Talos has added and modified multiple rules in the file-flash, malware-cnc, malware-other, os-windows, policy-other, server-apache, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules)
* 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
* 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules)
* 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
* 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
* 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules)
* 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules)
* 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules)
* 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
* 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules)
* 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:64687 <-> DISABLED <-> SERVER-MAIL Exim SMTP vulnerable version detected (server-mail.rules) * 1:64690 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64686 <-> DISABLED <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt (server-apache.rules) * 1:60686 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64695 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64684 <-> DISABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:64688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules) * 1:60687 <-> DISABLED <-> OS-WINDOWS Windows AppxSvc component elevation of privilege attempt (os-windows.rules) * 1:64701 <-> DISABLED <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt (policy-other.rules) * 1:64692 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection (malware-cnc.rules) * 1:64691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64696 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt (server-other.rules) * 1:64700 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules) * 1:64694 <-> DISABLED <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt (malware-cnc.rules) * 1:64698 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64697 <-> ENABLED <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt (malware-other.rules) * 1:64685 <-> ENABLED <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt (server-webapp.rules) * 1:64689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection (malware-cnc.rules) * 1:64699 <-> ENABLED <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt (server-webapp.rules)
* 1:48494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:50267 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:50536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48426 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:49231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player drawTriangles out-of-bounds read attempt (file-flash.rules) * 1:50767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel (malware-cnc.rules) * 1:49655 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50268 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:48493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:49654 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:50766 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel (malware-cnc.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:49312 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:50761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:51648 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX same origin method execution attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:22069 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:51643 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:23131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X500 DistinguishedName property access attempt (file-flash.rules) * 1:52658 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:50762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:47192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:50139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:53057 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:50140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out-of-bounds read attempt (file-flash.rules) * 1:55813 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:50534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:57499 <-> DISABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:59440 <-> DISABLED <-> SERVER-APACHE Apache mod_http2 NULL pointer dereference attempt (server-apache.rules) * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:48425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM type confusion attempt (file-flash.rules) * 1:48567 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:24980 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:46950 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:21655 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:47786 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:48491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:45743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:45615 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:22915 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:45683 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:24362 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:46263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:23130 <-> DISABLED <-> FILE-FLASH Adobe Flash Player X509 direct instantiation property access attempt (file-flash.rules) * 1:45459 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:46920 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:45405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:46324 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:46918 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47531 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:45547 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:46919 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:45616 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip duplicateMovieClip use-after-free attempt (file-flash.rules) * 1:46949 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds memory access attempt (file-flash.rules) * 1:45593 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:45594 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:20785 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:23133 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.display.BitmapData constuctor overflow attempt (file-flash.rules) * 1:46254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46255 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:46598 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:45546 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineFont3 tag overly large NumGlyphs out of bounds read attempt (file-flash.rules) * 1:45613 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:46599 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative MovieClip type confusion attempt (file-flash.rules) * 1:46247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:24415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:45595 <-> DISABLED <-> FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt (file-flash.rules) * 1:46248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime MediaPlayerItemLoader BlurFilter object out of bounds write attempt (file-flash.rules) * 1:46917 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:47127 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:47532 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Vector.String class out-of-bounds read attempt (file-flash.rules) * 1:47128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ActionSetTarget record information disclosure attempt (file-flash.rules) * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:24876 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:48496 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:48566 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel (malware-cnc.rules) * 1:21654 <-> DISABLED <-> FILE-FLASH Adobe Flash Video invalid tag type attempt (file-flash.rules) * 1:21533 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:55814 <-> DISABLED <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt (server-other.rules) * 1:44963 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:48495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:50764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel (malware-cnc.rules) * 1:47787 <-> DISABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:20781 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:23132 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineSound tag long recordheader length field attempt (file-flash.rules) * 1:50768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel (malware-cnc.rules) * 1:47191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript NetConnection type confusion attempt (file-flash.rules) * 1:21336 <-> DISABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49656 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:52659 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules) * 1:24810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:44003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:24892 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:23129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SecureSocket use without Connect attempt (file-flash.rules) * 1:21338 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:22916 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:20131 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:21335 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (file-flash.rules) * 1:21653 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript getURL target null reference attempt (file-flash.