * 1:5999 <-> DISABLED <-> PUA-P2P Skype client login (pua-p2p.rules) * 1:6002 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DT DDS Rectilinear GDD Layout ActiveX object access (browser-plugins.rules) * 1:6003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DT DDS Rectilinear GDD Route ActiveX object access (browser-plugins.rules) * 1:6004 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DT DDS Circular Auto Layout Logic 2 ActiveX object access (browser-plugins.rules) * 1:6005 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DT DDS Straight Line Routing Logic 2 ActiveX object access (browser-plugins.rules) * 1:6006 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DT Icon Control ActiveX object access (browser-plugins.rules) * 1:6007 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DT DDS OrgChart GDD Layout ActiveX object access (browser-plugins.rules) * 1:6008 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DT DDS OrgChart GDD Route ActiveX object access (browser-plugins.rules) * 1:6009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX object access (browser-plugins.rules) * 1:601 <-> DISABLED <-> PROTOCOL-SERVICES rlogin LinuxNIS (protocol-services.rules) * 1:6010 <-> ENABLED <-> SERVER-OTHER VERITAS NetBackup vnetd connection attempt (server-other.rules) * 1:6011 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup vnetd buffer overflow attempt (server-other.rules) * 1:6012 <-> DISABLED <-> MALWARE-BACKDOOR coolcat runtime connection detection - tcp 1 (malware-backdoor.rules) * 1:6013 <-> DISABLED <-> MALWARE-BACKDOOR coolcat runtime connection detection - tcp 2 (malware-backdoor.rules) * 1:6014 <-> DISABLED <-> MALWARE-BACKDOOR coolcat runtime connection detection - tcp 3 (malware-backdoor.rules) * 1:6015 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6016 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6017 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - disconnect (malware-backdoor.rules) * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection cgi notification (malware-cnc.rules) * 1:602 <-> DISABLED <-> PROTOCOL-SERVICES rlogin bin (protocol-services.rules) * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection php notification (malware-cnc.rules) * 1:6021 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4225 (malware-backdoor.rules) * 1:6022 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4226 (malware-backdoor.rules) * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 variant outbound connection icq notification (malware-cnc.rules) * 1:6024 <-> DISABLED <-> MALWARE-BACKDOOR nuclear rat v6_21 runtime detection (malware-backdoor.rules) * 1:6025 <-> DISABLED <-> MALWARE-BACKDOOR tequila bandita 1.2 runtime detection - reverse connection (malware-backdoor.rules) * 1:6026 <-> DISABLED <-> MALWARE-BACKDOOR dimbus 1.0 runtime detection - get pc info (malware-backdoor.rules) * 1:6027 <-> DISABLED <-> MALWARE-BACKDOOR WIN.Trojan.Netshadow runtime detection (malware-backdoor.rules) * 1:6028 <-> DISABLED <-> MALWARE-BACKDOOR cyberpaky runtime detection (malware-backdoor.rules) * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 variant outbound connection icq notification (malware-cnc.rules) * 1:603 <-> DISABLED <-> PROTOCOL-SERVICES rlogin echo++ (protocol-services.rules) * 1:6035 <-> DISABLED <-> MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6037 <-> DISABLED <-> MALWARE-BACKDOOR netbus 1.7 runtime detection - email notification (malware-backdoor.rules) * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 variant outbound connection notification (malware-cnc.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:6040 <-> ENABLED <-> MALWARE-BACKDOOR fade 1.0 runtime detection - enable keylogger (malware-backdoor.rules) * 1:6041 <-> DISABLED <-> MALWARE-BACKDOOR fade 1.0 runtime detection - enable keylogger (malware-backdoor.rules) * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection php notification (malware-cnc.rules) * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection cgi notification (malware-cnc.rules) * 1:6044 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6045 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6046 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6047 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules) * 1:6048 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules) * 1:6049 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules) * 1:605 <-> DISABLED <-> PROTOCOL-SERVICES rlogin login failure (protocol-services.rules) * 1:6050 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules) * 1:6051 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules) * 1:6052 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules) * 1:6053 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules) * 1:6054 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules) * 1:6055 <-> DISABLED <-> MALWARE-BACKDOOR bifrose 1.1 runtime detection (malware-backdoor.rules) * 1:6056 <-> DISABLED <-> MALWARE-BACKDOOR bifrose 1.1 runtime detection (malware-backdoor.rules) * 1:6057 <-> DISABLED <-> MALWARE-BACKDOOR bifrose 1.1 runtime detection (malware-backdoor.rules) * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection icq notification (malware-cnc.rules) * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection cgi notification (malware-cnc.rules) * 1:606 <-> DISABLED <-> PROTOCOL-SERVICES rlogin root (protocol-services.rules) * 1:6060 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules) * 1:6061 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules) * 1:6062 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules) * 1:6063 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules) * 1:6064 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules) * 1:6066 <-> DISABLED <-> MALWARE-BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (malware-backdoor.rules) * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:607 <-> DISABLED <-> PROTOCOL-SERVICES rsh bin (protocol-services.rules) * 1:6070 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - irc notification (malware-backdoor.rules) * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:6073 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6074 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server (malware-backdoor.rules) * 1:6075 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:6076 <-> DISABLED <-> MALWARE-BACKDOOR amiboide uploader runtime detection - init connection (malware-backdoor.rules) * 1:6077 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules) * 1:6078 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules) * 1:6079 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules) * 1:608 <-> DISABLED <-> PROTOCOL-SERVICES rsh echo + + (protocol-services.rules) * 1:6080 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules) * 1:6081 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules) * 1:6082 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules) * 1:6083 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules) * 1:6084 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules) * 1:6085 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules) * 1:6086 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules) * 1:6087 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules) * 1:6088 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:6089 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules) * 1:609 <-> DISABLED <-> PROTOCOL-SERVICES rsh froot (protocol-services.rules) * 1:6090 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get memory info (malware-backdoor.rules) * 1:6091 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules) * 1:6092 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get harddisk info (malware-backdoor.rules) * 1:6093 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules) * 1:6094 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get drive info (malware-backdoor.rules) * 1:6095 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules) * 1:6096 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:6097 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules) * 1:6098 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - check server (malware-backdoor.rules) * 1:6099 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:6100 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - view content of directory (malware-backdoor.rules) * 1:6101 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules) * 1:6102 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - execute command (malware-backdoor.rules) * 1:6103 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules) * 1:6104 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - upload file (malware-backdoor.rules) * 1:6105 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules) * 1:6106 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - download file (malware-backdoor.rules) * 1:6107 <-> DISABLED <-> MALWARE-BACKDOOR backage 3.1 runtime detection (malware-backdoor.rules) * 1:6108 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules) * 1:6109 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules) * 1:611 <-> DISABLED <-> PROTOCOL-SERVICES rlogin login failure (protocol-services.rules) * 1:6110 <-> DISABLED <-> MALWARE-BACKDOOR forced entry v1.1 beta runtime detection (malware-backdoor.rules) * 1:6111 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules) * 1:6112 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules) * 1:6113 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules) * 1:6114 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - email notification (malware-backdoor.rules) * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 variant outbound connection icq notification (malware-cnc.rules) * 1:6116 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules) * 1:6117 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules) * 1:6118 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection client-to-server (malware-backdoor.rules) * 1:6119 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection server-to-client (malware-backdoor.rules) * 1:612 <-> DISABLED <-> PROTOCOL-RPC rusers query UDP (protocol-rpc.rules) * 1:6120 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file client-to-server (malware-backdoor.rules) * 1:6121 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file server-to-client (malware-backdoor.rules) * 1:6122 <-> DISABLED <-> MALWARE-BACKDOOR millenium v1.0 runtime detection (malware-backdoor.rules) * 1:6123 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping client-to-server (malware-backdoor.rules) * 1:6124 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping server-to-client (malware-backdoor.rules) * 1:6125 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules) * 1:6126 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules) * 1:6127 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - udp client-to-server (malware-backdoor.rules) * 1:6128 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (malware-backdoor.rules) * 1:6129 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection (malware-backdoor.rules) * 1:613 <-> DISABLED <-> INDICATOR-SCAN myscan (indicator-scan.rules) * 1:6130 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get computer name (malware-backdoor.rules) * 1:6131 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection (malware-backdoor.rules) * 1:6132 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get user name (malware-backdoor.rules) * 1:6133 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - send messages (malware-backdoor.rules) * 1:6134 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - delete file (malware-backdoor.rules) * 1:6136 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture big screen (malware-backdoor.rules) * 1:6137 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture small screen (malware-backdoor.rules) * 1:6138 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get computer info (malware-backdoor.rules) * 1:6139 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get system directory (malware-backdoor.rules) * 1:614 <-> DISABLED <-> MALWARE-BACKDOOR hack-a-tack attempt (malware-backdoor.rules) * 1:6141 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - init conn (malware-backdoor.rules) * 1:6142 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (malware-backdoor.rules) * 1:6143 <-> DISABLED <-> MALWARE-BACKDOOR dark connection inside v1.2 runtime detection (malware-backdoor.rules) * 1:6144 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 1 (malware-backdoor.rules) * 1:6145 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option server-to-client (malware-backdoor.rules) * 1:6146 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (malware-backdoor.rules) * 1:6147 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address client-to-server (malware-backdoor.rules) * 1:6148 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address server-to-client (malware-backdoor.rules) * 1:6149 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules) * 1:6150 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules) * 1:6151 <-> DISABLED <-> MALWARE-BACKDOOR back attack v1.4 runtime detection (malware-backdoor.rules) * 1:6152 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir client-to-server (malware-backdoor.rules) * 1:6153 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir server-to-client (malware-backdoor.rules) * 1:6154 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info client-to-server (malware-backdoor.rules) * 1:6155 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info server-to-client (malware-backdoor.rules) * 1:6156 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view client-to-server (malware-backdoor.rules) * 1:6157 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view server-to-client (malware-backdoor.rules) * 1:6159 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - enable keylogger (malware-backdoor.rules) * 1:616 <-> DISABLED <-> INDICATOR-SCAN ident version request (indicator-scan.rules) * 1:6160 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - stop keylogger (malware-backdoor.rules) * 1:6161 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b2 runtime detection (malware-backdoor.rules) * 1:6164 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules) * 1:6165 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules) * 1:6166 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - initial connection (malware-backdoor.rules) * 1:6167 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper client-to-server (malware-backdoor.rules) * 1:6168 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper server-to-client (malware-backdoor.rules) * 1:6169 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules) * 1:6170 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules) * 1:6171 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection (malware-backdoor.rules) * 1:6172 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - get version info (malware-backdoor.rules) * 1:6173 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection (malware-backdoor.rules) * 1:6174 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - file explorer (malware-backdoor.rules) * 1:6175 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - kill kernel (malware-backdoor.rules) * 1:6176 <-> DISABLED <-> MALWARE-BACKDOOR guptachar 2.0 runtime detection (malware-backdoor.rules) * 1:6177 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill process client-to-server (malware-backdoor.rules) * 1:6178 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (malware-backdoor.rules) * 1:6179 <-> DISABLED <-> MALWARE-BACKDOOR bladerunner 0.80 runtime detection (malware-backdoor.rules) * 1:6180 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules) * 1:6181 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules) * 1:6182 <-> DISABLED <-> POLICY-SOCIAL IRC channel notice (policy-social.rules) * 1:6183 <-> DISABLED <-> PUA-ADWARE Adware 180Search assistant runtime detection - tracked event URL (pua-adware.rules) * 1:6184 <-> DISABLED <-> PUA-ADWARE Adware 180Search assistant runtime detection - config upload (pua-adware.rules) * 1:6185 <-> DISABLED <-> PUA-ADWARE Adware 180Search assistant runtime detection - reporting keyword (pua-adware.rules) * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules) * 1:6187 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - scripts (pua-adware.rules) * 1:6188 <-> DISABLED <-> PUA-ADWARE Adware ISTBar runtime detection - bar (pua-adware.rules) * 1:6189 <-> DISABLED <-> PUA-TOOLBARS Trackware try2find detection (pua-toolbars.rules) * 1:619 <-> DISABLED <-> INDICATOR-SCAN cybercop os probe (indicator-scan.rules) * 1:6190 <-> DISABLED <-> MALWARE-OTHER Keylogger eblaster 5.0 runtime detection (malware-other.rules) * 1:6191 <-> DISABLED <-> PUA-TOOLBARS Trackware onetoolbar runtime detection (pua-toolbars.rules) * 1:6192 <-> DISABLED <-> PUA-ADWARE Adware seekmo runtime detection - reporting keyword (pua-adware.rules) * 1:6193 <-> DISABLED <-> PUA-ADWARE Adware seekmo runtime detection - pop up ads (pua-adware.rules) * 1:6194 <-> DISABLED <-> PUA-ADWARE Adware seekmo runtime detection - config upload (pua-adware.rules) * 1:6195 <-> DISABLED <-> PUA-ADWARE Adware seekmo runtime detection - download .cab (pua-adware.rules) * 1:6196 <-> DISABLED <-> PUA-ADWARE Hijacker smart shopper outbound connection - services requests (pua-adware.rules) * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules) * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules) * 1:6199 <-> DISABLED <-> PUA-ADWARE Hijacker smart search outbound connection - hijack/ads (pua-adware.rules) * 1:6200 <-> DISABLED <-> PUA-ADWARE Hijacker smart search outbound connection - get settings (pua-adware.rules) * 1:6201 <-> DISABLED <-> PUA-ADWARE Adware twaintec runtime detection (pua-adware.rules) * 1:6203 <-> DISABLED <-> PUA-ADWARE Trickler farmmext outbound connection - drk.syn request (pua-adware.rules) * 1:6204 <-> DISABLED <-> PUA-ADWARE Trickler farmmext outbound connection - track activity (pua-adware.rules) * 1:6205 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool freak 88 das runtime detection (malware-tools.rules) * 1:6206 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sin stealer 1.1 runtime detection (malware-tools.rules) * 1:6207 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - smtp (malware-other.rules) * 1:6208 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - ftp (malware-other.rules) * 1:6209 <-> DISABLED <-> PUA-ADWARE Adware deskwizz/zquest runtime detection - get config information / ad banner (pua-adware.rules) * 1:6211 <-> DISABLED <-> PUA-ADWARE Adware deskwizz runtime detection - pop-up ad request (pua-adware.rules) * 1:6212 <-> DISABLED <-> PUA-ADWARE Adware commonname runtime detection (pua-adware.rules) * 1:6213 <-> DISABLED <-> PUA-ADWARE Hijacker 7fasst outbound connection - auto requests (pua-adware.rules) * 1:6214 <-> DISABLED <-> PUA-ADWARE Hijacker 7fasst outbound connection - search (pua-adware.rules) * 1:6215 <-> DISABLED <-> PUA-ADWARE Hijacker 7fasst outbound connection - track (pua-adware.rules) * 1:6216 <-> DISABLED <-> PUA-ADWARE Adware aornum/iwon copilot runtime detection - config (pua-adware.rules) * 1:6218 <-> DISABLED <-> PUA-ADWARE Adware aornum/iwon copilot runtime detection - ads (pua-adware.rules) * 1:6219 <-> DISABLED <-> PUA-ADWARE Adware bonzibuddy runtime detection (pua-adware.rules) * 1:622 <-> DISABLED <-> INDICATOR-SCAN ipEye SYN scan (indicator-scan.rules) * 1:6220 <-> DISABLED <-> MALWARE-OTHER Keylogger boss everyware runtime detection (malware-other.rules) * 1:6221 <-> DISABLED <-> MALWARE-OTHER Keylogger computerspy runtime detection (malware-other.rules) * 1:6222 <-> DISABLED <-> PUA-ADWARE Adware delfin media viewer runtime detection - contact server (pua-adware.rules) * 1:6223 <-> DISABLED <-> PUA-ADWARE Adware delfin media viewer runtime detection - retrieve schedule (pua-adware.rules) * 1:6224 <-> DISABLED <-> PUA-ADWARE Hijacker ieplugin outbound connection - search (pua-adware.rules) * 1:6230 <-> DISABLED <-> PUA-TOOLBARS Hijacker i-lookup runtime detection (pua-toolbars.rules) * 1:6233 <-> DISABLED <-> PUA-ADWARE Adware mirar runtime detection - delayed (pua-adware.rules) * 1:6236 <-> DISABLED <-> PUA-ADWARE Adware lop runtime detection - pass info to server (pua-adware.rules) * 1:6237 <-> DISABLED <-> PUA-ADWARE Adware lop runtime detection - check update request (pua-adware.rules) * 1:6238 <-> DISABLED <-> PUA-ADWARE Adware lop runtime detection - collect info request 1 (pua-adware.rules) * 1:6239 <-> DISABLED <-> PUA-ADWARE Adware lop runtime detection - collect info request 2 (pua-adware.rules) * 1:6240 <-> DISABLED <-> PUA-ADWARE Adware lop runtime detection - pop up ads (pua-adware.rules) * 1:6241 <-> DISABLED <-> PUA-ADWARE Adware lop runtime detection - ie autosearch hijack (pua-adware.rules) * 1:6242 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch.cameup outbound connection (pua-adware.rules) * 1:6243 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch cameup outbound connection - home page hijack (pua-adware.rules) * 1:6244 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch cameup outbound connection - ie auto search hijack (pua-adware.rules) * 1:6245 <-> DISABLED <-> PUA-ADWARE Hijacker coolwebsearch startpage outbound connection (pua-adware.rules) * 1:6246 <-> DISABLED <-> PUA-ADWARE Hijacker exact navisearch outbound connection - search hijack (pua-adware.rules) * 1:6247 <-> DISABLED <-> PUA-ADWARE Adware ezula toptext runtime detection - help redirect (pua-adware.rules) * 1:6248 <-> DISABLED <-> PUA-ADWARE Adware ezula toptext runtime detection - popup (pua-adware.rules) * 1:6249 <-> DISABLED <-> PUA-ADWARE Adware ezula toptext runtime detection - redirect (pua-adware.rules) * 1:6250 <-> DISABLED <-> PUA-ADWARE Adware hotbar runtime detection - hotbar user-agent (pua-adware.rules) * 1:6251 <-> DISABLED <-> PUA-ADWARE Adware hotbar runtime detection - hostie user-agent (pua-adware.rules) * 1:6252 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - search request (pua-toolbars.rules) * 1:6253 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - log user ativity (pua-toolbars.rules) * 1:6254 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - redirect (pua-toolbars.rules) * 1:6255 <-> DISABLED <-> PUA-TOOLBARS Trackware quicksearch toolbar runtime detection - update (pua-toolbars.rules) * 1:6256 <-> DISABLED <-> PUA-ADWARE Adware searchsquire installtime/auto-update (pua-adware.rules) * 1:6257 <-> DISABLED <-> PUA-ADWARE Adware searchsquire runtime detection - testgeonew query (pua-adware.rules) * 1:6258 <-> DISABLED <-> PUA-ADWARE Adware searchsquire runtime detection - get engine file (pua-adware.rules) * 1:6259 <-> DISABLED <-> PUA-ADWARE Adware searchsquire runtime detection - search forward (pua-adware.rules) * 1:626 <-> DISABLED <-> INDICATOR-SCAN cybercop os PA12 attempt (indicator-scan.rules) * 1:6260 <-> DISABLED <-> PUA-ADWARE Adware overpro runtime detection (pua-adware.rules) * 1:6261 <-> DISABLED <-> PUA-TOOLBARS Trickler slinkyslate toolbar runtime detection (pua-toolbars.rules) * 1:6263 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - collect