The VRT has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-identify, indicator-compromise, malware-cnc, protocol-snmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31690 <-> ENABLED <-> BLACKLIST DNS request for known malware domain managejave.myftp.org - Win.Trojan.Kronos (blacklist.rules) * 1:31691 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound communication (malware-cnc.rules) * 1:31694 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31695 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31696 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31697 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31698 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:31700 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit landing page detection (exploit-kit.rules) * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31705 <-> ENABLED <-> BLACKLIST DNS request for known PUA domain mytransitguide.com - MyTransitGuide Toolbar (blacklist.rules) * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound communication (malware-cnc.rules) * 1:31707 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:31710 <-> ENABLED <-> BLACKLIST DNS request for known malware domain alquimedes.net - Win.Trojan.Ragua (blacklist.rules) * 1:31711 <-> DISABLED <-> INDICATOR-COMPROMISE Keylog string over FTP detected (indicator-compromise.rules) * 1:31712 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31713 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31714 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31715 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Otupsys variant outbound connection (malware-cnc.rules) * 1:31717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.JavaInstaller variant outbound connection attempt (malware-cnc.rules) * 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound communication (malware-cnc.rules)
* 1:1427 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-trap-app attempt (protocol-snmp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:21995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (malware-cnc.rules) * 1:19429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:13679 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:516 <-> DISABLED <-> PROTOCOL-SNMP NT UserList (protocol-snmp.rules) * 1:26695 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:21996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (malware-cnc.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (malware-cnc.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:19716 <-> DISABLED <-> MALWARE-CNC TrojanSpy.Win32.Banker.OO variant outbound connection (malware-cnc.rules) * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules) * 1:1413 <-> DISABLED <-> PROTOCOL-SNMP private access udp (protocol-snmp.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:1411 <-> DISABLED <-> PROTOCOL-SNMP public access udp (protocol-snmp.rules) * 1:1415 <-> DISABLED <-> PROTOCOL-SNMP Broadcast request (protocol-snmp.rules) * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of variant outbound connection (malware-cnc.rules) * 1:1417 <-> DISABLED <-> PROTOCOL-SNMP request udp (protocol-snmp.rules) * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:1418 <-> DISABLED <-> PROTOCOL-SNMP request tcp (protocol-snmp.rules) * 1:1419 <-> DISABLED <-> PROTOCOL-SNMP trap udp (protocol-snmp.rules) * 1:1416 <-> DISABLED <-> PROTOCOL-SNMP broadcast trap (protocol-snmp.rules) * 1:19753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TrojanSpy.Win32.Zbot.gen.C variant outbound connection (malware-cnc.rules) * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:1420 <-> DISABLED <-> PROTOCOL-SNMP trap tcp (protocol-snmp.rules) * 1:19754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection (malware-cnc.rules) * 1:25076 <-> ENABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:19759 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.FireThief.h variant outbound connection (malware-cnc.rules) * 1:19788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.pnc variant outbound connection (malware-cnc.rules) * 1:1421 <-> DISABLED <-> PROTOCOL-SNMP AgentX/tcp request (protocol-snmp.rules) * 1:19781 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Agent.aqpn variant outbound connection (malware-cnc.rules) * 1:19799 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.gen.Q variant outbound connection (malware-cnc.rules) * 1:19800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pher.ij variant outbound connection (malware-cnc.rules) * 1:19805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smser.cx variant outbound connection (malware-cnc.rules) * 1:21632 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:19863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.yi variant outbound connection (malware-cnc.rules) * 1:21945 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:1426 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-req-app attempt (protocol-snmp.rules) * 1:21981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selvice variant outbound connection (malware-cnc.rules) * 1:1892 <-> DISABLED <-> PROTOCOL-SNMP null community string attempt (protocol-snmp.rules) * 1:1893 <-> DISABLED <-> PROTOCOL-SNMP missing community string attempt (protocol-snmp.rules) * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules) * 1:21982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insain variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31690 <-> ENABLED <-> BLACKLIST DNS request for known malware domain managejave.myftp.org - Win.Trojan.Kronos (blacklist.rules) * 1:31691 