The VRT has added and modified multiple rules in the blacklist, exploit-kit, file-java, malware-cnc, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31928 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection attempt (malware-cnc.rules) * 1:31931 <-> ENABLED <-> BLACKLIST DNS request for known malware domain adawareblock.com - Win.Trojan.Xagent (blacklist.rules) * 1:31966 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound communication (malware-cnc.rules) * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31940 <-> DISABLED <-> SERVER-WEBAPP password sent via URL parameter (server-webapp.rules) * 1:31941 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection attempt (malware-cnc.rules) * 1:31937 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsofi.org - Win.Trojan.Xagent (blacklist.rules) * 1:31939 <-> DISABLED <-> SERVER-WEBAPP password sent via POST parameter (server-webapp.rules) * 1:31936 <-> ENABLED <-> BLACKLIST DNS request for known malware domain testservice24.net - Win.Trojan.Xagent (blacklist.rules) * 1:31933 <-> ENABLED <-> BLACKLIST DNS request for known malware domain scanmalware.info - Win.Trojan.Xagent (blacklist.rules) * 1:31934 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatepc.org - Win.Trojan.Xagent (blacklist.rules) * 1:31930 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection attempt (malware-cnc.rules) * 1:31932 <-> ENABLED <-> BLACKLIST DNS request for known malware domain checkmalware.info - Win.Trojan.Xagent (blacklist.rules) * 1:31970 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit redirection attempt (exploit-kit.rules) * 1:31971 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit multiple exploit download request (exploit-kit.rules) * 1:31972 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31935 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatesoftware24.com - Win.Trojan.Xagent (blacklist.rules) * 1:31938 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsof-update.com - Win.Trojan.Xagent (blacklist.rules) * 1:31968 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit Adobe Flash exploit payload request (exploit-kit.rules) * 1:31967 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31969 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload request (exploit-kit.rules) * 1:31943 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope EmailServlet directory traversal attempt (server-webapp.rules) * 1:31947 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - HttpCall - Win.Trojan.Rukypee (blacklist.rules) * 1:31948 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyProgramm - Win.Trojan.Rukypee (blacklist.rules) * 1:31949 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - Skypee - Win.Trojan.Rukypee (blacklist.rules) * 1:31950 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahmedfaiez.info - Win.Trojan.Rukypee (blacklist.rules) * 1:31951 <-> ENABLED <-> BLACKLIST DNS request for known malware domain flushupate.com - Win.Trojan.Rukypee (blacklist.rules) * 1:31952 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pstcmedia.com - Win.Trojan.Rukypee (blacklist.rules) * 1:31954 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules) * 1:31957 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection attempt (malware-cnc.rules) * 1:31958 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ambi.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31959 <-> ENABLED <-> BLACKLIST DNS request for known malware domain edal.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31962 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sted.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31961 <-> ENABLED <-> BLACKLIST DNS request for known malware domain modern-shipping.biz - Win.Trojan.Caphaw (blacklist.rules) * 1:31960 <-> ENABLED <-> BLACKLIST DNS request for known malware domain express-shippingus.net - Win.Trojan.Caphaw (blacklist.rules) * 1:31965 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit landing page (exploit-kit.rules) * 1:31963 <-> ENABLED <-> BLACKLIST DNS request for known malware domain useushippinginc.com - Win.Trojan.Caphaw (blacklist.rules) * 1:31974 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection attempt (malware-cnc.rules) * 1:31953 <-> ENABLED <-> BLACKLIST DNS request for known malware domain companies-search.com - Win.Trojan.Ezbro (blacklist.rules) * 1:31964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