information (pua-adware.rules) * 1:6264 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - movie (pua-adware.rules) * 1:6265 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - engine (pua-adware.rules) * 1:6266 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - check update (pua-adware.rules) * 1:6267 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - get update (pua-adware.rules) * 1:6268 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - self update - download exe (pua-adware.rules) * 1:6269 <-> DISABLED <-> PUA-ADWARE Hijacker gigatech superbar outbound connection - track event (pua-adware.rules) * 1:627 <-> DISABLED <-> INDICATOR-SCAN cybercop os SFU12 probe (indicator-scan.rules) * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules) * 1:6271 <-> DISABLED <-> PUA-ADWARE Trickler bundleware runtime detection (pua-adware.rules) * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules) * 1:6275 <-> DISABLED <-> PUA-ADWARE Hijacker incredifind outbound connection - cookie (pua-adware.rules) * 1:6278 <-> DISABLED <-> PUA-TOOLBARS Trickler navexcel search toolbar runtime detection - activate/update (pua-toolbars.rules) * 1:6279 <-> DISABLED <-> PUA-ADWARE Hijacker sidefind outbound connection (pua-adware.rules) * 1:6280 <-> DISABLED <-> PUA-ADWARE Hijacker sidefind outbound connection - cookie (pua-adware.rules) * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules) * 1:6282 <-> DISABLED <-> PUA-TOOLBARS Hijacker customtoolbar runtime detection (pua-toolbars.rules) * 1:6283 <-> DISABLED <-> PUA-ADWARE Hijacker websearch outbound connection - sitereview (pua-adware.rules) * 1:6284 <-> DISABLED <-> PUA-ADWARE Hijacker websearch outbound connection - webstat (pua-adware.rules) * 1:6285 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection - set flowbit (malware-backdoor.rules) * 1:6286 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection (malware-backdoor.rules) * 1:6287 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - telent (malware-backdoor.rules) * 1:6288 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - ftp (malware-backdoor.rules) * 1:6289 <-> DISABLED <-> MALWARE-BACKDOOR netspy runtime detection - command pattern client-to-server (malware-backdoor.rules) * 1:6290 <-> DISABLED <-> MALWARE-BACKDOOR netspy runtime detection - command pattern server-to-client (malware-backdoor.rules) * 1:6291 <-> DISABLED <-> MALWARE-CNC justjoke v2.6 variant outbound connection (malware-cnc.rules) * 1:6292 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (malware-backdoor.rules) * 1:6293 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb - initial flowbit (malware-backdoor.rules) * 1:6294 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb - second flowbit (malware-backdoor.rules) * 1:6295 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb (malware-backdoor.rules) * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 1 (malware-cnc.rules) * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 2 (malware-cnc.rules) * 1:6298 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (malware-backdoor.rules) * 1:6299 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:630 <-> DISABLED <-> INDICATOR-SCAN synscan portscan (indicator-scan.rules) * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 variant outbound connection icq notification (malware-cnc.rules) * 1:6301 <-> DISABLED <-> MALWARE-BACKDOOR cia 1.3 runtime detection - smtp notification (malware-backdoor.rules) * 1:6302 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection - set flowbit (malware-backdoor.rules) * 1:6303 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection (malware-backdoor.rules) * 1:6304 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection - set flowbit (malware-backdoor.rules) * 1:6305 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection (malware-backdoor.rules) * 1:6306 <-> DISABLED <-> MALWARE-BACKDOOR shit heep runtime detection (malware-backdoor.rules) * 1:6307 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection - set flowbit (malware-backdoor.rules) * 1:6308 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection (malware-backdoor.rules) * 1:6309 <-> ENABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password request (malware-backdoor.rules) * 1:631 <-> DISABLED <-> SERVER-MAIL ehlo cybercop attempt (server-mail.rules) * 1:6310 <-> ENABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password send (malware-backdoor.rules) * 1:6311 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password accepted (malware-backdoor.rules) * 1:6312 <-> ENABLED <-> MALWARE-BACKDOOR net demon runtime detection - message send (malware-backdoor.rules) * 1:6313 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message response (malware-backdoor.rules) * 1:6314 <-> ENABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser request (malware-backdoor.rules) * 1:6315 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser response (malware-backdoor.rules) * 1:6316 <-> ENABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager request (malware-backdoor.rules) * 1:6317 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager response (malware-backdoor.rules) * 1:6318 <-> DISABLED <-> MALWARE-BACKDOOR rtb666 runtime detection (malware-backdoor.rules) * 1:6319 <-> DISABLED <-> MALWARE-BACKDOOR evilftp runtime detection - init connection (malware-backdoor.rules) * 1:632 <-> DISABLED <-> SERVER-MAIL expn cybercop attempt (server-mail.rules) * 1:6320 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive (malware-backdoor.rules) * 1:6321 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (malware-backdoor.rules) * 1:6322 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - command pattern (malware-backdoor.rules) * 1:6323 <-> DISABLED <-> MALWARE-BACKDOOR 3xBackdoor runtime detection - set flowbit (malware-backdoor.rules) * 1:6324 <-> DISABLED <-> MALWARE-BACKDOOR 3xBackdoor runtime detection (malware-backdoor.rules) * 1:6325 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - initial connection (malware-backdoor.rules) * 1:6326 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules) * 1:6327 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules) * 1:6328 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - initial connection (malware-backdoor.rules) * 1:6329 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat client-to-server (malware-backdoor.rules) * 1:6330 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat server-to-client (malware-backdoor.rules) * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 variant outbound connection notification (malware-cnc.rules) * 1:6332 <-> DISABLED <-> MALWARE-BACKDOOR globalkiller1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:6333 <-> DISABLED <-> MALWARE-BACKDOOR wincrash 2.0 runtime detection (malware-backdoor.rules) * 1:6334 <-> DISABLED <-> MALWARE-BACKDOOR backlash runtime detection (malware-backdoor.rules) * 1:6335 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control - set flowbit (malware-backdoor.rules) * 1:6336 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control (malware-backdoor.rules) * 1:6337 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command - set flowbit (malware-backdoor.rules) * 1:6338 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command (malware-backdoor.rules) * 1:6339 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend email notification detection (malware-backdoor.rules) * 1:634 <-> DISABLED <-> INDICATOR-SCAN Amanda client-version request (indicator-scan.rules) * 1:6340 <-> DISABLED <-> MALWARE-OTHER Keylogger handy keylogger runtime detection (malware-other.rules) * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules) * 1:6342 <-> DISABLED <-> PUA-ADWARE Hijacker spediabar outbound connection - info check (pua-adware.rules) * 1:6343 <-> DISABLED <-> PUA-ADWARE Adware targetsaver runtime detection (pua-adware.rules) * 1:6344 <-> DISABLED <-> PUA-ADWARE Adware excite search bar runtime detection - config (pua-adware.rules) * 1:6345 <-> DISABLED <-> PUA-ADWARE Adware excite search bar runtime detection - search (pua-adware.rules) * 1:6346 <-> DISABLED <-> PUA-ADWARE Adware stationripper update detection (pua-adware.rules) * 1:6347 <-> DISABLED <-> PUA-ADWARE Adware stationripper ad display detection (pua-adware.rules) * 1:6348 <-> DISABLED <-> PUA-ADWARE Snoopware zenosearch outbound connection (pua-adware.rules) * 1:6349 <-> DISABLED <-> PUA-ADWARE Hijacker richfind update detection (pua-adware.rules) * 1:635 <-> DISABLED <-> INDICATOR-SCAN XTACACS logout (indicator-scan.rules) * 1:6350 <-> DISABLED <-> PUA-ADWARE Hijacker richfind auto search redirect detection (pua-adware.rules) * 1:6351 <-> DISABLED <-> PUA-ADWARE Hijacker adblock update detection (pua-adware.rules) * 1:6352 <-> DISABLED <-> PUA-ADWARE Hijacker adblock auto search redirect detection (pua-adware.rules) * 1:6353 <-> DISABLED <-> PUA-ADWARE Hijacker adblock ie search assistant redirect detection (pua-adware.rules) * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules) * 1:6355 <-> DISABLED <-> PUA-ADWARE Trickler wsearch outbound connection - mp3 search (pua-adware.rules) * 1:6356 <-> DISABLED <-> PUA-ADWARE Trickler wsearch outbound connection - desktop search (pua-adware.rules) * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules) * 1:6358 <-> DISABLED <-> PUA-ADWARE Hijacker need2find search query detection (pua-adware.rules) * 1:6359 <-> DISABLED <-> PUA-ADWARE Adware altnet runtime detection - initial retrieval (pua-adware.rules) * 1:636 <-> DISABLED <-> INDICATOR-SCAN cybercop udp bomb (indicator-scan.rules) * 1:6360 <-> DISABLED <-> PUA-ADWARE Adware altnet runtime detection - update (pua-adware.rules) * 1:6361 <-> DISABLED <-> PUA-ADWARE Adware altnet runtime detection - status report (pua-adware.rules) * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules) * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules) * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules) * 1:6365 <-> DISABLED <-> MALWARE-OTHER Sony rootkit runtime detection (malware-other.rules) * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules) * 1:6367 <-> DISABLED <-> PUA-ADWARE Trickler eacceleration downloadreceiver outbound connection - stop-sign ads (pua-adware.rules) * 1:6368 <-> DISABLED <-> PUA-ADWARE Adware flashtrack media/spoton runtime detection - update request (pua-adware.rules) * 1:637 <-> DISABLED <-> INDICATOR-SCAN Webtrends Scanner UDP Probe (indicator-scan.rules) * 1:6371 <-> DISABLED <-> PUA-ADWARE Adware flashtrack media/spoton runtime detection - pop up ads (pua-adware.rules) * 1:6372 <-> DISABLED <-> PUA-ADWARE Trickler spyblocs eblocs detection - get wsliveup.dat (pua-adware.rules) * 1:6373 <-> DISABLED <-> PUA-ADWARE Trickler spyblocs eblocs detection - stbarpat.dat (pua-adware.rules) * 1:6374 <-> DISABLED <-> PUA-ADWARE Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (pua-adware.rules) * 1:6375 <-> DISABLED <-> PUA-ADWARE Trickler spyblocs.eblocs detection - register request (pua-adware.rules) * 1:6376 <-> DISABLED <-> PUA-TOOLBARS Hijacker girafa toolbar - toolbar update (pua-toolbars.rules) * 1:6377 <-> DISABLED <-> PUA-TOOLBARS Hijacker girafa toolbar - browser hijack (pua-toolbars.rules) * 1:6378 <-> DISABLED <-> PUA-ADWARE Hijacker adbars outbound connection - homepage hijack (pua-adware.rules) * 1:6379 <-> DISABLED <-> PUA-TOOLBARS Hijacker adbars runtime detection - search in toolbar (pua-toolbars.rules) * 1:638 <-> DISABLED <-> INDICATOR-SHELLCODE SGI NOOP (indicator-shellcode.rules) * 1:6380 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - toolbar information retrieve (pua-toolbars.rules) * 1:6381 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - search in toolbar (pua-toolbars.rules) * 1:6382 <-> DISABLED <-> PUA-TOOLBARS Hijacker dotcomtoolbar runtime detection - url hook (pua-toolbars.rules) * 1:6383 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (malware-other.rules) * 1:6384 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (malware-other.rules) * 1:6385 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (malware-other.rules) * 1:6386 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent up notification (malware-other.rules) * 1:6387 <-> DISABLED <-> PUA-ADWARE Hijacker internet optimizer outbound connection - autosearch hijack (pua-adware.rules) * 1:6388 <-> DISABLED <-> PUA-ADWARE Hijacker internet optimizer outbound connection - error page hijack (pua-adware.rules) * 1:6389 <-> DISABLED <-> PUA-ADWARE Adware esyndicate runtime detection - postinstall request (pua-adware.rules) * 1:639 <-> DISABLED <-> INDICATOR-SHELLCODE SGI NOOP (indicator-shellcode.rules) * 1:6390 <-> DISABLED <-> PUA-ADWARE Adware esyndicate runtime detection - ads popup (pua-adware.rules) * 1:6391 <-> DISABLED <-> PUA-ADWARE Adware esyndicate runtime detection - ads popup (pua-adware.rules) * 1:6392 <-> DISABLED <-> PUA-ADWARE Hijacker zeropopup outbound connection (pua-adware.rules) * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules) * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death variant outbound connection server-to-client (malware-cnc.rules) * 1:6396 <-> DISABLED <-> MALWARE-CNC a-311 death user-agent string detected (malware-cnc.rules) * 1:6397 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - smtp (malware-backdoor.rules) * 1:6398 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - http (malware-backdoor.rules) * 1:6399 <-> DISABLED <-> MALWARE-BACKDOOR rad 1.2.3 runtime detection (malware-backdoor.rules) * 1:640 <-> DISABLED <-> INDICATOR-SHELLCODE AIX NOOP (indicator-shellcode.rules) * 1:6400 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection client-to-server (malware-backdoor.rules) * 1:6401 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection server-to-client (malware-backdoor.rules) * 1:6402 <-> DISABLED <-> MALWARE-BACKDOOR netangel connection client-to-server (malware-backdoor.rules) * 1:6403 <-> DISABLED <-> SERVER-WEBAPP horde help module arbitrary command execution attempt (server-webapp.rules) * 1:6404 <-> ENABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:6406 <-> DISABLED <-> POLICY-SOCIAL Gizmo VOIP client start-up version check (policy-social.rules) * 1:6407 <-> DISABLED <-> APP-DETECT Gizmo register VOIP state (app-detect.rules) * 1:6408 <-> DISABLED <-> POLICY-SOCIAL webshots desktop traffic (policy-social.rules) * 1:6409 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage server extension long host string overflow attempt (server-other.rules) * 1:641 <-> DISABLED <-> INDICATOR-SHELLCODE Digital UNIX NOOP (indicator-shellcode.rules) * 1:6410 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage server extension long host string overflow attempt (server-other.rules) * 1:6411 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage server extension long host string overflow attempt (server-other.rules) * 1:6412 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book attachment detected (server-mail.rules) * 1:6413 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Address Book Base64 encoded attachment detected (server-mail.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:6419 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (os-windows.rules) * 1:642 <-> DISABLED <-> INDICATOR-SHELLCODE HP-UX NOOP (indicator-shellcode.rules) * 1:6420 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (os-windows.rules) * 1:643 <-> DISABLED <-> INDICATOR-SHELLCODE HP-UX NOOP (indicator-shellcode.rules) * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:6432 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules) * 1:644 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:6444 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:645 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules) * 1:6455 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContext heap overflow attempt (os-windows.rules) * 1:6456 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContext heap overflow attempt (os-windows.rules) * 1:646 <-> DISABLED <-> INDICATOR-SHELLCODE sparc NOOP (indicator-shellcode.rules) * 1:6467 <-> DISABLED <-> POLICY-SOCIAL jabber traffic detected (policy-social.rules) * 1:6468 <-> DISABLED <-> POLICY-SOCIAL jabber file transfer request (policy-social.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules) * 1:6470 <-> ENABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules) * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules) * 1:6472 <-> ENABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules) * 1:6473 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager server-to-client (malware-backdoor.rules) * 1:6474 <-> DISABLED <-> MALWARE-CNC Win.Trojan.loosky.gen variant outbound connection notification (malware-cnc.rules) * 1:6475 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection - flowbit set (malware-backdoor.rules) * 1:6476 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection (malware-backdoor.rules) * 1:6477 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool beee runtime detection - smtp (malware-tools.rules) * 1:6478 <-> DISABLED <-> PUA-TOOLBARS Trackware searchingall toolbar runtime detection - send user url request (pua-toolbars.rules) * 1:6479 <-> DISABLED <-> PUA-ADWARE Snoopware totalvelocity zsearch outbound connection (pua-adware.rules) * 1:648 <-> DISABLED <-> INDICATOR-SHELLCODE x86 NOOP (indicator-shellcode.rules) * 1:6480 <-> DISABLED <-> PUA-ADWARE Hijacker cws.cameup outbound connection - home page (pua-adware.rules) * 1:6481 <-> DISABLED <-> PUA-ADWARE Hijacker cws.cameup outbound connection - search (pua-adware.rules) * 1:6482 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - get info (pua-toolbars.rules) * 1:6483 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - home page hijacker (pua-toolbars.rules) * 1:6484 <-> DISABLED <-> PUA-TOOLBARS Hijacker makemesearch toolbar runtime detection - search (pua-toolbars.rules) * 1:6487 <-> DISABLED <-> PUA-TOOLBARS Adware searchnugget toolbar runtime detection - check updates (pua-toolbars.rules) * 1:6488 <-> DISABLED <-> PUA-TOOLBARS Adware searchnugget toolbar runtime detection - redirect mistyped urls (pua-toolbars.rules) * 1:6489 <-> DISABLED <-> PUA-ADWARE Hijacker analyze IE outbound connection - default page hijacker (pua-adware.rules) * 1:649 <-> DISABLED <-> INDICATOR-SHELLCODE x86 setgid 0 (indicator-shellcode.rules) * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules) * 1:6492 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - notification (malware-backdoor.rules) * 1:6493 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - post data (malware-backdoor.rules) * 1:6494 <-> DISABLED <-> PUA-ADWARE Adware yourenhancement runtime detection (pua-adware.rules) * 1:6495 <-> DISABLED <-> PUA-ADWARE Hijacker troj_spywad.x outbound connection (pua-adware.rules) * 1:6496 <-> DISABLED <-> PUA-ADWARE Adware adpowerzone runtime detection (pua-adware.rules) * 1:6497 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules) * 1:6498 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules) * 1:6499 <-> DISABLED <-> MALWARE-BACKDOOR omerta 1.3 runtime detection (malware-backdoor.rules) * 1:650 <-> DISABLED <-> INDICATOR-SHELLCODE x86 setuid 0 (indicator-shellcode.rules) * 1:6500 <-> DISABLED <-> MALWARE-BACKDOOR omerta 1.3 runtime detection (malware-backdoor.rules) * 1:6502 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - ANIMEXTS1.0 (file-image.rules) * 1:6504 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus CAB file overflow attempt (file-other.rules) * 1:6505 <-> DISABLED <-> FILE-IMAGE Apple QuickTime fpx file SectNumMiniFAT overflow attempt (file-image.rules) * 1:6506 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom overflow attempt (file-multimedia.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:6509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri href buffer overflow attempt (browser-ie.rules) * 1:6510 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri shortcut buffer overflow attempt (browser-ie.rules) * 1:6511 <-> DISABLED <-> SERVER-WEBAPP ALT-N WebAdmin user param overflow attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:6513 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 truncated video mini-frame packet overflow attempt (protocol-voip.rules) * 1:6514 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 truncated full-frame packet overflow attempt (protocol-voip.rules) * 1:6515 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 truncated mini-frame packet overflow attempt (protocol-voip.rules) * 1:6516 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXImageTransform.Microsoft.Light ActiveX function call access (browser-plugins.rules) * 1:6517 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXImageTransform.Microsoft.Light ActiveX clsid access (browser-plugins.rules) * 1:652 <-> DISABLED <-> INDICATOR-SHELLCODE Linux shellcode (indicator-shellcode.rules) * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:655 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules) * 1:657 <-> DISABLED <-> SERVER-MAIL Netmanager chameleon SMTPd buffer overflow attempt (server-mail.rules) * 1:658 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange Server 5.5 mime DOS (server-mail.rules) * 1:6584 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (os-windows.rules) * 1:659 <-> DISABLED <-> SERVER-MAIL Sendmail expn decode (server-mail.rules) * 1:660 <-> DISABLED <-> SERVER-MAIL expn root (server-mail.rules) * 1:661 <-> DISABLED <-> SERVER-MAIL Majordomo ifs (server-mail.rules) * 1:662 <-> DISABLED <-> SERVER-MAIL Sendmail 5.5.5 exploit (server-mail.rules) * 1:663 <-> DISABLED <-> SERVER-MAIL Sendmail rcpt to command attempt (server-mail.rules) * 1:664 <-> DISABLED <-> SERVER-MAIL Sendmail RCPT TO decode attempt (server-mail.rules) * 1:665 <-> DISABLED <-> SERVER-MAIL Sendmail 5.6.5 exploit (server-mail.rules) * 1:667 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.10 exploit (server-mail.rules) * 1:668 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.10 exploit (server-mail.rules) * 1:6681 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX clsid access (browser-plugins.rules) * 1:6682 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX function call access (browser-plugins.rules) * 1:6684 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffectInplace1Input ActiveX clsid access (browser-plugins.rules) * 1:6686 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffect2Inputs ActiveX clsid access (browser-plugins.rules) * 1:6687 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DXImageTransform.Microsoft.MMSpecialEffect1Input ActiveX function call access (browser-plugins.rules) * 1:6689 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules) * 1:669 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules) * 1:6690 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:6691 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sBIT overflow attempt (file-image.rules) * 1:6692 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:6693 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected bKGD overflow attempt (file-image.rules) * 1:6694 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected hIST overflow attempt (file-image.rules) * 1:6695 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:6696 