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound communication (malware-cnc.rules) * 1:31694 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31695 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31696 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31697 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31698 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:31700 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit landing page detection (exploit-kit.rules) * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31705 <-> ENABLED <-> BLACKLIST DNS request for known PUA domain mytransitguide.com - MyTransitGuide Toolbar (blacklist.rules) * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound communication (malware-cnc.rules) * 1:31707 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:31710 <-> ENABLED <-> BLACKLIST DNS request for known malware domain alquimedes.net - Win.Trojan.Ragua (blacklist.rules) * 1:31711 <-> DISABLED <-> INDICATOR-COMPROMISE Keylog string over FTP detected (indicator-compromise.rules) * 1:31712 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31713 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31714 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31715 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Otupsys variant outbound connection (malware-cnc.rules) * 1:31717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.JavaInstaller variant outbound connection attempt (malware-cnc.rules) * 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound communication (malware-cnc.rules)
* 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (malware-cnc.rules) * 1:19429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:26695 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:516 <-> DISABLED <-> PROTOCOL-SNMP NT UserList (protocol-snmp.rules) * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:21996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:1421 <-> DISABLED <-> PROTOCOL-SNMP AgentX/tcp request (protocol-snmp.rules) * 1:1420 <-> DISABLED <-> PROTOCOL-SNMP trap tcp (protocol-snmp.rules) * 1:1419 <-> DISABLED <-> PROTOCOL-SNMP trap udp (protocol-snmp.rules) * 1:1416 <-> DISABLED <-> PROTOCOL-SNMP broadcast trap (protocol-snmp.rules) * 1:1417 <-> DISABLED <-> PROTOCOL-SNMP request udp (protocol-snmp.rules) * 1:1418 <-> DISABLED <-> PROTOCOL-SNMP request tcp (protocol-snmp.rules) * 1:1411 <-> DISABLED <-> PROTOCOL-SNMP public access udp (protocol-snmp.rules) * 1:1415 <-> DISABLED <-> PROTOCOL-SNMP Broadcast request (protocol-snmp.rules) * 1:1413 <-> DISABLED <-> PROTOCOL-SNMP private access udp (protocol-snmp.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:13679 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (malware-cnc.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (malware-cnc.rules) * 1:19716 <-> DISABLED <-> MALWARE-CNC TrojanSpy.Win32.Banker.OO variant outbound connection (malware-cnc.rules) * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of variant outbound connection (malware-cnc.rules) * 1:19753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TrojanSpy.Win32.Zbot.gen.C variant outbound connection (malware-cnc.rules) * 1:19754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection (malware-cnc.rules) * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:19759 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.FireThief.h variant outbound connection (malware-cnc.rules) * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:19781 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Agent.aqpn variant outbound connection (malware-cnc.rules) * 1:19788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.pnc variant outbound connection (malware-cnc.rules) * 1:19799 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.gen.Q variant outbound connection (malware-cnc.rules) * 1:19800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pher.ij variant outbound connection (malware-cnc.rules) * 1:19805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smser.cx variant outbound connection (malware-cnc.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:21632 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:19863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.yi variant outbound connection (malware-cnc.rules) * 1:21945 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:25076 <-> ENABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:21946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:21981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selvice variant outbound connection (malware-cnc.rules) * 1:1427 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-trap-app attempt (protocol-snmp.rules) * 1:21982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insain variant outbound connection (malware-cnc.rules) * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules) * 1:1426 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-req-app attempt (protocol-snmp.rules) * 1:1893 <-> DISABLED <-> PROTOCOL-SNMP missing community string attempt (protocol-snmp.rules) * 1:1892 <-> DISABLED <-> PROTOCOL-SNMP null community string attempt (protocol-snmp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound communication (malware-cnc.rules) * 1:31717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.JavaInstaller variant outbound connection attempt (malware-cnc.rules) * 1:31716 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Otupsys variant outbound connection (malware-cnc.rules) * 1:31715 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31714 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31713 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31712 