* 1:25136 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection (exploit-kit.rules) * 1:30060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules) * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules) * 1:26350 <-> ENABLED <-> EXPLOIT-KIT TDS redirection - may lead to exploit kit (exploit-kit.rules) * 1:29871 <-> ENABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:26011 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26010 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:18743 <-> DISABLED <-> SERVER-WEBAPP VLC player web interface format string attack (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound communication (malware-cnc.rules) * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31940 <-> DISABLED <-> SERVER-WEBAPP password sent via URL parameter (server-webapp.rules) * 1:31941 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection attempt (malware-cnc.rules) * 1:31937 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsofi.org - Win.Trojan.Xagent (blacklist.rules) * 1:31939 <-> DISABLED <-> SERVER-WEBAPP password sent via POST parameter (server-webapp.rules) * 1:31936 <-> ENABLED <-> BLACKLIST DNS request for known malware domain testservice24.net - Win.Trojan.Xagent (blacklist.rules) * 1:31934 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatepc.org - Win.Trojan.Xagent (blacklist.rules) * 1:31933 <-> ENABLED <-> BLACKLIST DNS request for known malware domain scanmalware.info - Win.Trojan.Xagent (blacklist.rules) * 1:31930 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31928 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection attempt (malware-cnc.rules) * 1:31931 <-> ENABLED <-> BLACKLIST DNS request for known malware domain adawareblock.com - Win.Trojan.Xagent (blacklist.rules) * 1:31932 <-> ENABLED <-> BLACKLIST DNS request for known malware domain checkmalware.info - Win.Trojan.Xagent (blacklist.rules) * 1:31935 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatesoftware24.com - Win.Trojan.Xagent (blacklist.rules) * 1:31938 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsof-update.com - Win.Trojan.Xagent (blacklist.rules) * 1:31943 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope EmailServlet directory traversal attempt (server-webapp.rules) * 1:31947 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - HttpCall - Win.Trojan.Rukypee (blacklist.rules) * 1:31948 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyProgramm - Win.Trojan.Rukypee (blacklist.rules) * 1:31949 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - Skypee - Win.Trojan.Rukypee (blacklist.rules) * 1:31950 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahmedfaiez.info - Win.Trojan.Rukypee (blacklist.rules) * 1:31951 <-> ENABLED <-> BLACKLIST DNS request for known malware domain flushupate.com - Win.Trojan.Rukypee (blacklist.rules) * 1:31952 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pstcmedia.com - Win.Trojan.Rukypee (blacklist.rules) * 1:31953 <-> ENABLED <-> BLACKLIST DNS request for known malware domain companies-search.com - Win.Trojan.Ezbro (blacklist.rules) * 1:31954 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31955 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules) * 1:31957 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection attempt (malware-cnc.rules) * 1:31958 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ambi.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31959 <-> ENABLED <-> BLACKLIST DNS request for known malware domain edal.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31960 <-> ENABLED <-> BLACKLIST DNS request for known malware domain express-shippingus.net - Win.Trojan.Caphaw (blacklist.rules) * 1:31961 <-> ENABLED <-> BLACKLIST DNS request for known malware domain modern-shipping.biz - Win.Trojan.Caphaw (blacklist.rules) * 1:31962 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sted.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31963 <-> ENABLED <-> BLACKLIST DNS request for known malware domain useushippinginc.com - Win.Trojan.Caphaw (blacklist.rules) * 1:31974 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection attempt (malware-cnc.rules) * 1:31973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection attempt (malware-cnc.rules) * 1:31972 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31971 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit multiple exploit download request (exploit-kit.rules) * 1:31970 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit redirection attempt (exploit-kit.rules) * 1:31969 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload request (exploit-kit.rules) * 1:31966 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31967 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31968 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit Adobe Flash exploit payload request (exploit-kit.rules) * 1:31964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31965 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit landing page (exploit-kit.rules)
* 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules) * 1:30060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules) * 1:29871 <-> ENABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:26350 <-> ENABLED <-> EXPLOIT-KIT TDS redirection - may lead to exploit kit (exploit-kit.rules) * 1:26010 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:25136 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection (exploit-kit.rules) * 1:18743 <-> DISABLED <-> SERVER-WEBAPP VLC player web interface format string attack (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31974 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection attempt (malware-cnc.rules) * 1:31973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection attempt (malware-cnc.rules) * 1:31972 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31971 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit multiple exploit download request (exploit-kit.rules) * 1:31970 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit redirection attempt (exploit-kit.rules) * 1:31969 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload request (exploit-kit.rules) * 1:31968 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit Adobe Flash exploit payload request (exploit-kit.rules) * 1:31967 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31966 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit payload delivery (exploit-kit.rules) * 1:31965 <-> ENABLED <-> EXPLOIT-KIT Astrum exploit kit landing page (exploit-kit.rules) * 1:31964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:31963 <-> ENABLED <-> BLACKLIST DNS request for known malware domain useushippinginc.com - Win.Trojan.Caphaw (blacklist.rules) * 1:31962 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sted.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31961 <-> ENABLED <-> BLACKLIST DNS request for known malware domain modern-shipping.biz - Win.Trojan.Caphaw (blacklist.rules) * 1:31960 <-> ENABLED <-> BLACKLIST DNS request for known malware domain express-shippingus.net - Win.Trojan.Caphaw (blacklist.rules) * 1:31959 <-> ENABLED <-> BLACKLIST DNS request for known malware domain edal.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31958 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ambi.cc - Win.Trojan.Caphaw (blacklist.rules) * 1:31957 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection attempt (malware-cnc.rules) * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules) * 1:31955 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31954 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ezbro variant outbound connection (malware-cnc.rules) * 1:31953 <-> ENABLED <-> BLACKLIST DNS request for known malware domain companies-search.com - Win.Trojan.Ezbro (blacklist.rules) * 1:31952 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pstcmedia.com - Win.Trojan.Rukypee (blacklist.rules) * 1:31951 <-> ENABLED <-> BLACKLIST DNS request for known malware domain flushupate.com - Win.Trojan.Rukypee (blacklist.rules) * 1:31950 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahmedfaiez.info - Win.Trojan.Rukypee (blacklist.rules) * 1:31949 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - Skypee - Win.Trojan.Rukypee (blacklist.rules) * 1:31948 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyProgramm - Win.Trojan.Rukypee (blacklist.rules) * 1:31947 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - HttpCall - Win.Trojan.Rukypee (blacklist.rules) * 1:31946 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules) * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound communication (malware-cnc.rules) * 1:31943 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope EmailServlet directory traversal attempt (server-webapp.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31941 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection attempt (malware-cnc.rules) * 1:31940 <-> DISABLED <-> SERVER-WEBAPP password sent via URL parameter (server-webapp.rules) * 1:31939 <-> DISABLED <-> SERVER-WEBAPP password sent via POST parameter (server-webapp.rules) * 1:31938 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsof-update.com - Win.Trojan.Xagent (blacklist.rules) * 1:31937 <-> ENABLED <-> BLACKLIST DNS request for known malware domain microsofi.org - Win.Trojan.Xagent (blacklist.rules) * 1:31936 <-> ENABLED <-> BLACKLIST DNS request for known malware domain testservice24.net - Win.Trojan.Xagent (blacklist.rules) * 1:31935 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatesoftware24.com - Win.Trojan.Xagent (blacklist.rules) * 1:31934 <-> ENABLED <-> BLACKLIST DNS request for known malware domain updatepc.org - Win.Trojan.Xagent (blacklist.rules) * 1:31933 <-> ENABLED <-> BLACKLIST DNS request for known malware domain scanmalware.info - Win.Trojan.Xagent (blacklist.rules) * 1:31932 <-> ENABLED <-> BLACKLIST DNS request for known malware domain checkmalware.info - Win.Trojan.Xagent (blacklist.rules) * 1:31931 <-> ENABLED <-> BLACKLIST DNS request for known malware domain adawareblock.com - Win.Trojan.Xagent (blacklist.rules) * 1:31930 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31929 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kanav variant outbound connection (malware-cnc.rules) * 1:31928 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection attempt (malware-cnc.rules)
* 1:18743 <-> DISABLED <-> SERVER-WEBAPP VLC player web interface format string attack (server-webapp.rules) * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:25136 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit plugin detection connection (exploit-kit.rules) * 1:26010 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26011 <-> ENABLED <-> MALWARE-CNC CNC Dirtjumper variant outbound connection (malware-cnc.rules) * 1:26350 <-> ENABLED <-> EXPLOIT-KIT TDS redirection - may lead to exploit kit (exploit-kit.rules) * 1:29871 <-> ENABLED <-> SERVER-ORACLE Oracle Reports server remote code execution attempt (server-oracle.rules) * 1:30060 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules) * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