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected pHYs overflow attempt (file-image.rules) * 1:6697 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sPLT overflow attempt (file-image.rules) * 1:6698 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tIME overflow attempt (file-image.rules) * 1:6699 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iTXt overflow attempt (file-image.rules) * 1:670 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9 exploit (server-mail.rules) * 1:6701 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected zTXt overflow attempt (file-image.rules) * 1:6702 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6703 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6704 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6705 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules) * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules) * 1:6708 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6709 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:671 <-> DISABLED <-> SERVER-MAIL Sendmail 8.6.9c exploit (server-mail.rules) * 1:6710 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6711 <-> DISABLED <-> NETBIOS SMB-DS NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules) * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules) * 1:6714 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences phonebook mode overflow attempt (os-windows.rules) * 1:672 <-> DISABLED <-> SERVER-MAIL vrfy decode (server-mail.rules) * 1:673 <-> DISABLED <-> SQL sp_start_job - program execution (sql.rules) * 1:676 <-> DISABLED <-> SQL sp_start_job - program execution (sql.rules) * 1:677 <-> DISABLED <-> SQL sp_password password change (sql.rules) * 1:678 <-> DISABLED <-> SQL sp_delete_alert log file deletion (sql.rules) * 1:679 <-> DISABLED <-> SQL sp_adduser database user creation (sql.rules) * 1:681 <-> DISABLED <-> SQL xp_cmdshell program execution (sql.rules) * 1:6810 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences area/country overflow attempt (os-windows.rules) * 1:683 <-> DISABLED <-> SQL sp_password - password change (sql.rules) * 1:684 <-> DISABLED <-> SQL sp_delete_alert log file deletion (sql.rules) * 1:685 <-> DISABLED <-> SQL sp_adduser - database user creation (sql.rules) * 1:686 <-> DISABLED <-> SERVER-MSSQL xp_reg* - registry access (server-mssql.rules) * 1:687 <-> DISABLED <-> SQL xp_cmdshell - program execution (sql.rules) * 1:688 <-> DISABLED <-> SQL sa login failed (sql.rules) * 1:689 <-> DISABLED <-> SERVER-MSSQL xp_reg* registry access (server-mssql.rules) * 1:6906 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rras RasRpcSetUserPreferences callback number overflow attempt (os-windows.rules) * 1:691 <-> DISABLED <-> INDICATOR-SHELLCODE shellcode attempt (indicator-shellcode.rules) * 1:692 <-> DISABLED <-> INDICATOR-SHELLCODE shellcode attempt (indicator-shellcode.rules) * 1:693 <-> DISABLED <-> INDICATOR-SHELLCODE shellcode attempt (indicator-shellcode.rules) * 1:694 <-> DISABLED <-> INDICATOR-SHELLCODE shellcode attempt (indicator-shellcode.rules) * 1:695 <-> DISABLED <-> SERVER-MSSQL xp_sprintf possible buffer overflow (server-mssql.rules) * 1:7002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules) * 1:7003 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX function call access (browser-plugins.rules) * 1:7004 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Internet.HHCtrl.1 ActiveX function call access (browser-plugins.rules) * 1:7005 <-> DISABLED <-> BROWSER-PLUGINS OutlookExpress.AddressBook ActiveX function call access (browser-plugins.rules) * 1:7006 <-> DISABLED <-> BROWSER-PLUGINS ASControls.InstallEngineCtl ActiveX function call access (browser-plugins.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:7008 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.DAUserData ActiveX function call access (browser-plugins.rules) * 1:7009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows DirectAnimation.StructuredGraphicsControl ActiveX function call access (browser-plugins.rules) * 1:7010 <-> DISABLED <-> BROWSER-PLUGINS HtmlDlgSafeHelper.HtmlDlgSafeHelper.1 ActiveX function call access (browser-plugins.rules) * 1:7011 <-> DISABLED <-> BROWSER-PLUGINS HtmlDlgSafeHelper.HtmlDlgSafeHelper ActiveX function call access (browser-plugins.rules) * 1:7012 <-> DISABLED <-> BROWSER-PLUGINS Internet.PopupMenu.1 ActiveX function call access (browser-plugins.rules) * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules) * 1:7014 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.ASFSourceMediaDescription.1 ActiveX function call access (browser-plugins.rules) * 1:7015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer NMSA.MediaDescription ActiveX function call access attempt (browser-plugins.rules) * 1:7016 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Object.Microsoft.DXTFilter ActiveX function call access (browser-plugins.rules) * 1:7017 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer RDS.DataControl ActiveX function call access (browser-plugins.rules) * 1:7018 <-> DISABLED <-> BROWSER-PLUGINS Sysmon ActiveX function call access (browser-plugins.rules) * 1:7020 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled function buffer overflow (browser-ie.rules) * 1:7021 <-> DISABLED <-> OS-LINUX kernel SCTP chunkless packet denial of service attempt (os-linux.rules) * 1:7022 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer invalid url file overflow attempt (os-windows.rules) * 1:7025 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules) * 1:7026 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX function call access (browser-plugins.rules) * 1:7027 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7028 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7029 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7030 <-> DISABLED <-> POLICY-SOCIAL silc server response (policy-social.rules) * 1:7031 <-> DISABLED <-> POLICY-SOCIAL silc client outbound connection (policy-social.rules) * 1:7032 <-> DISABLED <-> APP-DETECT GoToMyPC startup (app-detect.rules) * 1:7033 <-> DISABLED <-> APP-DETECT GoToMyPC local service running (app-detect.rules) * 1:7034 <-> DISABLED <-> APP-DETECT GoToMyPC remote control attempt (app-detect.rules) * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules) * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules) * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:704 <-> DISABLED <-> SERVER-MSSQL xp_sprintf possible buffer overflow (server-mssql.rules) * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules) * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules) * 1:7048 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object record overflow attempt (file-office.rules) * 1:7049 <-> DISABLED <-> PUA-ADWARE Hijacker extreme biz outbound connection - uniq1 (pua-adware.rules) * 1:7050 <-> DISABLED <-> PUA-TOOLBARS Hijacker freecruise toolbar runtime detection (pua-toolbars.rules) * 1:7051 <-> DISABLED <-> PUA-ADWARE Trickler generic downloader.g outbound connection - spyware injection (pua-adware.rules) * 1:7052 <-> DISABLED <-> PUA-ADWARE Trickler generic downloader.g outbound connection - adv (pua-adware.rules) * 1:7053 <-> DISABLED <-> PUA-ADWARE Adware webredir runtime detection (pua-adware.rules) * 1:7054 <-> DISABLED <-> PUA-ADWARE Trickler download arq variant outbound connection (pua-adware.rules) * 1:7055 <-> DISABLED <-> PUA-ADWARE Hijacker vip01 biz outbound connection - adv (pua-adware.rules) * 1:7057 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - initial connection (malware-backdoor.rules) * 1:7058 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file flowbit 1 (malware-backdoor.rules) * 1:7059 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log flowbit 2 (malware-backdoor.rules) * 1:7060 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log (malware-backdoor.rules) * 1:7061 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download log flowbit 1 (malware-backdoor.rules) * 1:7064 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - email notification (malware-backdoor.rules) * 1:7065 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (malware-backdoor.rules) * 1:7066 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (malware-backdoor.rules) * 1:7067 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - reverse connection (malware-backdoor.rules) * 1:7068 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - ping (malware-backdoor.rules) * 1:7069 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - pc info (malware-backdoor.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:7071 <-> DISABLED <-> SERVER-WEBAPP encoded cross site scripting HTML Image tag set to javascript attempt (server-webapp.rules) * 1:7072 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (malware-backdoor.rules) * 1:7073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection notification (malware-cnc.rules) * 1:7074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection cmd (malware-cnc.rules) * 1:7075 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.0 runtime detection (malware-backdoor.rules) * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection cgi notification (malware-cnc.rules) * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection icq notification (malware-cnc.rules) * 1:7078 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection flowbit 1 (malware-backdoor.rules) * 1:7079 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection flowbit 2 (malware-backdoor.rules) * 1:7080 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection flowbit 3 (malware-backdoor.rules) * 1:7081 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection (malware-backdoor.rules) * 1:7082 <-> DISABLED <-> MALWARE-BACKDOOR mosucker3.0 runtime detection - client-to-server (malware-backdoor.rules) * 1:7083 <-> DISABLED <-> MALWARE-BACKDOOR mosucker3.0 runtime detection - server-to-client1 (malware-backdoor.rules) * 1:7084 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - sin notification (malware-backdoor.rules) * 1:7085 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection (malware-backdoor.rules) * 1:7086 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - init connection (malware-backdoor.rules) * 1:7087 <-> DISABLED <-> MALWARE-BACKDOOR sinique 1.0 runtime detection - initial connection with correct password client-to-server (malware-backdoor.rules) * 1:7088 <-> DISABLED <-> MALWARE-BACKDOOR sinique 1.0 runtime detection - initial connection with correct password server-to-client (malware-backdoor.rules) * 1:7089 <-> DISABLED <-> MALWARE-BACKDOOR sinique 1.0 runtime detection - initial connection with wrong password -client-to-server (malware-backdoor.rules) * 1:709 <-> DISABLED <-> PROTOCOL-TELNET 4Dgifts SGI account attempt (protocol-telnet.rules) * 1:7090 <-> DISABLED <-> MALWARE-BACKDOOR sinique 1.0 runtime detection - initial connection with wrong password server-to-client (malware-backdoor.rules) * 1:7091 <-> ENABLED <-> MALWARE-BACKDOOR serveme runtime detection (malware-backdoor.rules) * 1:7096 <-> ENABLED <-> MALWARE-BACKDOOR remote hack 1.5 runtime detection - logon (malware-backdoor.rules) * 1:7097 <-> ENABLED <-> MALWARE-BACKDOOR remote hack 1.5 runtime detection - execute file (malware-backdoor.rules) * 1:7098 <-> ENABLED <-> MALWARE-BACKDOOR remote hack 1.5 runtime detection - get password (malware-backdoor.rules) * 1:7099 <-> ENABLED <-> MALWARE-BACKDOOR remote hack 1.5 runtime detection - start keylogger (malware-backdoor.rules) * 1:710 <-> DISABLED <-> PROTOCOL-TELNET EZsetup account attempt (protocol-telnet.rules) * 1:7101 <-> DISABLED <-> MALWARE-BACKDOOR gwboy 0.92 runtime detection (malware-backdoor.rules) * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 variant outbound connection (malware-cnc.rules) * 1:7104 <-> ENABLED <-> MALWARE-BACKDOOR aol admin runtime detection (malware-backdoor.rules) * 1:7105 <-> ENABLED <-> MALWARE-BACKDOOR aol admin runtime detection (malware-backdoor.rules) * 1:7106 <-> ENABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:7107 <-> DISABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules) * 1:7108 <-> ENABLED <-> MALWARE-BACKDOOR undetected runtime detection (malware-backdoor.rules) * 1:711 <-> DISABLED <-> PROTOCOL-TELNET SGI telnetd format bug (protocol-telnet.rules) * 1:7111 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7112 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules) * 1:7113 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant inbound connection detection (malware-backdoor.rules) * 1:7114 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.DonaldDick variant outbound connection detection (malware-backdoor.rules) * 1:7115 <-> ENABLED <-> MALWARE-BACKDOOR ghost 2.3 runtime detection (malware-backdoor.rules) * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules) * 1:7118 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection user-agent string detected (malware-cnc.rules) * 1:7119 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection (malware-backdoor.rules) * 1:712 <-> DISABLED <-> PROTOCOL-TELNET ld_library_path (protocol-telnet.rules) * 1:7120 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 1 (malware-backdoor.rules) * 1:7121 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection (malware-backdoor.rules) * 1:7122 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 2 (malware-backdoor.rules) * 1:7123 <-> DISABLED <-> PUA-ADWARE Other-Technologies alfacleaner outbound connection - update (pua-adware.rules) * 1:7124 <-> DISABLED <-> PUA-ADWARE Other-Technologies alfacleaner outbound connection - buy (pua-adware.rules) * 1:7125 <-> DISABLED <-> PUA-ADWARE Hijacker traffbest biz outbound connection - adv (pua-adware.rules) * 1:7126 <-> DISABLED <-> PUA-ADWARE Hijacker trojan proxy atiup outbound connection - notification (pua-adware.rules) * 1:7127 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - tracking (pua-adware.rules) * 1:7128 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 1 (pua-adware.rules) * 1:7129 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 2 (pua-adware.rules) * 1:713 <-> DISABLED <-> PROTOCOL-TELNET livingston DOS (protocol-telnet.rules) * 1:7130 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - search assissant hijacking (pua-adware.rules) * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules) * 1:7136 <-> DISABLED <-> PUA-ADWARE Hijacker dsrch outbound connection - search assistant redirect (pua-adware.rules) * 1:7137 <-> DISABLED <-> PUA-ADWARE Hijacker dsrch outbound connection - side search redirect (pua-adware.rules) * 1:7138 <-> DISABLED <-> PUA-ADWARE Other-Technologies clicktrojan outbound connection - version check (pua-adware.rules) * 1:7139 <-> DISABLED <-> PUA-ADWARE Other-Technologies clicktrojan outbound connection - fake search query (pua-adware.rules) * 1:714 <-> DISABLED <-> PROTOCOL-TELNET resolv_host_conf (protocol-telnet.rules) * 1:7140 <-> DISABLED <-> PUA-ADWARE Adware pay-per-click runtime detection - configuration (pua-adware.rules) * 1:7141 <-> DISABLED <-> PUA-ADWARE Adware pay-per-click runtime detection - update (pua-adware.rules) * 1:7142 <-> DISABLED <-> PUA-ADWARE Adware ares flash downloader 2.04 runtime detection (pua-adware.rules) * 1:7143 <-> DISABLED <-> PUA-ADWARE Adware digink.com runtime detection (pua-adware.rules) * 1:7144 <-> DISABLED <-> PUA-ADWARE Hijacker cool search outbound connection (pua-adware.rules) * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules) * 1:7146 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - sin notification (malware-tools.rules) * 1:7147 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection icq notification (malware-cnc.rules) * 1:7148 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - cgi notification (malware-tools.rules) * 1:7149 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection php notification (malware-cnc.rules) * 1:715 <-> DISABLED <-> PROTOCOL-TELNET Attempted SU from wrong group (protocol-telnet.rules) * 1:7150 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection irc notification (malware-cnc.rules) * 1:7151 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection net send notification (malware-cnc.rules) * 1:7152 <-> DISABLED <-> PUA-ADWARE Hijacker cnsmin 3721 outbound connection - installation (pua-adware.rules) * 1:7153 <-> DISABLED <-> PUA-ADWARE Hijacker cnsmin 3721 outbound connection - hijacking (pua-adware.rules) * 1:7154 <-> DISABLED <-> MALWARE-OTHER Keylogger active keylogger home runtime detection (malware-other.rules) * 1:7155 <-> DISABLED <-> PUA-ADWARE Trickler jubster outbound connection (pua-adware.rules) * 1:7156 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - email delivery (malware-other.rules) * 1:7157 <-> ENABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - remote conn client-to-server (malware-other.rules) * 1:7158 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - remote conn server-to-client (malware-other.rules) * 1:7159 <-> ENABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - upload file client-to-server (malware-other.rules) * 1:7160 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - upload file server-to-client (malware-other.rules) * 1:7161 <-> ENABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - download file client-to-server (malware-other.rules) * 1:7162 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - download file server-to-client (malware-other.rules) * 1:7163 <-> ENABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - execute file client-to-server (malware-other.rules) * 1:7164 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - execute file server-to-client (malware-other.rules) * 1:7165 <-> ENABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange - flowbit set 1 (malware-other.rules) * 1:7166 <-> ENABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange - flowbit set 2 (malware-other.rules) * 1:7167 <-> ENABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange - flowbit set 3 (malware-other.rules) * 1:7168 <-> ENABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange - flowbit set 4 (malware-other.rules) * 1:7169 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange (malware-other.rules) * 1:717 <-> DISABLED <-> PROTOCOL-TELNET not on console (protocol-telnet.rules) * 1:7175 <-> ENABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - log retrieve (malware-other.rules) * 1:7176 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - log retrieve (malware-other.rules) * 1:7177 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - info send through email (malware-other.rules) * 1:7178 <-> ENABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules) * 1:7179 <-> ENABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules) * 1:718 <-> DISABLED <-> PROTOCOL-TELNET login incorrect (protocol-telnet.rules) * 1:7180 <-> DISABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules) * 1:7183 <-> DISABLED <-> MALWARE-CNC Snoopware barok variant outbound connection (malware-cnc.rules) * 1:7184 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - smtp (malware-other.rules) * 1:7185 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - ftp (malware-other.rules) * 1:7186 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb Keylogger runtime detection (malware-other.rules) * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules) * 1:7188 <-> DISABLED <-> PUA-ADWARE Hijacker shop at home select - merchant redirect in progress (pua-adware.rules) * 1:7189 <-> DISABLED <-> MALWARE-OTHER Trackware shopathome runtime detection - setcookie request (malware-other.rules) * 1:719 <-> DISABLED <-> PROTOCOL-TELNET root login (protocol-telnet.rules) * 1:7190 <-> DISABLED <-> PUA-ADWARE Adware trustyfiles v3.1.0.1 runtime detection - host retrieval (pua-adware.rules) * 1:7191 <-> DISABLED <-> PUA-ADWARE Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (pua-adware.rules) * 1:7192 <-> DISABLED <-> PUA-ADWARE Adware trustyfiles v3.1.0.1 runtime detection - sponsor selection (pua-adware.rules) * 1:7193 <-> DISABLED <-> PUA-ADWARE Adware trustyfiles v3.1.0.1 runtime detection - startup access (pua-adware.rules) * 1:7194 <-> DISABLED <-> PUA-ADWARE Hijacker shopprreports outbound connection - services requests (pua-adware.rules) * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules) * 1:7197 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (file-office.rules) * 1:7202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:7203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word information string overflow attempt (file-office.rules) * 1:7204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object ftCmo overflow attempt (file-office.rules) * 1:7205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:7206 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION access attempt (server-oracle.rules) * 1:7207 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt (server-oracle.rules) * 1:7208 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA access attempt (server-oracle.rules) * 1:7209 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:7210 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:7421 <-> DISABLED <-> SERVER-ORACLE DBMS_EXPORT_EXTENSION.GET_V2_DOMAIN_INDEX_TABLES access attempt (server-oracle.rules) * 1:7422 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MMC mmcndmgr.dll cross site scripting attempt (os-windows.rules) * 1:7423 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MMC mmc.exe cross site scripting attempt (os-windows.rules) * 1:7424 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MMC createcab.cmd cross site scripting attempt (os-windows.rules) * 1:7425 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 9x8Resize ActiveX clsid access (browser-plugins.rules) * 1:7427 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Allocator Fix ActiveX clsid access (browser-plugins.rules) * 1:7429 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Bitmap ActiveX clsid access (browser-plugins.rules) * 1:7431 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectFrame.DirectControl.1 ActiveX clsid access (browser-plugins.rules) * 1:7433 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectX Transform Wrapper Property Page ActiveX clsid access (browser-plugins.rules) * 1:7435 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX clsid access (browser-plugins.rules) * 1:7436 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX function call (browser-plugins.rules) * 1:7437 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Frame Eater ActiveX clsid access (browser-plugins.rules) * 1:7439 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Help ActiveX clsid access (browser-plugins.rules) * 1:7442 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mmAEPlugIn.AEPlugIn.1 ActiveX clsid access (browser-plugins.rules) * 1:7444 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mmedia.AsyncMHandler.1 ActiveX clsid access (browser-plugins.rules) * 1:7446 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Record Queue ActiveX clsid access (browser-plugins.rules) * 1:7448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShotDetect ActiveX clsid access (browser-plugins.rules) * 1:7450 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Stetch