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules) * 1:31711 <-> DISABLED <-> INDICATOR-COMPROMISE Keylog string over FTP detected (indicator-compromise.rules) * 1:31710 <-> ENABLED <-> BLACKLIST DNS request for known malware domain alquimedes.net - Win.Trojan.Ragua (blacklist.rules) * 1:31709 <-> DISABLED <-> SERVER-OTHER Cougar-LG configuration file access attempt (server-other.rules) * 1:31708 <-> DISABLED <-> SERVER-OTHER Cougar-LG SSH key path access attempt (server-other.rules) * 1:31707 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound communication (malware-cnc.rules) * 1:31705 <-> ENABLED <-> BLACKLIST DNS request for known PUA domain mytransitguide.com - MyTransitGuide Toolbar (blacklist.rules) * 1:31704 <-> DISABLED <-> SERVER-OTHER FCKeditor textinputs cross site scripting attempt (server-other.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules) * 1:31700 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit landing page detection (exploit-kit.rules) * 1:31699 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit encrypted binary download (exploit-kit.rules) * 1:31698 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31697 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31696 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31695 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31694 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound communication (malware-cnc.rules) * 1:31692 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit landing page detected (exploit-kit.rules) * 1:31691 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules) * 1:31690 <-> ENABLED <-> BLACKLIST DNS request for known malware domain managejave.myftp.org - Win.Trojan.Kronos (blacklist.rules)
* 1:1420 <-> DISABLED <-> PROTOCOL-SNMP trap tcp (protocol-snmp.rules) * 1:1421 <-> DISABLED <-> PROTOCOL-SNMP AgentX/tcp request (protocol-snmp.rules) * 1:1419 <-> DISABLED <-> PROTOCOL-SNMP trap udp (protocol-snmp.rules) * 1:1418 <-> DISABLED <-> PROTOCOL-SNMP request tcp (protocol-snmp.rules) * 1:1416 <-> DISABLED <-> PROTOCOL-SNMP broadcast trap (protocol-snmp.rules) * 1:1417 <-> DISABLED <-> PROTOCOL-SNMP request udp (protocol-snmp.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:1415 <-> DISABLED <-> PROTOCOL-SNMP Broadcast request (protocol-snmp.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:1413 <-> DISABLED <-> PROTOCOL-SNMP private access udp (protocol-snmp.rules) * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules) * 1:1411 <-> DISABLED <-> PROTOCOL-SNMP public access udp (protocol-snmp.rules) * 1:12712 <-> DISABLED <-> PROTOCOL-SNMP oversized sysName set request (protocol-snmp.rules) * 1:13679 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:516 <-> DISABLED <-> PROTOCOL-SNMP NT UserList (protocol-snmp.rules) * 1:26695 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Namihno variant outbound request (malware-cnc.rules) * 1:25076 <-> ENABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules) * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules) * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:21996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:21982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insain variant outbound connection (malware-cnc.rules) * 1:21995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:21981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Selvice variant outbound connection (malware-cnc.rules) * 1:21946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21945 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules) * 1:21632 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:19863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.yi variant outbound connection (malware-cnc.rules) * 1:19805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smser.cx variant outbound connection (malware-cnc.rules) * 1:19800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pher.ij variant outbound connection (malware-cnc.rules) * 1:19799 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.gen.Q variant outbound connection (malware-cnc.rules) * 1:19788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.pnc variant outbound connection (malware-cnc.rules) * 1:19781 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Agent.aqpn variant outbound connection (malware-cnc.rules) * 1:19759 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.FireThief.h variant outbound connection (malware-cnc.rules) * 1:19754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection (malware-cnc.rules) * 1:19753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TrojanSpy.Win32.Zbot.gen.C variant outbound connection (malware-cnc.rules) * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of variant outbound connection (malware-cnc.rules) * 1:19716 <-> DISABLED <-> MALWARE-CNC TrojanSpy.Win32.Banker.OO variant outbound connection (malware-cnc.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (malware-cnc.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (malware-cnc.rules) * 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (malware-cnc.rules) * 1:19429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:1893 <-> DISABLED <-> PROTOCOL-SNMP missing community string attempt (protocol-snmp.rules) * 1:1892 <-> DISABLED <-> PROTOCOL-SNMP null community string attempt (protocol-snmp.rules) * 1:1427 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-trap-app attempt (protocol-snmp.rules) * 1:1426 <-> DISABLED <-> PROTOCOL-SNMP PROTOS test-suite-req-app attempt (protocol-snmp.rules) * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