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:23134 <-> DISABLED <-> FILE-FLASH Adobe Flash Player broker destructor DoS attempt (file-flash.rules) * 1:23853 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:24244 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player flash.DisplayObject memory corruption attempt (file-flash.rules) * 1:23967 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:24364 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24139 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:23854 <-> DISABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:24138 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24414 <-> DISABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24245 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:50765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel (malware-cnc.rules) * 1:20784 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:24430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24365 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24140 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:25681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:24431 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24366 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24874 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24367 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24429 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24428 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24879 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24809 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24893 <-> DISABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24813 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24875 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24808 <-> DISABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24896 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24882 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24989 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24812 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24877 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24895 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:25676 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:21536 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Stage3D null dereference attempt (file-flash.rules) * 1:24982 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24985 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24984 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:24981 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24990 <-> DISABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:43996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:24986 <-> DISABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24983 <-> DISABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:25677 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:24991 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24992 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:44346 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:25683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25678 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25815 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:44352 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44002 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:43995 <-> DISABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44173 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:24363 <-> DISABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:44584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:45614 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt (file-flash.rules) * 1:45404 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:50537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:22070 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:44348 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44174 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules) * 1:20803 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:44345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:20779 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:19682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:21326 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActiveX URL import attempt (file-flash.rules) * 1:20778 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:20782 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44552 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:20780 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:44351 <-> DISABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:44887 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44553 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:44583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:44902 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44888 <-> DISABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:51644 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use-after-free attempt (file-flash.rules) * 1:54826 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:54825 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVM domain memory range integer overflow attempt (file-flash.rules) * 1:21534 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:50535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:53058 <-> DISABLED <-> FILE-FLASH Spelevo Exploit Kit download attempt (file-flash.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:301168 <-> MALWARE-OTHER Win.Rootkit.Winnti download attempt * 1:64684 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:64685 <-> SERVER-WEBAPP Apache OFBiz remote code execution attempt * 1:64686 <-> SERVER-APACHE Apache Tomcat partial PUT remote code execution attempt * 1:64687 <-> SERVER-MAIL Exim SMTP vulnerable version detected * 1:64689 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64690 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64691 <-> MALWARE-CNC Win.Trojan.Bondupdater inbound cnc connection * 1:64692 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64693 <-> MALWARE-CNC Win.Trojan.Bondupdater outbound cnc connection * 1:64694 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64695 <-> MALWARE-CNC MultiOs.Trojan.FINALDRAFT variant outbound communication attempt * 1:64696 <-> SERVER-OTHER MIT Kerberos KDC as-req sname null pointer dereference attempt * 1:64699 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64700 <-> SERVER-WEBAPP Next.js Middleware authentication bypass attempt * 1:64701 <-> POLICY-OTHER Next.js Middleware x-middleware-subrequest header use attempt
* 1:43300 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:43301 <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt * 1:50761 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50762 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50763 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50764 <-> MALWARE-CNC Win.Trojan.Helminth outbound DNS tunnel * 1:50765 <-> MALWARE-CNC Win.Trojan.ISMAgent outbound DNS tunnel * 1:50766 <-> MALWARE-CNC Win.Trojan.ALMA_Dash outbound DNS tunnel * 1:50767 <-> MALWARE-CNC Win.Trojan.ALMA_Dot outbound DNS tunnel * 1:50768 <-> MALWARE-CNC Win.Trojan.BONDUPDATER outbound DNS tunnel * 1:50769 <-> MALWARE-CNC Win.Trojan.QUADAGENT outbound DNS tunnel * 1:55813 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt * 1:55814 <-> SERVER-OTHER Symantec Endpoint Protection tamper protection bypass attempt
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