ActiveX clsid access (browser-plugins.rules) * 1:7452 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM Color Converter Filter ActiveX clsid access (browser-plugins.rules) * 1:7454 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2ae.dll ActiveX clsid access (browser-plugins.rules) * 1:7456 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxa.dll ActiveX clsid access (browser-plugins.rules) * 1:7458 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Wmm2fxb.dll ActiveX clsid access (browser-plugins.rules) * 1:7460 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Audio Analyzer ActiveX clsid access (browser-plugins.rules) * 1:7462 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Black Frame Generator ActiveX clsid access (browser-plugins.rules) * 1:7464 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Filter ActiveX clsid access (browser-plugins.rules) * 1:7466 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DeInterlace Prop Page ActiveX clsid access (browser-plugins.rules) * 1:7468 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DirectX Transform Wrapper ActiveX clsid access (browser-plugins.rules) * 1:7470 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT DV Extract Filter ActiveX clsid access (browser-plugins.rules) * 1:7472 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion Prop Page ActiveX clsid access (browser-plugins.rules) * 1:7474 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT FormatConversion ActiveX clsid access (browser-plugins.rules) * 1:7476 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Import Filter ActiveX clsid access (browser-plugins.rules) * 1:7478 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Interlacer ActiveX clsid access (browser-plugins.rules) * 1:7480 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Log Filter ActiveX clsid access (browser-plugins.rules) * 1:7482 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT MuxDeMux Filter ActiveX clsid access (browser-plugins.rules) * 1:7484 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Sample Info Filter ActiveX clsid access (browser-plugins.rules) * 1:7486 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen Capture Filter Task Page ActiveX clsid access (browser-plugins.rules) * 1:7488 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Screen capture Filter ActiveX clsid access (browser-plugins.rules) * 1:7490 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Switch Filter ActiveX clsid access (browser-plugins.rules) * 1:7492 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Renderer ActiveX clsid access (browser-plugins.rules) * 1:7494 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Virtual Source ActiveX clsid access (browser-plugins.rules) * 1:7496 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMT Volume ActiveX clsid access (browser-plugins.rules) * 1:7498 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM TV Out Smooth Picture Filter ActiveX clsid access (browser-plugins.rules) * 1:7500 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WM VIH2 Fix ActiveX clsid access (browser-plugins.rules) * 1:7502 <-> DISABLED <-> BROWSER-PLUGINS tsuserex.ADsTSUserEx.1 ActiveX clsid access (browser-plugins.rules) * 1:7504 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - ftp-data (malware-other.rules) * 1:7505 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - smtp (malware-other.rules) * 1:7506 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection - flowbit set (malware-tools.rules) * 1:7507 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection (malware-tools.rules) * 1:7508 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping - flowbit set (malware-tools.rules) * 1:7509 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping (malware-tools.rules) * 1:7510 <-> DISABLED <-> PUA-ADWARE Trickler edonkey2000 outbound connection - version verification (pua-adware.rules) * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules) * 1:7512 <-> ENABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - init connection - flowbit set (malware-other.rules) * 1:7513 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - init connection (malware-other.rules) * 1:7514 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - send out info to server periodically (malware-other.rules) * 1:7515 <-> DISABLED <-> MALWARE-OTHER Keylogger watchdog runtime detection - remote monitoring (malware-other.rules) * 1:7516 <-> DISABLED <-> PUA-TOOLBARS Trickler hmtoolbar runtime detection (pua-toolbars.rules) * 1:7517 <-> DISABLED <-> PUA-ADWARE Hijacker chinese keywords outbound connection (pua-adware.rules) * 1:7518 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - get up-to-date news info (pua-toolbars.rules) * 1:7520 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - ie autosearch hijack (pua-toolbars.rules) * 1:7521 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - search toolbar request 1 (pua-toolbars.rules) * 1:7522 <-> DISABLED <-> PUA-TOOLBARS Trackware earthlink toolbar runtime detection - search toolbar request 2 (pua-toolbars.rules) * 1:7524 <-> DISABLED <-> PUA-ADWARE Hijacker moneybar outbound connection - cgispy counter (pua-adware.rules) * 1:7525 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - barad.asp request (pua-toolbars.rules) * 1:7526 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - stat counter (pua-toolbars.rules) * 1:7527 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - toolbar find function (pua-toolbars.rules) * 1:7528 <-> DISABLED <-> PUA-TOOLBARS Trackware hotblox toolbar runtime detection - ie autosearch hijack (pua-toolbars.rules) * 1:7529 <-> DISABLED <-> PUA-ADWARE Snoopware halflife jacker outbound connection (pua-adware.rules) * 1:7530 <-> DISABLED <-> PUA-ADWARE Trickler mediaseek.pl client outbound connection - trickler (pua-adware.rules) * 1:7531 <-> DISABLED <-> PUA-ADWARE Trickler mediaseek.pl client outbound connection - login (pua-adware.rules) * 1:7532 <-> DISABLED <-> PUA-ADWARE Adware piolet runtime detection - user-agent (pua-adware.rules) * 1:7533 <-> DISABLED <-> PUA-ADWARE Adware piolet runtime detection - ads request (pua-adware.rules) * 1:7535 <-> DISABLED <-> PUA-ADWARE Hijacker clearsearch variant outbound connection - pass information (pua-adware.rules) * 1:7536 <-> DISABLED <-> PUA-ADWARE Hijacker clearsearch variant outbound connection - popup (pua-adware.rules) * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules) * 1:7538 <-> DISABLED <-> PUA-ADWARE Screen-Scraper hidden camera outbound connection (pua-adware.rules) * 1:7539 <-> DISABLED <-> MALWARE-OTHER Keylogger eye spy pro 1.0 runtime detection (malware-other.rules) * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules) * 1:7541 <-> DISABLED <-> MALWARE-OTHER Keylogger starlogger runtime detection (malware-other.rules) * 1:7542 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool mini oblivion runtime detection - successful init connection (malware-tools.rules) * 1:7543 <-> DISABLED <-> PUA-ADWARE Hijacker 2020search outbound connection (pua-adware.rules) * 1:7544 <-> ENABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection - flowbit set 1 (malware-other.rules) * 1:7545 <-> ENABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection - flowbit set 2 (malware-other.rules) * 1:7546 <-> DISABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection (malware-other.rules) * 1:7547 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent status monitoring (malware-other.rules) * 1:7548 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent up notification (malware-other.rules) * 1:7549 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection (malware-other.rules) * 1:7550 <-> DISABLED <-> PUA-ADWARE Adware adroar runtime detection (pua-adware.rules) * 1:7551 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - smtp (malware-other.rules) * 1:7552 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - ftp (malware-other.rules) * 1:7553 <-> DISABLED <-> PUA-ADWARE Adware hxdl runtime detection - hxlogonly user-agent (pua-adware.rules) * 1:7554 <-> DISABLED <-> PUA-ADWARE Adware hxdl runtime detection - hxdownload user-agent (pua-adware.rules) * 1:7556 <-> DISABLED <-> PUA-ADWARE Hijacker blazefind outbound connection - search bar (pua-adware.rules) * 1:7557 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - start up (malware-other.rules) * 1:7558 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - installation notify (malware-other.rules) * 1:7559 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - track user activity and status (malware-other.rules) * 1:7560 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - self update (malware-other.rules) * 1:7561 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - opt out of interstitial advertising (malware-other.rules) * 1:7562 <-> DISABLED <-> PUA-ADWARE Adware morpheus runtime detection - ad 1 (pua-adware.rules) * 1:7563 <-> DISABLED <-> PUA-ADWARE Adware morpheus runtime detection - ad 2 (pua-adware.rules) * 1:7564 <-> DISABLED <-> PUA-ADWARE Hijacker startnow outbound connection (pua-adware.rules) * 1:7565 <-> DISABLED <-> PUA-ADWARE Hijacker adshooter.searchforit outbound connection - search engine (pua-adware.rules) * 1:7566 <-> DISABLED <-> PUA-ADWARE Hijacker adshooter.searchforit outbound connection - redirector (pua-adware.rules) * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Win.Adware.MyWebSearch Toolbar funwebproducts variant outbound connection (pua-toolbars.rules) * 1:7568 <-> DISABLED <-> MALWARE-OTHER Trackware webhancer runtime detection (malware-other.rules) * 1:7569 <-> DISABLED <-> PUA-ADWARE Adware lordofsearch runtime detection (pua-adware.rules) * 1:7570 <-> DISABLED <-> PUA-ADWARE Hijacker linkspider search bar outbound connection - ads (pua-adware.rules) * 1:7571 <-> DISABLED <-> PUA-TOOLBARS Hijacker linkspider search bar runtime detection - toolbar search (pua-toolbars.rules) * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules) * 1:7573 <-> DISABLED <-> PUA-ADWARE Trickler album galaxy outbound connection - p2p gnutella (pua-adware.rules) * 1:7574 <-> DISABLED <-> MALWARE-OTHER Keylogger proagent 2.0 runtime detection (malware-other.rules) * 1:7575 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - weather request (pua-toolbars.rules) * 1:7576 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - hijack ie browser (pua-toolbars.rules) * 1:7577 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - collect information (pua-toolbars.rules) * 1:7578 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - reference (pua-toolbars.rules) * 1:7579 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - smileys (pua-toolbars.rules) * 1:7580 <-> DISABLED <-> PUA-TOOLBARS Hijacker starware toolbar runtime detection - update (pua-toolbars.rules) * 1:7581 <-> DISABLED <-> PUA-TOOLBARS Hijacker flashbar runtime detection - user-agent (pua-toolbars.rules) * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules) * 1:7583 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - flowbit set big (malware-tools.rules) * 1:7584 <-> ENABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - flowbit set open (malware-tools.rules) * 1:7585 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - flowbit set image (malware-tools.rules) * 1:7586 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - image transferred (malware-tools.rules) * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules) * 1:7588 <-> DISABLED <-> PUA-ADWARE Trickler urlblaze outbound connection - files search or download (pua-adware.rules) * 1:7589 <-> DISABLED <-> PUA-ADWARE Trickler urlblaze outbound connection - irc notification (pua-adware.rules) * 1:7590 <-> DISABLED <-> PUA-TOOLBARS Hijacker swbar runtime detection (pua-toolbars.rules) * 1:7591 <-> ENABLED <-> MALWARE-OTHER Keylogger keylogger pro runtime detection - flowbit set (malware-other.rules) * 1:7592 <-> DISABLED <-> MALWARE-OTHER Keylogger keylogger pro runtime detection (malware-other.rules) * 1:7593 <-> DISABLED <-> PUA-TOOLBARS Trackware trellian toolbarbrowser runtime detection (pua-toolbars.rules) * 1:7594 <-> DISABLED <-> PUA-ADWARE Adware comedy planet runtime detection - ads (pua-adware.rules) * 1:7595 <-> DISABLED <-> PUA-ADWARE Adware comedy planet runtime detection - collect user information (pua-adware.rules) * 1:7596 <-> ENABLED <-> MALWARE-OTHER Keylogger spy lantern keylogger runtime detection - flowbit set (malware-other.rules) * 1:7597 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern keylogger runtime detection (malware-other.rules) * 1:7598 <-> DISABLED <-> PUA-TOOLBARS Snoopware 2-seek runtime detection - search in toolbar (pua-toolbars.rules) * 1:7599 <-> DISABLED <-> PUA-TOOLBARS Snoopware 2-seek runtime detection - user info collection (pua-toolbars.rules) * 1:7600 <-> DISABLED <-> PUA-ADWARE Hijacker adtraffic outbound connection - notfound website search hijack and redirection (pua-adware.rules) * 1:7601 <-> DISABLED <-> PUA-ADWARE Snoopware big brother v3.5.1 outbound connection - connect to keyserver (pua-adware.rules) * 1:7602 <-> DISABLED <-> PUA-ADWARE Snoopware big brother v3.5.1 outbound connection - connect to receiver - flowbit set (pua-adware.rules) * 1:7603 <-> DISABLED <-> PUA-ADWARE Snoopware big brother v3.5.1 outbound connection - connect to receiver (pua-adware.rules) * 1:7604 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set (malware-backdoor.rules) * 1:7605 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture (malware-backdoor.rules) * 1:7606 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info - flowbit set (malware-backdoor.rules) * 1:7607 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info (malware-backdoor.rules) * 1:7608 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat - flowbit set (malware-backdoor.rules) * 1:7609 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat (malware-backdoor.rules) * 1:7616 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection without password (malware-backdoor.rules) * 1:7617 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 (malware-backdoor.rules) * 1:7618 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (malware-backdoor.rules) * 1:7619 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password (malware-backdoor.rules) * 1:7620 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 (malware-backdoor.rules) * 1:7621 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (malware-backdoor.rules) * 1:7622 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (malware-backdoor.rules) * 1:7623 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request (malware-backdoor.rules) * 1:7624 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - data connection (malware-backdoor.rules) * 1:7625 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 (malware-backdoor.rules) * 1:7626 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (malware-backdoor.rules) * 1:7627 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (malware-backdoor.rules) * 1:7628 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (malware-backdoor.rules) * 1:7629 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection (malware-backdoor.rules) * 1:7630 <-> DISABLED <-> MALWARE-BACKDOOR helios 3.1 runtime detection - initial connection (malware-backdoor.rules) * 1:7631 <-> ENABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set (malware-backdoor.rules) * 1:7632 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info (malware-backdoor.rules) * 1:7633 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set (malware-backdoor.rules) * 1:7634 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection (malware-backdoor.rules) * 1:7635 <-> ENABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set (malware-backdoor.rules) * 1:7636 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch processes list (malware-backdoor.rules) * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 variant outbound connection icq notification (malware-cnc.rules) * 1:7638 <-> DISABLED <-> MALWARE-BACKDOOR Win.Exploit.Backdoor ncph runtime detection - initial connection (malware-backdoor.rules) * 1:7639 <-> DISABLED <-> MALWARE-CNC air variant outbound connection php notification (malware-cnc.rules) * 1:7640 <-> DISABLED <-> MALWARE-CNC air variant outbound connection webmail notification (malware-cnc.rules) * 1:7641 <-> ENABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules) * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules) * 1:7643 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol takeover runtime detection (malware-backdoor.rules) * 1:7644 <-> DISABLED <-> MALWARE-BACKDOOR ullysse runtime detection - client-to-server (malware-backdoor.rules) * 1:7645 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection - flowbit set (malware-backdoor.rules) * 1:7646 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection (malware-backdoor.rules) * 1:7647 <-> DISABLED <-> MALWARE-BACKDOOR minicom lite runtime detection - udp (malware-backdoor.rules) * 1:7648 <-> DISABLED <-> MALWARE-BACKDOOR minicom lite runtime detection - client-to-server (malware-backdoor.rules) * 1:7649 <-> DISABLED <-> MALWARE-BACKDOOR minicom lite runtime detection - server-to-client (malware-backdoor.rules) * 1:7650 <-> DISABLED <-> MALWARE-BACKDOOR small uploader 1.01 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7651 <-> DISABLED <-> MALWARE-BACKDOOR small uploader 1.01 runtime detection - initial connection (malware-backdoor.rules) * 1:7658 <-> DISABLED <-> MALWARE-BACKDOOR jodeitor 1.1 runtime detection - initial connection (malware-backdoor.rules) * 1:7659 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - sin notification (malware-backdoor.rules) * 1:7660 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request - flowbit set (malware-backdoor.rules) * 1:7661 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (malware-backdoor.rules) * 1:7662 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7663 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection (malware-backdoor.rules) * 1:7664 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - flowbit set (malware-backdoor.rules) * 1:7665 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7667 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (malware-backdoor.rules) * 1:7668 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 - flowbit set (malware-backdoor.rules) * 1:7669 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (malware-backdoor.rules) * 1:7670 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - initial connection (malware-backdoor.rules) * 1:7671 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - chat (malware-backdoor.rules) * 1:7672 <-> DISABLED <-> MALWARE-BACKDOOR remoter runtime detection - initial connection (malware-backdoor.rules) * 1:7673 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection - flowbit set 1 (malware-backdoor.rules) * 1:7674 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection - flowbit set 2 (malware-backdoor.rules) * 1:7675 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection (malware-backdoor.rules) * 1:7676 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7677 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection (malware-backdoor.rules) * 1:7678 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file - flowbit set (malware-backdoor.rules) * 1:7679 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file (malware-backdoor.rules) * 1:7680 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file - flowbit set (malware-backdoor.rules) * 1:7681 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file (malware-backdoor.rules) * 1:7682 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection - flowbit set (malware-backdoor.rules) * 1:7683 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection (malware-backdoor.rules) * 1:7684 <-> DISABLED <-> MALWARE-BACKDOOR hrat 1.0 runtime detection (malware-backdoor.rules) * 1:7685 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info client-to-server (malware-backdoor.rules) * 1:7686 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info server-to-client (malware-backdoor.rules) * 1:7687 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser client-to-server (malware-backdoor.rules) * 1:7688 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser server-to-client (malware-backdoor.rules) * 1:7689 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - initial connection (malware-backdoor.rules) * 1:7690 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager - flowbit set (malware-backdoor.rules) * 1:7691 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager (malware-backdoor.rules) * 1:7692 <-> DISABLED <-> MALWARE-BACKDOOR exception 1.0 runtime detection - notification (malware-backdoor.rules) * 1:7695 <-> DISABLED <-> MALWARE-BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 1 (malware-backdoor.rules) * 1:7696 <-> DISABLED <-> MALWARE-BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 2 (malware-backdoor.rules) * 1:7697 <-> DISABLED <-> MALWARE-BACKDOOR hanky panky 1.1 runtime detection - initial connection (malware-backdoor.rules) * 1:7698 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application - flowbit set (malware-backdoor.rules) * 1:7699 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application (malware-backdoor.rules) * 1:7700 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat - flowbit set (malware-backdoor.rules) * 1:7701 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat (malware-backdoor.rules) * 1:7702 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set (malware-backdoor.rules) * 1:7703 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions (malware-backdoor.rules) * 1:7704 <-> DISABLED <-> MALWARE-CNC roach 1.0 server installation notification - email (malware-cnc.rules) * 1:7705 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7706 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection (malware-backdoor.rules) * 1:7707 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - file transfer setup (malware-backdoor.rules) * 1:7708 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7709 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7710 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7711 <-> DISABLED <-> MALWARE-BACKDOOR Amitis runtime command detection attacker to victim (malware-backdoor.rules) * 1:7712 <-> DISABLED <-> MALWARE-BACKDOOR Amitis runtime detection victim to attacker (malware-backdoor.rules) * 1:7713 <-> DISABLED <-> MALWARE-BACKDOOR Amitis v1.3 runtime detection - email notification (malware-backdoor.rules) * 1:7714 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - flowbit set 1 (malware-backdoor.rules) * 1:7715 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - flowbit set 2 (malware-backdoor.rules) * 1:7716 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection (malware-backdoor.rules) * 1:7717 <-> DISABLED <-> MALWARE-BACKDOOR snake trojan runtime detection (malware-backdoor.rules) * 1:7718 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7719 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection (malware-backdoor.rules) * 1:7720 <-> DISABLED <-> MALWARE-BACKDOOR desktop scout runtime detection (malware-backdoor.rules) * 1:7721 <-> DISABLED <-> MALWARE-BACKDOOR prorat 1.9 initial connection detection (malware-backdoor.rules) * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules) * 1:7723 <-> DISABLED <-> MALWARE-BACKDOOR wollf runtime detection (malware-backdoor.rules) * 1:7724 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7726 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command - flowbit set (malware-backdoor.rules) * 1:7727 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command (malware-backdoor.rules) * 1:7728 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - client-to-server (malware-backdoor.rules) * 1:7729 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - server-to-client (malware-backdoor.rules) * 1:7730 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (malware-backdoor.rules) * 1:7731 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client (malware-backdoor.rules) * 1:7732 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (malware-backdoor.rules) * 1:7733 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - initial connection (malware-backdoor.rules) * 1:7734 <-> DISABLED <-> MALWARE-BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7735 <-> DISABLED <-> MALWARE-BACKDOOR bionet 4.05 runtime detection - initial connection (malware-backdoor.rules) * 1:7738 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - initial connection (malware-backdoor.rules) * 1:7739 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - grab (malware-backdoor.rules) * 1:7740 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - initial connection with pwd set - flowbit set (malware-backdoor.rules) * 1:7741 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - initial connection with pwd set (malware-backdoor.rules) * 1:7742 <-> DISABLED <-> MALWARE-CNC nova 1.0 variant outbound connection cgi notification client-to-server (malware-cnc.rules) * 1:7743 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (malware-backdoor.rules) * 1:7744 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection - flowbit set (malware-backdoor.rules) * 1:7745 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection (malware-backdoor.rules) * 1:7746 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules) * 1:7747 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7748 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message - flowbit set (malware-backdoor.rules) * 1:7749 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message (malware-backdoor.rules) * 1:7750 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 1 (malware-backdoor.rules) * 1:7751 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 2 (malware-backdoor.rules) * 1:7752 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection (malware-backdoor.rules) * 1:7753 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 (malware-backdoor.rules) * 1:7754 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 (malware-backdoor.rules) * 1:7755 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function (malware-backdoor.rules) * 1:7758 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - initial connection and directory browse (malware-backdoor.rules) * 1:7759 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - screen capture (malware-backdoor.rules) * 1:7760 <-> DISABLED <-> MALWARE-BACKDOOR netthief runtime detection (malware-backdoor.rules) * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 variant outbound connection icq notification (malware-cnc.rules) * 1:7763 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (malware-backdoor.rules) * 1:7764 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-to-server (malware-backdoor.rules) * 1:7765 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (malware-backdoor.rules) * 1:7766 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (malware-backdoor.rules) * 1:7767 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (malware-backdoor.rules) * 1:7769 <-> DISABLED <-> MALWARE-BACKDOOR data rape runtime detection - execute program server-to-client (malware-backdoor.rules) * 1:7770 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set (malware-backdoor.rules) * 1:7771 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info (malware-backdoor.rules) * 1:7772 <-> ENABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set (malware-backdoor.rules) * 1:7773 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger (malware-backdoor.rules) * 1:7774 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set (malware-backdoor.rules) * 1:7775 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture (malware-backdoor.rules) * 1:7776 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set (malware-backdoor.rules) * 1:7777 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives (malware-backdoor.rules) * 1:7778 <-> DISABLED <-> MALWARE-BACKDOOR elfrat runtime detection - initial connection (malware-backdoor.rules) * 1:7782 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager - flowbit set (malware-backdoor.rules) * 1:7783 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager (malware-backdoor.rules) * 1:7785 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection - connection with password (malware-backdoor.rules) * 1:7788 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection directory listing - client to server (malware-backdoor.rules) * 1:7789 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection directory listing - server to client (malware-backdoor.rules) * 1:7791 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - victim response (malware-backdoor.rules) * 1:7792 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (malware-backdoor.rules) * 1:7793 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (malware-backdoor.rules) * 1:7794 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set (malware-backdoor.rules) * 1:7795 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:7796 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules) * 1:7797 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules) * 1:7798 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules) * 1:7799 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules) * 1:7800 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules) * 1:7801 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp cts (malware-backdoor.rules) * 1:7802 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp stc (malware-backdoor.rules) * 1:7803 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - send messages (malware-backdoor.rules) * 1:7804 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (malware-backdoor.rules) * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 variant outbound connection ie hijacker (malware-cnc.rules) * 1:7806 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - initial connection (malware-backdoor.rules) * 1:7807 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - execute file (malware-backdoor.rules) * 1:7808 <-> ENABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules) * 1:7809 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules) * 1:7810 <-> DISABLED <-> MALWARE-BACKDOOR nuclear uploader 1.0 runtime detection (malware-backdoor.rules) * 1:7811 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - telnet initial (malware-backdoor.rules) * 1:7812 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - banner (malware-backdoor.rules) * 1:7813 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon initial connection detection - cts (malware-backdoor.rules) * 1:7814 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon initial connection detection - stc (malware-backdoor.rules) * 1:7815 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon reverse connection detection - stc (malware-backdoor.rules) * 1:7816 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon reverse connection detection - cts (malware-backdoor.rules) * 1:7817 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules) * 1:7818 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules) * 1:7821 <-> DISABLED <-> MALWARE-BACKDOOR nightcreature beta 0.01 runtime detection (malware-backdoor.rules) * 1:7822 <-> DISABLED <-> MALWARE-BACKDOOR xbkdr runtime detection (malware-backdoor.rules) * 1:7823 <-> DISABLED <-> PUA-ADWARE Adware whenu runtime detection - datachunksgz (pua-adware.rules) * 1:7824 <-> DISABLED <-> PUA-ADWARE Trickler whenu.clocksync outbound connection (pua-adware.rules) * 1:7825 <-> DISABLED <-> PUA-ADWARE Adware whenu.savenow runtime detection (pua-adware.rules) * 1:7826 <-> DISABLED <-> PUA-ADWARE Trickler whenu.weathercast outbound connection - check (pua-adware.rules) * 1:7827 <-> DISABLED <-> PUA-ADWARE Adware whenu runtime detection - search request 1 (pua-adware.rules) * 1:7828 <-> DISABLED <-> PUA-ADWARE Adware whenu runtime detection - search request 2 (pua-adware.rules) * 1:7829 <-> DISABLED <-> PUA-ADWARE Adware gator user-agent detected (pua-adware.rules) * 1:7830 <-> DISABLED <-> PUA-ADWARE Botnet dacryptic outbound connection (pua-adware.rules) * 1:7831 <-> DISABLED <-> PUA-ADWARE Adware downloadplus runtime detection (pua-adware.rules) * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules) * 1:7833 <-> DISABLED <-> PUA-ADWARE Hijacker navexcel helper outbound connection - search (pua-adware.rules) * 1:7834 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules) * 1:7835 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules) * 1:7836 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report send through email (malware-tools.rules) * 1:7837 <-> DISABLED <-> MALWARE-OTHER Keylogger spyoutside runtime detection - email delivery (malware-other.rules) * 1:7838 <-> DISABLED <-> PUA-ADWARE Adware smiley central runtime detection (pua-adware.rules) * 1:7839 <-> DISABLED <-> PUA-TOOLBARS Hijacker rx toolbar runtime detection (pua-toolbars.rules) * 1:7840 <-> DISABLED <-> PUA-TOOLBARS Hijacker instafinder initial configuration detection (pua-toolbars.rules) * 1:7841 <-> DISABLED <-> PUA-ADWARE Hijacker instafinder error redirect detection (pua-adware.rules) * 1:7842 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool davps runtime detection (malware-tools.rules) * 1:7843 <-> DISABLED <-> PUA-ADWARE Hijacker avenuemedia.dyfuca outbound connection - search engine hijack (pua-adware.rules) * 1:7844 <-> DISABLED <-> PUA-ADWARE Hijacker avenuemedia.dyfuca outbound connection - post data (pua-adware.rules) * 1:7845 <-> ENABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection (malware-other.rules) * 1:7846 <-> ENABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection (malware-other.rules) * 1:7847 <-> DISABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection - send log through email (malware-other.rules) * 1:7848 <-> DISABLED <-> PUA-TOOLBARS Hijacker netguide runtime detection (pua-toolbars.rules) * 1:7849 <-> DISABLED <-> PUA-TOOLBARS Trickler maxsearch runtime detection - toolbar download (pua-toolbars.rules) * 1:7850 <-> DISABLED <-> PUA-ADWARE Trickler maxsearch outbound connection - retrieve command (pua-adware.rules) * 1:7851 <-> DISABLED <-> PUA-ADWARE Trickler maxsearch outbound connection - ack (pua-adware.rules) * 1:7852 <-> DISABLED <-> PUA-ADWARE Trickler maxsearch outbound connection - advertisement (pua-adware.rules) * 1:7853 <-> DISABLED <-> PUA-ADWARE Adware web-nexus runtime detection - ad url 1 (pua-adware.rules) * 1:7854 <-> DISABLED <-> PUA-ADWARE Adware web-nexus runtime detection - config retrieval (pua-adware.rules) * 1:7855 <-> DISABLED <-> PUA-ADWARE Adware web-nexus runtime detection - ad url 2 (pua-adware.rules) * 1:7856 <-> DISABLED <-> MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (malware-other.rules) * 1:7857 <-> DISABLED <-> MALWARE-OTHER Keylogger EliteKeylogger runtime detection (malware-other.rules) * 1:7858 <-> DISABLED <-> PUA-TOOLBARS Google Desktop initial install - firstuse request (pua-toolbars.rules) * 1:7859 <-> DISABLED <-> PUA-TOOLBARS Google Desktop initial install - installer request (pua-toolbars.rules) * 1:7860 <-> DISABLED <-> PUA-TOOLBARS Google Desktop search query (pua-toolbars.rules) * 1:7861 <-> DISABLED <-> APP-DETECT Google Desktop activity (app-detect.rules) * 1:7862 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsAppExpired ActiveX function call access (browser-plugins.rules) * 1:7863 <-> DISABLED <-> BROWSER-PLUGINS Mcafee Security Center McSubMgr.IsOldAppInstalled ActiveX function call access (browser-plugins.rules) * 1:7864 <-> DISABLED <-> BROWSER-PLUGINS McSubMgr ActiveX CLSID access (browser-plugins.rules) * 1:7866 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Connection ActiveX clsid access (browser-plugins.rules) * 1:7868 <-> DISABLED <-> BROWSER-PLUGINS ADODB.Recordset ActiveX clsid access (browser-plugins.rules) * 1:7870 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 9.0 ActiveX clsid access (browser-plugins.rules) * 1:7872 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7874 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office PivotTable 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7876 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7878 <-> DISABLED <-> BROWSER-PLUGINS AxMetaStream.MetaStreamCtl ActiveX clsid access (browser-plugins.rules) * 1:7880 <-> DISABLED <-> BROWSER-PLUGINS AxMetaStream.MetaStreamCtlSecondary ActiveX clsid access (browser-plugins.rules) * 1:7882 <-> DISABLED <-> BROWSER-PLUGINS AccSync.AccSubNotHandler ActiveX clsid access (browser-plugins.rules) * 1:7884 <-> DISABLED <-> BROWSER-PLUGINS AolCalSvr.ACCalendarListCtrl ActiveX clsid access (browser-plugins.rules) * 1:7886 <-> DISABLED <-> BROWSER-PLUGINS AolCalSvr.ACDictionary ActiveX clsid access (browser-plugins.rules) * 1:7888 <-> DISABLED <-> BROWSER-PLUGINS AOLFlash.AOLFlash ActiveX clsid access (browser-plugins.rules) * 1:7890 <-> DISABLED <-> BROWSER-PLUGINS AOL.MemExpWz ActiveX clsid access (browser-plugins.rules) * 1:7892 <-> DISABLED <-> BROWSER-PLUGINS AOL Phobos Class ActiveX clsid access (browser-plugins.rules) * 1:7894 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicDownloadCtrl ActiveX clsid access (browser-plugins.rules) * 1:7896 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicEditCtrl ActiveX clsid access (browser-plugins.rules) * 1:7898 <-> DISABLED <-> BROWSER-PLUGINS AOL.PicSsvrCtrl ActiveX clsid access (browser-plugins.rules) * 1:7900 <-> DISABLED <-> BROWSER-PLUGINS AOL.UPFCtrl ActiveX clsid access (browser-plugins.rules) * 1:7902 <-> DISABLED <-> BROWSER-PLUGINS CDDBControlAOL.CDDBAOLControl ActiveX clsid access (browser-plugins.rules) * 1:7904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CDL Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7906 <-> DISABLED <-> BROWSER-PLUGINS CDO.KnowledgeSearchFolder ActiveX clsid access (browser-plugins.rules) * 1:7908 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.Chroma ActiveX clsid access (browser-plugins.rules) * 1:7910 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.DropShadow ActiveX clsid access (browser-plugins.rules) * 1:7912 <-> DISABLED <-> BROWSER-PLUGINS DX3DTransform.Microsoft.Shapes ActiveX clsid access (browser-plugins.rules) * 1:7914 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access (browser-plugins.rules) * 1:7916 <-> DISABLED <-> BROWSER-PLUGINS CLSID_IMimeInternational ActiveX clsid access (browser-plugins.rules) * 1:7918 <-> DISABLED <-> BROWSER-PLUGINS CoAxTrackVideo Class ActiveX clsid access (browser-plugins.rules) * 1:7920 <-> DISABLED <-> BROWSER-PLUGINS DsPropertyPages.OU ActiveX clsid access (browser-plugins.rules) * 1:7922 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.RevealTrans ActiveX clsid access (browser-plugins.rules) * 1:7924 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.Shadow ActiveX clsid access (browser-plugins.rules) * 1:7926 <-> DISABLED <-> BROWSER-PLUGINS DXTFilter ActiveX clsid access (browser-plugins.rules) * 1:7928 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer file or local Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7930 <-> DISABLED <-> BROWSER-PLUGINS FolderItem2 ActiveX clsid access (browser-plugins.rules) * 1:7932 <-> DISABLED <-> BROWSER-PLUGINS FolderItems3 ActiveX clsid access (browser-plugins.rules) * 1:7934 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ftp Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7936 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.Glow ActiveX clsid access (browser-plugins.rules) * 1:7938 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer gopher Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7940 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.Gradient ActiveX clsid access (browser-plugins.rules) * 1:7942 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer http Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7944 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer https Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7946 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.MaskFilter ActiveX clsid access (browser-plugins.rules) * 1:7948 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Browser Architecture ActiveX clsid access (browser-plugins.rules) * 1:7950 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectAnimation Control ActiveX clsid access (browser-plugins.rules) * 1:7952 <-> DISABLED <-> BROWSER-PLUGINS Microsoft DirectAnimation Windowed Control ActiveX clsid access (browser-plugins.rules) * 1:7954 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Forms 2.0 ComboBox ActiveX clsid access (browser-plugins.rules) * 1:7956 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Forms 2.0 ListBox ActiveX clsid access (browser-plugins.rules) * 1:7958 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer mk Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7970 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer PostBootReminder object ActiveX clsid access (browser-plugins.rules) * 1:7974 <-> DISABLED <-> BROWSER-PLUGINS Rendezvous Class ActiveX clsid access (browser-plugins.rules) * 1:7976 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ShellFolder for CD Burning ActiveX clsid access (browser-plugins.rules) * 1:7978 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash ActiveX clsid access (browser-plugins.rules) * 1:7980 <-> DISABLED <-> BROWSER-PLUGINS ShockwaveFlash.ShockwaveFlash.9 ActiveX function call access (browser-plugins.rules) * 1:7981 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX clsid access attempt (browser-plugins.rules) * 1:7983 <-> DISABLED <-> BROWSER-PLUGINS SuperBuddy Class ActiveX clsid access (browser-plugins.rules) * 1:7985 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX clsid access (browser-plugins.rules) * 1:7987 <-> DISABLED <-> BROWSER-PLUGINS WebViewFolderIcon.WebViewFolderIcon.2 ActiveX clsid access (browser-plugins.rules) * 1:7989 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WIA FileSystem USD ActiveX clsid access (browser-plugins.rules) * 1:7991 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ACM Class Manager ActiveX clsid access (browser-plugins.rules) * 1:7993 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer clbcatex.dll ActiveX clsid access (browser-plugins.rules) * 1:7995 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer clbcatq.dll ActiveX clsid access (browser-plugins.rules) * 1:7997 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_ApprenticeICW ActiveX clsid access (browser-plugins.rules) * 1:7999 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CLSID_CDIDeviceActionConfigPage ActiveX clsid access (browser-plugins.rules) * 1:8001 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CommunicationManager ActiveX clsid access (browser-plugins.rules) * 1:8003 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Content.mbcontent.1 ActiveX clsid access (browser-plugins.rules) * 1:8005 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DiskManagement.Connection ActiveX clsid access (browser-plugins.rules) * 1:8007 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dutch_Dutch Stemmer ActiveX clsid access (browser-plugins.rules) * 1:8009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer English_UK Stemmer ActiveX clsid access (browser-plugins.rules) * 1:8011 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer English_US Stemmer ActiveX clsid access (browser-plugins.rules) * 1:8013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer French_French Stemmer ActiveX clsid access (browser-plugins.rules) * 1:8015 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer German_German Stemmer ActiveX clsid access (browser-plugins.rules) * 1:8017 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ICM Class Manager ActiveX clsid access (browser-plugins.rules) * 1:8019 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Address Bar ActiveX clsid access (browser-plugins.rules) * 1:8021 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISSimpleCommandCreator.1 ActiveX clsid access (browser-plugins.rules) * 1:8023 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Italian_Italian Stemmer ActiveX clsid access (browser-plugins.rules) * 1:8025 <-> DISABLED <-> BROWSER-PLUGINS Microsoft HTML Window Security Proxy ActiveX clsid access (browser-plugins.rules) * 1:8027 <-> DISABLED <-> BROWSER-PLUGINS Microsoft WBEM Event Subsystem ActiveX clsid access (browser-plugins.rules) * 1:8029 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MidiOut Class Manager ActiveX clsid access (browser-plugins.rules) * 1:803 <-> DISABLED <-> SERVER-WEBAPP HyperSeek hsx.cgi directory traversal attempt (server-webapp.rules) * 1:8031 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Mslablti.MarshalableTI.1 ActiveX clsid access (browser-plugins.rules) * 1:8033 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer QC.MessageMover.1 ActiveX clsid access (browser-plugins.rules) * 1:8035 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Spanish_Modern Stemmer ActiveX clsid access (browser-plugins.rules) * 1:8037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Swedish_Default Stemmer ActiveX clsid access (browser-plugins.rules) * 1:8039 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer syncui.dll ActiveX clsid access (browser-plugins.rules) * 1:804 <-> DISABLED <-> SERVER-WEBAPP SWSoft ASPSeek Overflow attempt (server-webapp.rules) * 1:8041 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer VFW Capture Class Manager ActiveX clsid access (browser-plugins.rules) * 1:8043 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Effect Class Manager 1 Input ActiveX clsid access (browser-plugins.rules) * 1:8045 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Video Effect Class Manager 2 Input ActiveX clsid access (browser-plugins.rules) * 1:8047 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WaveIn Class Manager ActiveX clsid access (browser-plugins.rules) * 1:8049 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WaveOut and DSound Class Manager ActiveX clsid access (browser-plugins.rules) * 1:805 <-> DISABLED <-> SERVER-WEBAPP Progress webspeed access (server-webapp.rules) * 1:8051 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WDM Instance Provider ActiveX clsid access (browser-plugins.rules) * 1:8053 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX clsid access (browser-plugins.rules) * 1:8055 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX function call access (browser-plugins.rules) * 1:8056 <-> DISABLED <-> SERVER-OTHER ISC DHCP server 2 client_id length denial of service attempt (server-other.rules) * 1:8057 <-> DISABLED <-> SERVER-MYSQL Date_Format denial of service attempt (server-mysql.rules) * 1:8058 <-> DISABLED <-> BROWSER-FIREFOX Mozilla javascript navigator object access (browser-firefox.rules) * 1:8059 <-> DISABLED <-> SERVER-ORACLE SYS.KUPW-WORKER sql injection attempt (server-oracle.rules) * 1:806 <-> DISABLED <-> SERVER-WEBAPP yabb directory traversal attempt (server-webapp.rules) * 1:8060 <-> DISABLED <-> SERVER-OTHER UltraVNC VNCLog buffer overflow (server-other.rules) * 1:8063 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ADODB.Stream ActiveX function call access (browser-plugins.rules) * 1:8064 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet.Typelib ActiveX clsid access (browser-plugins.rules) * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules) * 1:8068 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access (browser-plugins.rules) * 1:8069 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Virtual Machine ActiveX clsid access (browser-plugins.rules) * 1:807 <-> DISABLED <-> SERVER-WEBAPP /wwwboard/passwd.txt access (server-webapp.rules) * 1:8071 <-> DISABLED <-> PUA-ADWARE Hijacker findthewebsiteyouneed outbound connection - search hijack (pua-adware.rules) * 1:8072 <-> DISABLED <-> PUA-ADWARE Hijacker findthewebsiteyouneed outbound connection - surf monitor (pua-adware.rules) * 1:8073 <-> DISABLED <-> PUA-TOOLBARS Adware zango toolbar runtime detection (pua-toolbars.rules) * 1:8074 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - init connection (malware-backdoor.rules) * 1:8075 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules) * 1:8076 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules) * 1:8077 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules) * 1:8078 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules) * 1:8079 <-> DISABLED <-> MALWARE-BACKDOOR x2a runtime detection - init connection (malware-backdoor.rules) * 1:808 <-> DISABLED <-> SERVER-WEBAPP webdriver access (server-webapp.rules) * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a variant outbound connection client update (malware-cnc.rules) * 1:8081 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules) * 1:8082 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:8083 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP Location overflow (os-windows.rules) * 1:8084 <-> DISABLED <-> SERVER-WEBAPP CVSTrac filediff function access (server-webapp.rules) * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:809 <-> DISABLED <-> SERVER-WEBAPP whois_raw.cgi arbitrary command execution attempt (server-webapp.rules) * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8091 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer error message format string vulnerability attempt (file-multimedia.rules) * 1:810 <-> DISABLED <-> SERVER-WEBAPP whois_raw.cgi access (server-webapp.rules) * 1:811 <-> DISABLED <-> SERVER-WEBAPP websitepro path access (server-webapp.rules) * 1:812 <-> DISABLED <-> SERVER-WEBAPP webplus version access (server-webapp.rules) * 1:813 <-> DISABLED <-> SERVER-WEBAPP webplus directory traversal (server-webapp.rules) * 1:815 <-> DISABLED <-> SERVER-WEBAPP websendmail access (server-webapp.rules) * 1:8157 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP webdav DavrCreateConnection hostname overflow attempt (os-windows.rules) * 1:817 <-> DISABLED <-> SERVER-WEBAPP dcboard.cgi invalid user addition attempt (server-webapp.rules) * 1:818 <-> DISABLED <-> SERVER-WEBAPP dcforum.cgi access (server-webapp.rules) * 1:819 <-> DISABLED <-> SERVER-WEBAPP mmstdod.cgi access (server-webapp.rules) * 1:820 <-> DISABLED <-> SERVER-WEBAPP anaconda directory traversal attempt (server-webapp.rules) * 1:821 <-> DISABLED <-> SERVER-WEBAPP imagemap.exe overflow attempt (server-webapp.rules) * 1:823 <-> DISABLED <-> SERVER-WEBAPP cvsweb.cgi access (server-webapp.rules) * 1:824 <-> DISABLED <-> SERVER-WEBAPP php.cgi access (server-webapp.rules) * 1:825 <-> DISABLED <-> SERVER-WEBAPP glimpse access (server-webapp.rules) * 1:8253 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP webdav DavrCreateConnection username overflow attempt (os-windows.rules) * 1:826 <-> DISABLED <-> SERVER-WEBAPP htmlscript access (server-webapp.rules) * 1:827 <-> DISABLED <-> SERVER-WEBAPP info2www access (server-webapp.rules) * 1:828 <-> DISABLED <-> SERVER-WEBAPP maillist.pl access (server-webapp.rules) * 1:829 <-> DISABLED <-> SERVER-WEBAPP nph-test-cgi access (server-webapp.rules) * 1:832 <-> DISABLED <-> SERVER-WEBAPP perl.exe access (server-webapp.rules) * 1:833 <-> DISABLED <-> SERVER-WEBAPP rguest.exe access (server-webapp.rules) * 1:834 <-> DISABLED <-> SERVER-WEBAPP rwwwshell.pl access (server-webapp.rules) * 1:8349 <-> DISABLED <-> SERVER-IIS Indexing Service ciRestriction cross-site scripting attempt (server-iis.rules) * 1:835 <-> DISABLED <-> SERVER-WEBAPP test-cgi access (server-webapp.rules) * 1:8352 <-> DISABLED <-> PUA-ADWARE Adware desktopmedia runtime detection - ads popup (pua-adware.rules) * 1:8353 <-> DISABLED <-> PUA-ADWARE Adware desktopmedia runtime detection - auto update (pua-adware.rules) * 1:8354 <-> DISABLED <-> PUA-ADWARE Adware desktopmedia runtime detection - surf monitoring (pua-adware.rules) * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules) * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules) * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules) * 1:8358 <-> DISABLED <-> PUA-ADWARE Hijacker yok supersearch outbound connection - addressbar keyword search hijack (pua-adware.rules) * 1:8359 <-> DISABLED <-> PUA-ADWARE Hijacker yok supersearch outbound connection - target website display (pua-adware.rules) * 1:836 <-> DISABLED <-> SERVER-WEBAPP textcounter.pl access (server-webapp.rules) * 1:8360 <-> DISABLED <-> PUA-ADWARE Hijacker yok supersearch outbound connection - search info collect (pua-adware.rules) * 1:8361 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - inverse init connection (malware-backdoor.rules) * 1:8362 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - normal init connection (malware-backdoor.rules) * 1:8363 <-> DISABLED <-> BROWSER-PLUGINS Business Object Factory ActiveX clsid access (browser-plugins.rules) * 1:8365 <-> DISABLED <-> BROWSER-PLUGINS DExplore.AppObj.8.0 ActiveX clsid access (browser-plugins.rules) * 1:8367 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.DbgClr.DTE.8.0 ActiveX clsid access (browser-plugins.rules) * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access attempt (browser-plugins.rules) * 1:837 <-> DISABLED <-> SERVER-WEBAPP uploader.exe access (server-webapp.rules) * 1:8371 <-> DISABLED <-> BROWSER-PLUGINS Outlook.Application ActiveX clsid access (browser-plugins.rules) * 1:8373 <-> DISABLED <-> BROWSER-PLUGINS VsmIDE.DTE ActiveX clsid access (browser-plugins.rules) * 1:8375 <-> DISABLED <-> BROWSER-PLUGINS QuickTime Object ActiveX clsid access (browser-plugins.rules) * 1:8377 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8379 <-> DISABLED <-> BROWSER-PLUGINS Xml2Dex ActiveX clsid access (browser-plugins.rules) * 1:838 <-> DISABLED <-> SERVER-WEBAPP webgais access (server-webapp.rules) * 1:8381 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer SMIL Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8383 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RAM Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8385 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Playback Handler ActiveX clsid access (browser-plugins.rules) * 1:8387 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RNX Download Handler ActiveX clsid access (browser-plugins.rules) * 1:8389 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMP Download Handler ActiveX clsid access (browser-plugins.rules) * 1:839 <-> DISABLED <-> SERVER-WEBAPP finger access (server-webapp.rules) * 1:8391 <-> DISABLED <-> BROWSER-PLUGINS RFXInstMgr Class ActiveX clsid access (browser-plugins.rules) * 1:8393 <-> DISABLED <-> BROWSER-PLUGINS WebDetectFrm ActiveX clsid access (browser-plugins.rules) * 1:8395 <-> DISABLED <-> BROWSER-PLUGINS DX3DTransform.Microsoft.CrShatter ActiveX clsid access (browser-plugins.rules) * 1:8397 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office List 11.0 ActiveX clsid access (browser-plugins.rules) * 1:8399 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.WebCapture ActiveX clsid access (browser-plugins.rules) * 1:840 <-> DISABLED <-> SERVER-WEBAPP perlshop.cgi access (server-webapp.rules) * 1:8401 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Services DRM Storage ActiveX clsid access (browser-plugins.rules) * 1:8403 <-> DISABLED <-> BROWSER-PLUGINS XML Schema Cache 6.0 ActiveX clsid access (browser-plugins.rules) * 1:8405 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ActiveX clsid access (browser-plugins.rules) * 1:8407 <-> DISABLED <-> BROWSER-PLUGINS VisualExec Control ActiveX clsid access (browser-plugins.rules) * 1:8409 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Stream Handler ActiveX clsid access (browser-plugins.rules) * 1:8411 <-> DISABLED <-> BROWSER-PLUGINS DocFind Command ActiveX clsid access (browser-plugins.rules) * 1:8413 <-> DISABLED <-> FILE-OTHER HCP URI uplddrvinfo access (file-other.rules) * 1:8414 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:8415 <-> DISABLED <-> PROTOCOL-FTP SIZE overflow attempt (protocol-ftp.rules) * 1:8416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:8417 <-> DISABLED <-> BROWSER-PLUGINS TriEditDocument.TriEditDocument ActiveX function call access (browser-plugins.rules) * 1:8418 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.RevealTrans ActiveX function call access (browser-plugins.rules) * 1:8419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call (browser-plugins.rules) * 1:842 <-> DISABLED <-> SERVER-WEBAPP aglimpse access (server-webapp.rules) * 1:8420 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.Gradient ActiveX function call access (browser-plugins.rules) * 1:8421 <-> DISABLED <-> BROWSER-PLUGINS OWC11.DataSourceControl.11 ActiveX function call access (browser-plugins.rules) * 1:8422 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Outlook View OVCtl ActiveX clsid access (browser-plugins.rules) * 1:8423 <-> DISABLED <-> BROWSER-PLUGINS CEnroll.CEnroll.2 ActiveX function call access (browser-plugins.rules) * 1:8424 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Forms 2.0 ListBox ActiveX function call access (browser-plugins.rules) * 1:8425 <-> DISABLED <-> BROWSER-PLUGINS DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access (browser-plugins.rules) * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules) * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules) * 1:843 <-> DISABLED <-> SERVER-WEBAPP anform2 access (server-webapp.rules) * 1:844 <-> DISABLED <-> SERVER-WEBAPP args.bat access (server-webapp.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:8443 <-> DISABLED <-> BROWSER-FIREFOX Mozilla regular expression heap corruption attempt (browser-firefox.rules) * 1:8444 <-> DISABLED <-> SERVER-WEBAPP Trend Micro atxconsole format string server response attempt (server-webapp.rules) * 1:8445 <-> ENABLED <-> FILE-OFFICE Microsoft Windows RTF file with embedded object package download attempt (file-office.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:8448 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel colinfo XF record overflow attempt (file-office.rules) * 1:8449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules) * 1:845 <-> DISABLED <-> SERVER-WEBAPP AT-admin.cgi access (server-webapp.rules) * 1:8450 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules) * 1:8451 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8452 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8453 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type andx attempt (os-windows.rules) * 1:8454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type attempt (os-windows.rules) * 1:8455 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8456 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules) * 1:8458 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules) * 1:8459 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:846 <-> DISABLED <-> SERVER-WEBAPP bnbform.cgi access (server-webapp.rules) * 1:8460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8461 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - send userinfo (malware-other.rules) * 1:8462 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace info downloaded (malware-other.rules) * 1:8463 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace login info (malware-other.rules) * 1:8464 <-> DISABLED <-> PUA-ADWARE Adware henbang runtime detection (pua-adware.rules) * 1:8465 <-> ENABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - email notification (malware-other.rules) * 1:8466 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - email notification (malware-other.rules) * 1:8467 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - remote login response (malware-other.rules) * 1:8468 <-> DISABLED <-> PUA-ADWARE Hijacker accoona outbound connection - collect info (pua-adware.rules) * 1:8469 <-> DISABLED <-> PUA-ADWARE Hijacker accoona outbound connection - open sidebar search url (pua-adware.rules) * 1:847 <-> DISABLED <-> SERVER-WEBAPP campas access (server-webapp.rules) * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules) * 1:8479 <-> DISABLED <-> PROTOCOL-FTP HELP overflow attempt (protocol-ftp.rules) * 1:848 <-> DISABLED <-> SERVER-WEBAPP view-source directory traversal (server-webapp.rules) * 1:8480 <-> DISABLED <-> PROTOCOL-FTP PORT overflow attempt (protocol-ftp.rules) * 1:8481 <-> DISABLED <-> PROTOCOL-FTP Microsoft NLST * dos attempt (protocol-ftp.rules) * 1:8482 <-> DISABLED <-> POLICY-SOCIAL Xfire session initiated (policy-social.rules) * 1:8483 <-> DISABLED <-> POLICY-SOCIAL Xfire login attempted (policy-social.rules) * 1:8484 <-> DISABLED <-> POLICY-SOCIAL Xfire login successful (policy-social.rules) * 1:8485 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALADMINSECURITY access (server-other.rules) * 1:8486 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFNEWINTERNALREGISTRY access (server-other.rules) * 1:8487 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_SET access (server-other.rules) * 1:8488 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_GET access (server-other.rules) * 1:8489 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFADMIN_REGISTRY_DELETE access (server-other.rules) * 1:849 <-> DISABLED <-> SERVER-WEBAPP view-source access (server-webapp.rules) * 1:8490 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion viewexample.cfm access (server-other.rules) * 1:8491 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion eval.cfm access (server-other.rules) * 1:8492 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion openfile.cfm access (server-other.rules) * 1:8493 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion sourcewindow.cfm access (server-other.rules) * 1:8494 <-> DISABLED <-> SQL formatmessage possible buffer overflow (sql.rules) * 1:8495 <-> DISABLED <-> SQL formatmessage possible buffer overflow (sql.rules) * 1:8496 <-> DISABLED <-> SERVER-MSSQL sp_oacreate unicode vulnerable function attempt (server-mssql.rules) * 1:8497 <-> DISABLED <-> SERVER-MSSQL sp_oacreate vulnerable function attempt (server-mssql.rules) * 1:8498 <-> DISABLED <-> SERVER-MSSQL sp_oacreate unicode vulnerable function attempt (server-mssql.rules) * 1:8499 <-> DISABLED <-> SERVER-MSSQL xp_displayparamstmt unicode vulnerable function attempt (server-mssql.rules) * 1:850 <-> DISABLED <-> SERVER-WEBAPP wais.pl access (server-webapp.rules) * 1:8500 <-> DISABLED <-> SERVER-MSSQL xp_displayparamstmt unicode vulnerable function attempt (server-mssql.rules) * 1:8501 <-> DISABLED <-> SERVER-MSSQL xp_displayparamstmt vulnerable function attempt (server-mssql.rules) * 1:8502 <-> DISABLED <-> SERVER-MSSQL xp_enumresultset unicode vulnerable function attempt (server-mssql.rules) * 1:8503 <-> DISABLED <-> SERVER-MSSQL xp_enumresultset unicode vulnerable function attempt (server-mssql.rules) * 1:8504 <-> DISABLED <-> SERVER-MSSQL xp_enumresultset vulnerable function attempt (server-mssql.rules) * 1:8505 <-> DISABLED <-> SERVER-MSSQL xp_oadestroy unicode vulnerable function attempt (server-mssql.rules) * 1:8506 <-> DISABLED <-> SERVER-MSSQL xp_oadestroy unicode vulnerable function attempt (server-mssql.rules) * 1:8507 <-> DISABLED <-> SERVER-MSSQL xp_oadestroy vulnerable function attempt (server-mssql.rules) * 1:8508 <-> DISABLED <-> SERVER-MSSQL xp_oagetproperty unicode vulnerable function attempt (server-mssql.rules) * 1:8509 <-> DISABLED <-> SERVER-MSSQL xp_oagetproperty unicode vulnerable function attempt (server-mssql.rules) * 1:851 <-> DISABLED <-> SERVER-WEBAPP files.pl access (server-webapp.rules) * 1:8510 <-> DISABLED <-> SERVER-MSSQL xp_oagetproperty vulnerable function attempt (server-mssql.rules) * 1:8511 <-> DISABLED <-> SERVER-MSSQL xp_oamethod unicode vulnerable function attempt (server-mssql.rules) * 1:8512 <-> DISABLED <-> SERVER-MSSQL xp_oamethod vulnerable function attempt (server-mssql.rules) * 1:8513 <-> DISABLED <-> SERVER-MSSQL xp_oamethod unicode vulnerable function attempt (server-mssql.rules) * 1:8514 <-> DISABLED <-> SERVER-MSSQL xp_oasetproperty unicode vulnerable function attempt (server-mssql.rules) * 1:8515 <-> DISABLED <-> SERVER-MSSQL xp_oasetproperty unicode vulnerable function attempt (server-mssql.rules) * 1:8516 <-> DISABLED <-> SERVER-MSSQL xp_oasetproperty vulnerable function attempt (server-mssql.rules) * 1:8517 <-> DISABLED <-> SERVER-MSSQL xp_peekqueue unicode vulnerable function attempt (server-mssql.rules) * 1:8518 <-> DISABLED <-> SERVER-MSSQL xp_peekqueue unicode vulnerable function attempt (server-mssql.rules) * 1:8519 <-> DISABLED <-> SERVER-MSSQL xp_peekqueue vulnerable function attempt (server-mssql.rules) * 1:852 <-> DISABLED <-> SERVER-WEBAPP wguest.exe access (server-webapp.rules) * 1:8520 <-> DISABLED <-> SERVER-MSSQL xp_printstatements unicode vulnerable function attempt (server-mssql.rules) * 1:8521 <-> DISABLED <-> SERVER-MSSQL xp_printstatements unicode vulnerable function attempt (server-mssql.rules) * 1:8522 <-> DISABLED <-> SERVER-MSSQL xp_printstatements vulnerable function attempt (server-mssql.rules) * 1:8523 <-> DISABLED <-> SERVER-MSSQL xp_proxiedmetadata unicode vulnerable function attempt (server-mssql.rules) * 1:8524 <-> DISABLED <-> SERVER-MSSQL xp_proxiedmetadata unicode vulnerable function attempt (server-mssql.rules) * 1:8525 <-> DISABLED <-> SERVER-MSSQL xp_proxiedmetadata vulnerable function attempt (server-mssql.rules) * 1:8526 <-> DISABLED <-> SERVER-MSSQL xp_SetSQLSecurity unicode vulnerable function attempt (server-mssql.rules) * 1:8527 <-> DISABLED <-> SERVER-MSSQL xp_SetSQLSecurity unicode vulnerable function attempt (server-mssql.rules) * 1:8528 <-> DISABLED <-> SERVER-MSSQL xp_SetSQLSecurity vulnerable function attempt (server-mssql.rules) * 1:8529 <-> DISABLED <-> SERVER-MSSQL xp_showcolv unicode vulnerable function attempt (server-mssql.rules) * 1:853 <-> DISABLED <-> SERVER-WEBAPP wrap access (server-webapp.rules) * 1:8530 <-> DISABLED <-> SERVER-MSSQL xp_showcolv unicode vulnerable function attempt (server-mssql.rules) * 1:8531 <-> DISABLED <-> SERVER-MSSQL xp_showcolv vulnerable function attempt (server-mssql.rules) * 1:8532 <-> DISABLED <-> SERVER-MSSQL xp_sqlagent_monitor unicode vulnerable function attempt (server-mssql.rules) * 1:8533 <-> DISABLED <-> SERVER-MSSQL xp_sqlagent_monitor vulnerable function attempt (server-mssql.rules) * 1:8534 <-> DISABLED <-> SERVER-MSSQL xp_sqlagent_monitor unicode vulnerable function attempt (server-mssql.rules) * 1:8535 <-> DISABLED <-> SERVER-MSSQL xp_sqlinventory unicode vulnerable function attempt (server-mssql.rules) * 1:8536 <-> DISABLED <-> SERVER-MSSQL xp_sqlinventory vulnerable function attempt (server-mssql.rules) * 1:8537 <-> DISABLED <-> SERVER-MSSQL xp_sqlinventory unicode vulnerable function attempt (server-mssql.rules) * 1:8538 <-> DISABLED <-> SERVER-MSSQL xp_updatecolvbm unicode vulnerable function attempt (server-mssql.rules) * 1:8539 <-> DISABLED <-> SERVER-MSSQL xp_updatecolvbm unicode vulnerable function attempt (server-mssql.rules) * 1:854 <-> DISABLED <-> SERVER-WEBAPP classifieds.cgi access (server-webapp.rules) * 1:8540 <-> DISABLED <-> SERVER-MSSQL xp_updatecolvbm vulnerable function attempt (server-mssql.rules) * 1:8541 <-> DISABLED <-> SERVER-ORACLE sdo_cs.transform_layer buffer overflow attempt (server-oracle.rules) * 1:8542 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - collect info (malware-other.rules) * 1:8543 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - display popup ads (malware-other.rules) * 1:8544 <-> DISABLED <-> MALWARE-OTHER Keylogger nicespy runtime detection - smtp (malware-other.rules) * 1:8545 <-> DISABLED <-> PUA-ADWARE Adware roogoo runtime detection - surfing monitor (pua-adware.rules) * 1:8546 <-> DISABLED <-> PUA-ADWARE Adware roogoo runtime detection - show ads (pua-adware.rules) * 1:8547 <-> DISABLED <-> MALWARE-BACKDOOR zzmm 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:8548 <-> DISABLED <-> MALWARE-BACKDOOR zzmm 2.0 runtime detection - init connection (malware-backdoor.rules) * 1:8549 <-> DISABLED <-> MALWARE-BACKDOOR zxshell runtime detection - setting information retrieve (malware-backdoor.rules) * 1:8550 <-> DISABLED <-> SERVER-ORACLE dbms_mview.register_mview buffer overflow attempt (server-oracle.rules) * 1:8551 <-> DISABLED <-> SERVER-ORACLE dbms_mview.unregister_mview buffer overflow attempt (server-oracle.rules) * 1:856 <-> DISABLED <-> SERVER-WEBAPP environ.cgi access (server-webapp.rules) * 1:857 <-> DISABLED <-> SERVER-WEBAPP faxsurvey access (server-webapp.rules) * 1:858 <-> DISABLED <-> SERVER-WEBAPP filemail access (server-webapp.rules) * 1:859 <-> DISABLED <-> SERVER-WEBAPP man.sh access (server-webapp.rules) * 1:860 <-> DISABLED <-> SERVER-WEBAPP snork.bat access (server-webapp.rules) * 1:861 <-> DISABLED <-> SERVER-WEBAPP w3-msql access (server-webapp.rules) * 1:862 <-> DISABLED <-> SERVER-WEBAPP csh access (server-webapp.rules) * 1:863 <-> DISABLED <-> SERVER-WEBAPP day5datacopier.cgi access (server-webapp.rules) * 1:864 <-> DISABLED <-> SERVER-WEBAPP day5datanotifier.cgi access (server-webapp.rules) * 1:865 <-> DISABLED <-> SERVER-WEBAPP ksh access (server-webapp.rules) * 1:866 <-> DISABLED <-> SERVER-WEBAPP post-query access (server-webapp.rules) * 1:867 <-> DISABLED <-> SERVER-WEBAPP visadmin.exe access (server-webapp.rules) * 1:868 <-> DISABLED <-> SERVER-WEBAPP rsh access (server-webapp.rules) * 1:869 <-> DISABLED <-> SERVER-WEBAPP dumpenv.pl access (server-webapp.rules) * 1:870 <-> DISABLED <-> SERVER-WEBAPP snorkerz.cmd access (server-webapp.rules) * 1:8700 <-> DISABLED <-> SERVER-IIS ASP.NET 2.0 cross-site scripting attempt (server-iis.rules) * 1:8701 <-> DISABLED <-> SERVER-WEBAPP IceCast header buffer overflow attempt (server-webapp.rules) * 1:8702 <-> DISABLED <-> SERVER-OTHER IceCast header buffer overflow attempt (server-other.rules) * 1:8703 <-> DISABLED <-> SERVER-OTHER IceCast header buffer overflow attempt (server-other.rules) * 1:8704 <-> DISABLED <-> SERVER-MAIL Yahoo YPOPS Banner (server-mail.rules) * 1:8705 <-> DISABLED <-> SERVER-MAIL Yahoo YPOPS buffer overflow attempt (server-mail.rules) * 1:8706 <-> DISABLED <-> SERVER-MAIL YPOPS buffer overflow attempt (server-mail.rules) * 1:8707 <-> DISABLED <-> PROTOCOL-FTP WZD-FTPD SITE arbitrary command execution attempt (protocol-ftp.rules) * 1:8708 <-> DISABLED <-> SERVER-WEBAPP Wordpress cache_lastpostdate code injection attempt (server-webapp.rules) * 1:8709 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NAT helper components tcp denial of service attempt (os-windows.rules) * 1:871 <-> DISABLED <-> SERVER-WEBAPP survey.cgi access (server-webapp.rules) * 1:8710 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NAT helper components udp denial of service attempt (os-windows.rules) * 1:8711 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP redirection buffer overflow attempt (server-webapp.rules) * 1:8712 <-> DISABLED <-> SERVER-WEBAPP cacti graph_image arbitrary command execution attempt (server-webapp.rules) * 1:8713 <-> DISABLED <-> SERVER-WEBAPP cacti graph_image SQL injection attempt (server-webapp.rules) * 1:8714 <-> DISABLED <-> SERVER-WEBAPP cacti graph_image SQL injection attempt (server-webapp.rules) * 1:8715 <-> DISABLED <-> SERVER-WEBAPP cacti graph_image SQL injection attempt (server-webapp.rules) * 1:8716 <-> DISABLED <-> SERVER-WEBAPP cacti graph_image SQL injection attempt (server-webapp.rules) * 1:8717 <-> DISABLED <-> BROWSER-PLUGINS VsaIDE.DTE ActiveX clsid access (browser-plugins.rules) * 1:8719 <-> DISABLED <-> BROWSER-PLUGINS VisualStudio.DTE.8.0 ActiveX clsid access (browser-plugins.rules) * 1:872 <-> DISABLED <-> SERVER-WEBAPP tcsh access (server-webapp.rules) * 1:8721 <-> DISABLED <-> BROWSER-PLUGINS Outlook Data Object ActiveX clsid access (browser-plugins.rules) * 1:8723 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 11.0 ActiveX clsid access (browser-plugins.rules) * 1:8725 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows System Monitor ActiveX clsid access (browser-plugins.rules) * 1:8727 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access (browser-plugins.rules) * 1:8729 <-> DISABLED <-> SERVER-OTHER Shixxnote font buffer overflow attempt (server-other.rules) * 1:8730 <-> DISABLED <-> PROTOCOL-ICMP record route rr denial of service attempt (protocol-icmp.rules) * 1:8734 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher className directory traversal attempt (server-webapp.rules) * 1:8735 <-> DISABLED <-> BROWSER-PLUGINS BOWebAgent.Webagent.1 ActiveX clsid access (browser-plugins.rules) * 1:8737 <-> DISABLED <-> BROWSER-PLUGINS BOWebAgent.Webagent.1 ActiveX function call access (browser-plugins.rules) * 1:8738 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX clsid access (browser-plugins.rules) * 1:8740 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX function call access (browser-plugins.rules) * 1:8741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8743 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8744 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX clsid access (browser-plugins.rules) * 1:8746 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX function call access (browser-plugins.rules) * 1:8747 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8749 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX function call access (browser-plugins.rules) * 1:875 <-> DISABLED <-> SERVER-WEBAPP win-c-sample.exe access (server-webapp.rules) * 1:8750 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX clsid access (browser-plugins.rules) * 1:8752 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX function call access (browser-plugins.rules) * 1:8753 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX clsid access (browser-plugins.rules) * 1:8755 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX function call access (browser-plugins.rules) * 1:8756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX clsid access (browser-plugins.rules) * 1:8758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX function call access (browser-plugins.rules) * 1:8759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX clsid access (browser-plugins.rules) * 1:8761 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX function call access (browser-plugins.rules) * 1:8762 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX clsid access (browser-plugins.rules) * 1:8764 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX function call access (browser-plugins.rules) * 1:8765 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX clsid access (browser-plugins.rules) * 1:8767 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX function call access (browser-plugins.rules) * 1:8768 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX clsid access (browser-plugins.rules) * 1:877 <-> DISABLED <-> SERVER-WEBAPP rksh access (server-webapp.rules) * 1:8770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX function call access (browser-plugins.rules) * 1:8771 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX clsid access (browser-plugins.rules) * 1:8773 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX function call access (browser-plugins.rules) * 1:8774 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX clsid access (browser-plugins.rules) * 1:8776 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX function call access (browser-plugins.rules) * 1:8777 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX clsid access (browser-plugins.rules) * 1:8779 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX function call access (browser-plugins.rules) * 1:878 <-> DISABLED <-> SERVER-WEBAPP w3tvars.pm access (server-webapp.rules) * 1:8780 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX clsid access (browser-plugins.rules) * 1:8782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX function call access (browser-plugins.rules) * 1:8783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX clsid access (browser-plugins.rules) * 1:8785 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX function call access (browser-plugins.rules) * 1:8786 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX clsid access (browser-plugins.rules) * 1:8788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX function call access (browser-plugins.rules) * 1:8789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX clsid access (browser-plugins.rules) * 1:879 <-> DISABLED <-> SERVER-WEBAPP admin.pl access (server-webapp.rules) * 1:8791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX function call access (browser-plugins.rules) * 1:8792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX clsid access (browser-plugins.rules) * 1:8794 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX function call access (browser-plugins.rules) * 1:8795 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX clsid access (browser-plugins.rules) * 1:8797 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX function call access (browser-plugins.rules) * 1:8798 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX clsid access (browser-plugins.rules) * 1:880 <-> DISABLED <-> SERVER-WEBAPP LWGate access (server-webapp.rules) * 1:8800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX function call access (browser-plugins.rules) * 1:8801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX clsid access (browser-plugins.rules) * 1:8803 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX function call access (browser-plugins.rules) * 1:8804 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX clsid access (browser-plugins.rules) * 1:8806 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX function call access (browser-plugins.rules) * 1:8807 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX clsid access (browser-plugins.rules) * 1:8809 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX function call access (browser-plugins.rules) * 1:881 <-> DISABLED <-> SERVER-WEBAPP archie access (server-webapp.rules) * 1:8810 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX clsid access (browser-plugins.rules) * 1:8812 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX function call access (browser-plugins.rules) * 1:8813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8815 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8816 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8818 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8819 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX clsid access (browser-plugins.rules) * 1:882 <-> DISABLED <-> SERVER-WEBAPP calendar access (server-webapp.rules) * 1:8821 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX function call access (browser-plugins.rules) * 1:8822 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX clsid access (browser-plugins.rules) * 1:8824 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX function call access (browser-plugins.rules) * 1:8825 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8827 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX clsid access (browser-plugins.rules) * 1:883 <-> DISABLED <-> SERVER-WEBAPP flexform access (server-webapp.rules) * 1:8830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX function call access (browser-plugins.rules) * 1:8831 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX clsid access (browser-plugins.rules) * 1:8833 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX function call access (browser-plugins.rules) * 1:8834 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX clsid access (browser-plugins.rules) * 1:8836 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX function call access (browser-plugins.rules) * 1:8837 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX clsid access (browser-plugins.rules) * 1:8839 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX function call access (browser-plugins.rules) * 1:8840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX clsid access (browser-plugins.rules) * 1:8842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX function call access (browser-plugins.rules) * 1:8843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX clsid access (browser-plugins.rules) * 1:8845 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX function call access (browser-plugins.rules) * 1:8846 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Character Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8848 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:885 <-> DISABLED <-> SERVER-WEBAPP bash access (server-webapp.rules) * 1:8850 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent Custom Proxy Class ActiveX clsid access (browser-plugins.rules) * 1:8852 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX clsid access (browser-plugins.rules) * 1:8854 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v2.0 ActiveX function call access (browser-plugins.rules) * 1:8856 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Agent v1.5 ActiveX function call access (browser-plugins.rules) * 1:886 <-> DISABLED <-> SERVER-WEBAPP phf access (server-webapp.rules) * 1:887 <-> DISABLED <-> SERVER-WEBAPP www-sql access (server-webapp.rules) * 1:888 <-> DISABLED <-> SERVER-WEBAPP wwwadmin.pl access (server-webapp.rules) * 1:889 <-> DISABLED <-> SERVER-WEBAPP ppdscgi.exe access (server-webapp.rules) * 1:890 <-> DISABLED <-> SERVER-WEBAPP sendform.cgi access (server-webapp.rules) * 1:891 <-> DISABLED <-> SERVER-WEBAPP upload.pl access (server-webapp.rules) * 1:892 <-> DISABLED <-> SERVER-WEBAPP AnyForm2 access (server-webapp.rules) * 1:8925 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrAddAlternateComputerName overflow attempt (os-windows.rules) * 1:894 <-> DISABLED <-> SERVER-WEBAPP bb-hist.sh access (server-webapp.rules) * 1:895 <-> DISABLED <-> SERVER-WEBAPP redirect access (server-webapp.rules) * 1:896 <-> DISABLED <-> SERVER-WEBAPP way-board access (server-webapp.rules) * 1:897 <-> DISABLED <-> SERVER-WEBAPP pals-cgi access (server-webapp.rules) * 1:898 <-> DISABLED <-> SERVER-WEBAPP commerce.cgi access (server-webapp.rules) * 1:899 <-> DISABLED <-> SERVER-WEBAPP Amaya templates sendtemp.pl directory traversal attempt (server-webapp.rules) * 1:900 <-> DISABLED <-> SERVER-WEBAPP webspirs.cgi directory traversal attempt (server-webapp.rules) * 1:901 <-> DISABLED <-> SERVER-WEBAPP webspirs.cgi access (server-webapp.rules) * 1:902 <-> DISABLED <-> SERVER-WEBAPP tstisapi.dll access (server-webapp.rules) * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules) * 1:903 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfcache.map access (server-other.rules) * 1:904 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp application.cfm (server-other.rules) * 1:905 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:906 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getfile.cfm access (server-other.rules) * 1:907 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion addcontent.cfm access (server-other.rules) * 1:908 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion administrator access (server-other.rules) * 1:909 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource username attempt (server-other.rules) * 1:910 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion fileexists.cfm access (server-other.rules) * 1:911 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exprcalc access (server-other.rules) * 1:912 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion parks access (server-other.rules) * 1:9129 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX clsid access (browser-plugins.rules) * 1:913 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfappman access (server-other.rules) * 1:9131 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX function call access (browser-plugins.rules) * 1:9132 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt (os-windows.rules) * 1:914 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion beaninfo access (server-other.rules) * 1:915 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion evaluate.cfm access (server-other.rules) * 1:916 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcdsn access (server-other.rules) * 1:917 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion db connections flush attempt (server-other.rules) * 1:918 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion expeval access (server-other.rules) * 1:919 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource passwordattempt (server-other.rules) * 1:920 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion datasource attempt (server-other.rules) * 1:921 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin encrypt attempt (server-other.rules) * 1:922 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion displayfile access (server-other.rules) * 1:9228 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP netware_cs NwGetConnectionInformation overflow attempt (os-windows.rules) * 1:923 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion getodbcin attempt (server-other.rules) * 1:924 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion admin decrypt attempt (server-other.rules) * 1:925 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion mainframeset access (server-other.rules) * 1:926 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion set odbc ini attempt (server-other.rules) * 1:927 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion settings refresh attempt (server-other.rules) * 1:928 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion exampleapp access (server-other.rules) * 1:929 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access (server-other.rules) * 1:930 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion snippets attempt (server-other.rules) * 1:931 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access (server-other.rules) * 1:932 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion application.cfm access (server-other.rules) * 1:9324 <-> DISABLED <-> POLICY-OTHER TOR traffic anonymizer server request (policy-other.rules) * 1:9325 <-> DISABLED <-> SERVER-OTHER Citrix IMA DOS event data length denial of service attempt (server-other.rules) * 1:9326 <-> DISABLED <-> MALWARE-OTHER netsky.p smtp propagation detection (malware-other.rules) * 1:9327 <-> DISABLED <-> MALWARE-OTHER netsky.af smtp propagation detection (malware-other.rules) * 1:9328 <-> DISABLED <-> MALWARE-OTHER zhangpo smtp propagation detection (malware-other.rules) * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules) * 1:933 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion onrequestend.cfm access (server-other.rules) * 1:9330 <-> DISABLED <-> MALWARE-OTHER mydoom.e smtp propagation detection (malware-other.rules) * 1:9331 <-> DISABLED <-> MALWARE-OTHER mydoom.m smtp propagation detection (malware-other.rules) * 1:9332 <-> DISABLED <-> MALWARE-OTHER mimail.a smtp propagation detection (malware-other.rules) * 1:9333 <-> DISABLED <-> MALWARE-OTHER mimail.e smtp propagation detection (malware-other.rules) * 1:9334 <-> DISABLED <-> MALWARE-OTHER lovgate.c smtp propagation detection (malware-other.rules) * 1:9335 <-> DISABLED <-> MALWARE-OTHER netsky.b smtp propagation detection (malware-other.rules) * 1:9336 <-> DISABLED <-> MALWARE-OTHER netsky.t smtp propagation detection (malware-other.rules) * 1:9337 <-> DISABLED <-> MALWARE-OTHER netsky.x smtp propagation detection (malware-other.rules) * 1:9338 <-> DISABLED <-> MALWARE-OTHER mydoom.i smtp propagation detection (malware-other.rules) * 1:9339 <-> DISABLED <-> MALWARE-OTHER klez.g web propagation detection (malware-other.rules) * 1:9340 <-> DISABLED <-> MALWARE-OTHER klez.i web propagation detection (malware-other.rules) * 1:9341 <-> DISABLED <-> MALWARE-OTHER sasser open ftp command shell (malware-other.rules) * 1:9342 <-> DISABLED <-> MALWARE-OTHER paroc.a smtp propagation detection (malware-other.rules) * 1:9343 <-> DISABLED <-> MALWARE-OTHER kadra smtp propagation detection (malware-other.rules) * 1:9344 <-> DISABLED <-> MALWARE-OTHER kindal smtp propagation detection (malware-other.rules) * 1:9345 <-> DISABLED <-> MALWARE-OTHER kipis.a smtp propagation detection (malware-other.rules) * 1:9346 <-> DISABLED <-> MALWARE-OTHER klez.b web propagation detection (malware-other.rules) * 1:9347 <-> DISABLED <-> MALWARE-OTHER klez.b netshare propagation detection (malware-other.rules) * 1:9348 <-> DISABLED <-> MALWARE-OTHER morbex smtp propagation detection (malware-other.rules) * 1:9349 <-> DISABLED <-> MALWARE-OTHER plemood smtp propagation detection (malware-other.rules) * 1:935 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion startstop DOS access (server-other.rules) * 1:9350 <-> DISABLED <-> MALWARE-OTHER mimail.k smtp propagation detection (malware-other.rules) * 1:9351 <-> DISABLED <-> MALWARE-OTHER lovgate.a netshare propagation detection (malware-other.rules) * 1:9352 <-> DISABLED <-> MALWARE-OTHER lovgate.a smtp propagation detection (malware-other.rules) * 1:9353 <-> DISABLED <-> MALWARE-OTHER deborm.x netshare propagation detection (malware-other.rules) * 1:9354 <-> DISABLED <-> MALWARE-OTHER deborm.y netshare propagation detection (malware-other.rules) * 1:9355 <-> DISABLED <-> MALWARE-OTHER deborm.u netshare propagation detection (malware-other.rules) * 1:9356 <-> DISABLED <-> MALWARE-OTHER deborm.q netshare propagation detection (malware-other.rules) * 1:9357 <-> DISABLED <-> MALWARE-OTHER deborm.r netshare propagation detection (malware-other.rules) * 1:9358 <-> DISABLED <-> MALWARE-OTHER fizzer smtp propagation detection (malware-other.rules) * 1:9359 <-> DISABLED <-> MALWARE-OTHER zafi.b smtp propagation detection (malware-other.rules) * 1:936 <-> DISABLED <-> SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access (server-other.rules) * 1:9360 <-> DISABLED <-> MALWARE-OTHER cult.b smtp propagation detection (malware-other.rules) * 1:9361 <-> DISABLED <-> MALWARE-OTHER mimail.l smtp propagation detection (malware-other.rules) * 1:9362 <-> DISABLED <-> MALWARE-OTHER mimail.m smtp propagation detection (malware-other.rules) * 1:9363 <-> DISABLED <-> MALWARE-OTHER klez.d web propagation detection (malware-other.rules) * 1:9364 <-> DISABLED <-> MALWARE-OTHER klez.e web propagation detection (malware-other.rules) * 1:9365 <-> DISABLED <-> MALWARE-OTHER cult.c smtp propagation detection (malware-other.rules) * 1:9366 <-> DISABLED <-> MALWARE-OTHER mimail.s smtp propagation detection (malware-other.rules) * 1:9367 <-> DISABLED <-> MALWARE-OTHER anset.b smtp propagation detection (malware-other.rules) * 1:9368 <-> DISABLED <-> MALWARE-OTHER agist.a smtp propagation detection (malware-other.rules) * 1:9369 <-> DISABLED <-> MALWARE-OTHER atak.a smtp propagation detection (malware-other.rules) * 1:937 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage _vti_rpc access (server-other.rules) * 1:9370 <-> DISABLED <-> MALWARE-OTHER bagle.b smtp propagation detection (malware-other.rules) * 1:9371 <-> DISABLED <-> MALWARE-OTHER bagle.e smtp propagation detection (malware-other.rules) * 1:9372 <-> DISABLED <-> MALWARE-OTHER blebla.a smtp propagation detection (malware-other.rules) * 1:9373 <-> DISABLED <-> MALWARE-OTHER clepa smtp propagation detection (malware-other.rules) * 1:9374 <-> DISABLED <-> MALWARE-OTHER creepy.b smtp propagation detection (malware-other.rules) * 1:9375 <-> DISABLED <-> MALWARE-OTHER duksten.c smtp propagation detection (malware-other.rules) * 1:9376 <-> DISABLED <-> MALWARE-OTHER fishlet.a smtp propagation detection (malware-other.rules) * 1:9377 <-> DISABLED <-> MALWARE-OTHER mydoom.g smtp propagation detection (malware-other.rules) * 1:9378 <-> DISABLED <-> MALWARE-OTHER netsky.q smtp propagation detection (malware-other.rules) * 1:9379 <-> DISABLED <-> MALWARE-OTHER netsky.s smtp propagation detection (malware-other.rules) * 1:9380 <-> DISABLED <-> MALWARE-OTHER jitux msn messenger propagation detection (malware-other.rules) * 1:9381 <-> DISABLED <-> MALWARE-OTHER lara smtp propagation detection (malware-other.rules) * 1:9382 <-> DISABLED <-> MALWARE-OTHER fearso.c smtp propagation detection (malware-other.rules) * 1:9383 <-> DISABLED <-> MALWARE-OTHER netsky.y smtp propagation detection (malware-other.rules) * 1:9384 <-> DISABLED <-> MALWARE-OTHER beglur.a smtp propagation detection (malware-other.rules) * 1:9385 <-> DISABLED <-> MALWARE-OTHER collo.a smtp propagation detection (malware-other.rules) * 1:9386 <-> DISABLED <-> MALWARE-OTHER bagle.f smtp propagation detection (malware-other.rules) * 1:9387 <-> DISABLED <-> MALWARE-OTHER klez.j web propagation detection (malware-other.rules) * 1:9388 <-> DISABLED <-> MALWARE-OTHER mimail.g smtp propagation detection (malware-other.rules) * 1:9389 <-> DISABLED <-> MALWARE-OTHER bagle.i smtp propagation detection (malware-other.rules) * 1:939 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage posting (server-other.rules) * 1:9390 <-> DISABLED <-> MALWARE-OTHER deborm.d netshare propagation detection (malware-other.rules) * 1:9391 <-> DISABLED <-> MALWARE-OTHER mimail.i smtp propagation detection (malware-other.rules) * 1:9392 <-> DISABLED <-> MALWARE-OTHER bagle.j smtp propagation detection (malware-other.rules) * 1:9393 <-> DISABLED <-> MALWARE-OTHER bagle.k smtp propagation detection (malware-other.rules) * 1:9394 <-> DISABLED <-> MALWARE-OTHER bagle.n smtp propagation detection (malware-other.rules) * 1:9395 <-> DISABLED <-> MALWARE-OTHER deborm.j netshare propagation detection (malware-other.rules) * 1:9396 <-> DISABLED <-> MALWARE-OTHER deborm.t netshare propagation detection (malware-other.rules) * 1:9397 <-> DISABLED <-> MALWARE-OTHER neysid smtp propagation detection (malware-other.rules) * 1:9398 <-> DISABLED <-> MALWARE-OTHER totilix.a smtp propagation detection (malware-other.rules) * 1:9399 <-> DISABLED <-> MALWARE-OTHER hanged smtp propagation detection (malware-other.rules) * 1:940 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage shtml.dll access (server-other.rules) * 1:9400 <-> DISABLED <-> MALWARE-OTHER abotus smtp propagation detection (malware-other.rules) * 1:9401 <-> DISABLED <-> MALWARE-OTHER gokar http propagation detection (malware-other.rules) * 1:9402 <-> DISABLED <-> MALWARE-OTHER welchia tftp propagation detection (malware-other.rules) * 1:9403 <-> DISABLED <-> MALWARE-OTHER netsky.aa smtp propagation detection (malware-other.rules) * 1:9404 <-> DISABLED <-> MALWARE-OTHER netsky.ac smtp propagation detection (malware-other.rules) * 1:9406 <-> DISABLED <-> MALWARE-OTHER lovgate.e smtp propagation detection (malware-other.rules) * 1:9407 <-> DISABLED <-> MALWARE-OTHER lovgate.b netshare propagation detection (malware-other.rules) * 1:9408 <-> DISABLED <-> MALWARE-OTHER lacrow smtp propagation detection (malware-other.rules) * 1:9409 <-> DISABLED <-> MALWARE-OTHER atak.b smtp propagation detection (malware-other.rules) * 1:941 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage contents.htm access (server-other.rules) * 1:9410 <-> DISABLED <-> MALWARE-OTHER netsky.z smtp propagation detection (malware-other.rules) * 1:9411 <-> DISABLED <-> MALWARE-OTHER mimail.f smtp propagation detection (malware-other.rules) * 1:9412 <-> DISABLED <-> MALWARE-OTHER sinmsn.b msn propagation detection (malware-other.rules) * 1:9413 <-> DISABLED <-> MALWARE-OTHER ganda smtp propagation detection (malware-other.rules) * 1:9414 <-> DISABLED <-> MALWARE-OTHER lovelorn.a smtp propagation detection (malware-other.rules) * 1:9415 <-> DISABLED <-> MALWARE-OTHER plexus.a smtp propagation detection (malware-other.rules) * 1:9416 <-> DISABLED <-> MALWARE-OTHER bagle.at smtp propagation detection (malware-other.rules) * 1:9417 <-> DISABLED <-> MALWARE-OTHER bagle.a smtp propagation detection (malware-other.rules) * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules) * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules) * 1:942 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage orders.htm access (server-other.rules) * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules) * 1:9421 <-> ENABLED <-> MALWARE-OTHER zotob attempt (malware-other.rules) * 1:9422 <-> ENABLED <-> MALWARE-OTHER msblast attempt (malware-other.rules) * 1:9423 <-> ENABLED <-> MALWARE-OTHER lovegate attempt (malware-other.rules) * 1:9424 <-> DISABLED <-> MALWARE-OTHER /winnt/explorer.exe unicode klez infection (malware-other.rules) * 1:9425 <-> DISABLED <-> MALWARE-OTHER netsky attachment (malware-other.rules) * 1:9426 <-> DISABLED <-> MALWARE-OTHER mydoom.ap attachment (malware-other.rules) * 1:9427 <-> DISABLED <-> BROWSER-PLUGINS Acer LunchApp.APlunch ActiveX clsid access (browser-plugins.rules) * 1:9429 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link scripting security bypass attempt (file-multimedia.rules) * 1:943 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage fpsrvadm.exe access (server-other.rules) * 1:9430 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link file URI security bypass attempt (file-multimedia.rules) * 1:9431 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt (file-office.rules) * 1:9432 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9433 <-> DISABLED <-> OS-WINDOWS Microsoft Agent buffer overflow attempt (os-windows.rules) * 1:9434 <-> DISABLED <-> FILE-OTHER Ultravox-Max-Msg header integer overflow attempt (file-other.rules) * 1:944 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage fpremadm.exe access (server-other.rules) * 1:9441 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath overflow attempt (netbios.rules) * 1:945 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage fpadmin.htm access (server-other.rules) * 1:946 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage fpadmcgi.exe access (server-other.rules) * 1:947 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage orders.txt access (server-other.rules) * 1:948 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage form_results access (server-other.rules) * 1:949 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage registrations.htm access (server-other.rules) * 1:950 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage cfgwiz.exe access (server-other.rules) * 1:951 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage authors.pwd access (server-other.rules) * 1:952 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage author.exe access (server-other.rules) * 1:953 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage administrators.pwd access (server-other.rules) * 1:954 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage form_results.htm access (server-other.rules) * 1:955 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage access.cnf access (server-other.rules) * 1:956 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage register.txt access (server-other.rules) * 1:957 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage registrations.txt access (server-other.rules) * 1:958 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage service.cnf access (server-other.rules) * 1:959 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage service.pwd (server-other.rules) * 1:960 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage service.stp access (server-other.rules) * 1:961 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage services.cnf access (server-other.rules) * 1:9619 <-> DISABLED <-> FILE-OTHER Gnu gv buffer overflow attempt (file-other.rules) * 1:962 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage shtml.exe access (server-other.rules) * 1:9620 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher remote code execution attempt (server-webapp.rules) * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules) * 1:9622 <-> DISABLED <-> SERVER-OTHER Spiffit UDP denial of service attempt (server-other.rules) * 1:9623 <-> DISABLED <-> PROTOCOL-RPC UNIX authentication machinename string overflow attempt TCP (protocol-rpc.rules) * 1:9624 <-> DISABLED <-> PROTOCOL-RPC UNIX authentication machinename string overflow attempt UDP (protocol-rpc.rules) * 1:9625 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player ASX file ref href buffer overflow attempt (os-windows.rules) * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules) * 1:9629 <-> DISABLED <-> BROWSER-PLUGINS Citrix.ICAClient ActiveX clsid access (browser-plugins.rules) * 1:963 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage svcacl.cnf access (server-other.rules) * 1:9631 <-> DISABLED <-> BROWSER-PLUGINS Citrix.ICAClient ActiveX function call access (browser-plugins.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:9633 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP (server-other.rules) * 1:9634 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP (server-other.rules) * 1:9635 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP (server-other.rules) * 1:9636 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP (server-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manager dm.ini stack overflow attempt (file-other.rules) * 1:9638 <-> DISABLED <-> PROTOCOL-TFTP PUT Microsoft RIS filename overwrite attempt (protocol-tftp.rules) * 1:9639 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Address Book file magic detected (file-identify.rules) * 1:964 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage users.pwd access (server-other.rules) * 1:9640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows ADODB.Connection ActiveX function call access (browser-plugins.rules) * 1:9641 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player ASF simple index object parsing buffer overflow attempt (os-windows.rules) * 1:9642 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player ASF codec list object parsing buffer overflow attempt (os-windows.rules) * 1:9643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player ASF marker object parsing buffer overflow attempt (os-windows.rules) * 1:9644 <-> DISABLED <-> PUA-ADWARE Adware imnames runtime detection (pua-adware.rules) * 1:9645 <-> DISABLED <-> PUA-ADWARE Hijacker sogou outbound connection - keyword hijack (pua-adware.rules) * 1:9646 <-> DISABLED <-> PUA-TOOLBARS Hijacker sogou runtime detection - search through sogou toolbar (pua-toolbars.rules) * 1:9647 <-> DISABLED <-> MALWARE-OTHER Keylogger system surveillance pro runtime detection (malware-other.rules) * 1:9648 <-> DISABLED <-> MALWARE-OTHER Keylogger emailspypro runtime detection (malware-other.rules) * 1:9649 <-> ENABLED <-> MALWARE-OTHER Keylogger ghost Keylogger runtime detection - flowbit set (malware-other.rules) * 1:965 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage writeto.cnf access (server-other.rules) * 1:9650 <-> DISABLED <-> MALWARE-OTHER Keylogger ghost Keylogger runtime detection (malware-other.rules) * 1:9651 <-> DISABLED <-> PUA-ADWARE Hijacker ricercadoppia outbound connection (pua-adware.rules) * 1:9652 <-> DISABLED <-> PUA-ADWARE Hijacker oemji bar outbound connection (pua-adware.rules) * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 variant outbound connection php notification (malware-cnc.rules) * 1:9654 <-> DISABLED <-> MALWARE-BACKDOOR apofis 1.0 runtime detection - remote controlling (malware-backdoor.rules) * 1:9655 <-> DISABLED <-> MALWARE-BACKDOOR apofis 1.0 runtime detection - remote controlling (malware-backdoor.rules) * 1:9656 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection (malware-backdoor.rules) * 1:9657 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - init connection (malware-backdoor.rules) * 1:9658 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection (malware-backdoor.rules) * 1:9659 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - file manage (malware-backdoor.rules) * 1:966 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage .... request (server-other.rules) * 1:9660 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection (malware-backdoor.rules) * 1:9661 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - show processes (malware-backdoor.rules) * 1:9662 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection (malware-backdoor.rules) * 1:9663 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - start remote shell (malware-backdoor.rules) * 1:9664 <-> DISABLED <-> MALWARE-BACKDOOR crossbow 1.12 runtime detection (malware-backdoor.rules) * 1:9665 <-> DISABLED <-> MALWARE-BACKDOOR crossbow 1.12 runtime detection - init connection (malware-backdoor.rules) * 1:9666 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - success init connection (malware-backdoor.rules) * 1:9667 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - issue remote control command (malware-backdoor.rules) * 1:9668 <-> DISABLED <-> BROWSER-PLUGINS Outlook Recipient Control ActiveX clsid access (browser-plugins.rules) * 1:967 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage dvwssr.dll access (server-other.rules) * 1:9670 <-> DISABLED <-> BROWSER-PLUGINS Outlook Recipient Control ActiveX function call access (browser-plugins.rules) * 1:9671 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (browser-plugins.rules) * 1:9673 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer AutoStream.AutoStream.1 ActiveX function call access (browser-plugins.rules) * 1:968 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage register.htm access (server-other.rules) * 1:969 <-> DISABLED <-> SERVER-IIS WebDAV file lock attempt (server-iis.rules) * 1:971 <-> DISABLED <-> SERVER-IIS ISAPI .printer access (server-iis.rules) * 1:973 <-> DISABLED <-> SERVER-IIS *.idc attempt (server-iis.rules) * 1:974 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS directory traversal attempt (server-iis.rules) * 1:975 <-> DISABLED <-> SERVER-IIS Alternate Data streams ASP file access attempt (server-iis.rules) * 1:976 <-> DISABLED <-> SERVER-WEBAPP .bat? access (server-webapp.rules) * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules) * 1:977 <-> DISABLED <-> SERVER-IIS .cnf access (server-iis.rules) * 1:9772 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 overflow attempt (netbios.rules) * 1:9773 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP msqueue function 1 overflow attempt (netbios.rules) * 1:978 <-> DISABLED <-> SERVER-IIS ASP contents view (server-iis.rules) * 1:979 <-> DISABLED <-> SERVER-IIS ASP contents view (server-iis.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:9791 <-> DISABLED <-> SERVER-WEBAPP .cmd? access (server-webapp.rules) * 1:9792 <-> DISABLED <-> PROTOCOL-FTP PASV overflow attempt (protocol-ftp.rules) * 1:9793 <-> DISABLED <-> BROWSER-PLUGINS YMMAPI.YMailAttach ActiveX clsid access (browser-plugins.rules) * 1:9795 <-> DISABLED <-> BROWSER-PLUGINS Panda ActiveScan ActiveScan.1 ActiveX clsid access (browser-plugins.rules) * 1:9797 <-> DISABLED <-> BROWSER-PLUGINS Panda ActiveScan ActiveScan.1 ActiveX function call access (browser-plugins.rules) * 1:9798 <-> DISABLED <-> BROWSER-PLUGINS Panda ActiveScan PAVPZ.SOS.1 ActiveX clsid access (browser-plugins.rules) * 1:980 <-> DISABLED <-> SERVER-IIS CGImail.exe access (server-iis.rules) * 1:9800 <-> DISABLED <-> BROWSER-PLUGINS Panda ActiveScan PAVPZ.SOS.1 ActiveX function call access (browser-plugins.rules) * 1:9801 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (file-multimedia.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:9812 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Messenger YMMAPI.YMailAttach ActiveX function call access (browser-plugins.rules) * 1:9813 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup connect_options buffer overflow attempt (server-other.rules) * 1:9814 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX clsid access (browser-plugins.rules) * 1:9816 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX function call access (browser-plugins.rules) * 1:9817 <-> DISABLED <-> BROWSER-PLUGINS CEnroll.CEnroll.2 ActiveX clsid access (browser-plugins.rules) * 1:9820 <-> DISABLED <-> BROWSER-PLUGINS OWC11.DataSourceControl.11 ActiveX function call access (browser-plugins.rules) * 1:9821 <-> DISABLED <-> BROWSER-PLUGINS TriEditDocument.TriEditDocument ActiveX clsid access (browser-plugins.rules) * 1:9823 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime RTSP URI overflow attempt (file-multimedia.rules) * 1:9824 <-> DISABLED <-> BROWSER-PLUGINS Rediff Bol Downloader ActiveX clsid access (browser-plugins.rules) * 1:9826 <-> DISABLED <-> BROWSER-PLUGINS Rediff Bol Downloader ActiveX function call access (browser-plugins.rules) * 1:9827 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - smtp (malware-other.rules) * 1:9828 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - ftp (malware-other.rules) * 1:9829 <-> DISABLED <-> MALWARE-OTHER Trackware relevantknowledge runtime detection (malware-other.rules) * 1:9830 <-> DISABLED <-> MALWARE-OTHER Keylogger supreme spy runtime detection (malware-other.rules) * 1:9831 <-> DISABLED <-> PUA-ADWARE Adware u88 runtime detection (pua-adware.rules) * 1:9832 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - send message (malware-backdoor.rules) * 1:9833 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (malware-backdoor.rules) * 1:9834 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - black screen (malware-backdoor.rules) * 1:9835 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - swap mouse (malware-backdoor.rules) * 1:9836 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - crazy mouse (malware-backdoor.rules) * 1:9837 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - init connection (malware-backdoor.rules) * 1:9838 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - init connection (malware-backdoor.rules) * 1:9839 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - keep alive (malware-backdoor.rules) * 1:984 <-> DISABLED <-> SERVER-IIS JET VBA access (server-iis.rules) * 1:9840 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HREF Track Detected (file-multimedia.rules) * 1:9841 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook VEVENT overflow attempt (server-mail.rules) * 1:9842 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin Universal cross-site scripting attempt (file-pdf.rules) * 1:9843 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin JavaScript parameter double free attempt (file-pdf.rules) * 1:9844 <-> DISABLED <-> FILE-MULTIMEDIA VLC Media Player udp URI format string attempt (file-multimedia.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:9847 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Saved Search download attempt (file-office.rules) * 1:9848 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numfills parameter buffer overflow attempt (os-windows.rules) * 1:9849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (os-windows.rules) * 1:985 <-> DISABLED <-> SERVER-IIS JET VBA access (server-iis.rules) * 1:986 <-> DISABLED <-> SERVER-IIS MSProxy access (server-iis.rules) * 1:987 <-> DISABLED <-> FILE-IDENTIFY .htr access file download request (file-identify.rules) * 1:989 <-> DISABLED <-> MALWARE-CNC sensepost.exe command shell (malware-cnc.rules) * 1:990 <-> DISABLED <-> SERVER-OTHER Microsoft Frontpage _vti_inf.html access (server-other.rules) * 1:991 <-> DISABLED <-> SERVER-IIS achg.htr access (server-iis.rules) * 1:9914 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP tapisrv ClientRequest LSetAppPriority overflow attempt (os-windows.rules) * 1:992 <-> DISABLED <-> SERVER-IIS adctest.asp access (server-iis.rules) * 1:993 <-> DISABLED <-> SERVER-IIS iisadmin access (server-iis.rules) * 1:994 <-> DISABLED <-> SERVER-IIS /scripts/iisadmin/default.htm access (server-iis.rules) * 1:995 <-> DISABLED <-> SERVER-IIS ism.dll access (server-iis.rules) * 1:996 <-> DISABLED <-> SERVER-IIS anot.htr access (server-iis.rules) * 1:997 <-> DISABLED <-> SERVER-IIS asp-dot attempt (server-iis.rules) * 1:998 <-> DISABLED <-> SERVER-IIS asp-srch attempt (server-iis.rules) * 1:999 <-> DISABLED <-> SERVER-IIS bdir access (server-iis.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (snort3-browser-chrome.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (snort3-server-webapp.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (snort3-server-other.rules) * 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (snort3-browser-chrome.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (snort3-malware-backdoor.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (snort3-server-oracle.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (snort3-server-other.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (snort3-malware-cnc.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (snort3-malware-cnc.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (snort3-browser-chrome.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (snort3-malware-cnc.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (snort3-malware-backdoor.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (snort3-malware-backdoor.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (snort3-malware-cnc.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (snort3-browser-chrome.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (snort3-malware-backdoor.rules)
* 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (snort3-policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (snort3-policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (snort3-policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (snort3-policy-other.rules) * 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (snort3-policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (snort3-policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (snort3-policy-other.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (snort3-browser-ie.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (snort3-browser-ie.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (snort3-policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57366 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57367 <-> DISABLED <-> SERVER-WEBAPP Yealink Device Management server side request forgery attempt (server-webapp.rules) * 1:57380 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Sunburst outbound connection attempt (malware-cnc.rules) * 1:57381 <-> DISABLED <-> SERVER-OTHER Dnsmasq DNS and DHCP server heap-buffer overflow attempt (server-other.rules) * 1:57377 <-> DISABLED <-> SERVER-ORACLE Oracle Weblogic ExternalizableLite T3 remote code execution attempt (server-oracle.rules) * 1:57376 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57382 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server DLPUtils remote code execution attempt (server-other.rules) * 1:57363 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 1:57369 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57362 <-> ENABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57365 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebXR component use after free attempt (browser-chrome.rules) * 1:57368 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57364 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell outbound connection attempt (malware-backdoor.rules) * 1:57375 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebAssembly memory corruption attempt (browser-chrome.rules) * 1:57370 <-> ENABLED <-> MALWARE-CNC Unix.Malware.Exaramel outbound connection attempt (malware-cnc.rules) * 1:57361 <-> DISABLED <-> MALWARE-BACKDOOR PAS webshell inbound connection attempt (malware-backdoor.rules) * 3:57374 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57371 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57372 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules) * 3:57379 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57378 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1275 attack attempt (file-image.rules) * 3:57373 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1277 attack attempt (server-webapp.rules)
* 1:19669 <-> DISABLED <-> POLICY-OTHER Telnet protocol specifier in web page attempt (policy-other.rules) * 1:41742 <-> DISABLED <-> POLICY-OTHER external admin access attempt (policy-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:37880 <-> DISABLED <-> POLICY-OTHER Symantec Workspace Streaming insecure java serialized data upload attempt (policy-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:24378 <-> DISABLED <-> POLICY-OTHER TCP packet with urgent flag attempt (policy-other.rules) * 1:44484 <-> DISABLED <-> POLICY-OTHER SMBv1 protocol detection attempt (policy-other.rules) * 1:41475 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:41474 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 7 CTreeNode object remote code execution attempt (browser-ie.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
