The VRT has added and modified multiple rules in the blacklist, browser-ie, file-other, file-pdf, malware-cnc, os-other, pua-adware, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:25618 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25612 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25617 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25601 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25589 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound communication (malware-cnc.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection attempt (malware-cnc.rules) * 1:32309 <-> ENABLED <-> BLACKLIST DNS request for known malware domain good.myftp.org - Win.Trojan.Farfi (blacklist.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32300 <-> ENABLED <-> BLACKLIST DNS request for known malware domain organfriandpopul.su - Win.Trojan.Waski (blacklist.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32299 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jollyhollypanzer.com - Win.Trojan.Waski (blacklist.rules) * 1:32297 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cemotrans.com - Win.Trojan.Waski (blacklist.rules) * 1:32298 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cryptdice.com - Win.Trojan.Waski (blacklist.rules) * 1:32295 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string http - Win.Trojan.Waski (blacklist.rules) * 1:32296 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string update - Win.Trojan.Waski (blacklist.rules) * 1:32294 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent BloodguyBrowser-_- (blacklist.rules) * 1:32293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection attempt (malware-cnc.rules) * 1:32292 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32288 <-> ENABLED <-> BLACKLIST DNS request for known malware domain royalgourp.org (blacklist.rules) * 1:32287 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32286 <-> ENABLED <-> BLACKLIST DNS request for known malware domain test.hoseen454r.com - Win.Trojan.Sapertilz (blacklist.rules) * 1:32285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32284 <-> DISABLED <-> DELETED MALWARE-CNC Win.Trojan.Gresim variant outbound connection (deleted.rules) * 1:32283 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.winxps.com - Win.Trojan.Gresim (blacklist.rules) * 1:32282 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.webok.net - Win.Trojan.Gresim (blacklist.rules) * 1:32281 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.geekgalaxy.com - Win.Trojan.Gresim (blacklist.rules) * 1:32280 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.eatuo.com - Win.Trojan.Gresim (blacklist.rules) * 1:32279 <-> ENABLED <-> BLACKLIST DNS request for known malware domain revjj.syshell.org - Win.Trojan.Gresim (blacklist.rules) * 1:32278 <-> ENABLED <-> BLACKLIST DNS request for known malware domain images.iphone-android-mobile.com - Win.Trojan.Gresim (blacklist.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32276 <-> DISABLED <-> SERVER-WEBAPP WordPress Infusionsoft Gravity Forms Plugin arbitrary code execution attempt (server-webapp.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32272 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spamnost variant outbound connection (malware-cnc.rules) * 1:32271 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cache.bsqlserver.com - Win.Trojan.Hesechca (blacklist.rules) * 1:32270 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32268 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:30742 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30741 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30740 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30739 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30738 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30737 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30736 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30735 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30734 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30733 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:25619 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:30732 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:25620 <-> ENABLED <-> SERVER-OTHER libupnp command buffer overflow attempt (server-other.rules) * 1:25550 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:30731 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:25664 <-> DISABLED <-> SERVER-OTHER MiniUPnPd SSDP request buffer overflow attempt (server-other.rules) * 1:30730 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30729 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30728 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30727 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:25549 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules)
* 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:32186 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32187 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:26564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32268 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32270 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32271 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cache.bsqlserver.com - Win.Trojan.Hesechca (blacklist.rules) * 1:32272 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spamnost variant outbound connection (malware-cnc.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32276 <-> DISABLED <-> SERVER-WEBAPP WordPress Infusionsoft Gravity Forms Plugin arbitrary code execution attempt (server-webapp.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32278 <-> ENABLED <-> BLACKLIST DNS request for known malware domain images.iphone-android-mobile.com - Win.Trojan.Gresim (blacklist.rules) * 1:32279 <-> ENABLED <-> BLACKLIST DNS request for known malware domain revjj.syshell.org - Win.Trojan.Gresim (blacklist.rules) * 1:32281 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.geekgalaxy.com - Win.Trojan.Gresim (blacklist.rules) * 1:32280 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.eatuo.com - Win.Trojan.Gresim (blacklist.rules) * 1:32282 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.webok.net - Win.Trojan.Gresim (blacklist.rules) * 1:32283 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.winxps.com - Win.Trojan.Gresim (blacklist.rules) * 1:32284 <-> DISABLED <-> DELETED MALWARE-CNC Win.Trojan.Gresim variant outbound connection (deleted.rules) * 1:32286 <-> ENABLED <-> BLACKLIST DNS request for known malware domain test.hoseen454r.com - Win.Trojan.Sapertilz (blacklist.rules) * 1:32285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32287 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32288 <-> ENABLED <-> BLACKLIST DNS request for known malware domain royalgourp.org (blacklist.rules) * 1:32289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32292 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection attempt (malware-cnc.rules) * 1:32294 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent BloodguyBrowser-_- (blacklist.rules) * 1:32295 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string http - Win.Trojan.Waski (blacklist.rules) * 1:32296 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string update - Win.Trojan.Waski (blacklist.rules) * 1:32297 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cemotrans.com - Win.Trojan.Waski (blacklist.rules) * 1:32298 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cryptdice.com - Win.Trojan.Waski (blacklist.rules) * 1:32299 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jollyhollypanzer.com - Win.Trojan.Waski (blacklist.rules) * 1:32300 <-> ENABLED <-> BLACKLIST DNS request for known malware domain organfriandpopul.su - Win.Trojan.Waski (blacklist.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound communication (malware-cnc.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection attempt (malware-cnc.rules) * 1:32309 <-> ENABLED <-> BLACKLIST DNS request for known malware domain good.myftp.org - Win.Trojan.Farfi (blacklist.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules)
* 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:26564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:32186 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32187 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32312 <-> DISABLED <-> MALWARE-CNC FrameworkPOS data exfiltration through DNS - beacon message (malware-cnc.rules) * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound communication (malware-cnc.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection attempt (malware-cnc.rules) * 1:32309 <-> ENABLED <-> BLACKLIST DNS request for known malware domain good.myftp.org - Win.Trojan.Farfi (blacklist.rules) * 1:32308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32307 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32304 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32303 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32302 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32301 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32300 <-> ENABLED <-> BLACKLIST DNS request for known malware domain organfriandpopul.su - Win.Trojan.Waski (blacklist.rules) * 1:32299 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jollyhollypanzer.com - Win.Trojan.Waski (blacklist.rules) * 1:32298 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cryptdice.com - Win.Trojan.Waski (blacklist.rules) * 1:32297 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cemotrans.com - Win.Trojan.Waski (blacklist.rules) * 1:32296 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string update - Win.Trojan.Waski (blacklist.rules) * 1:32295 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string http - Win.Trojan.Waski (blacklist.rules) * 1:32294 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent BloodguyBrowser-_- (blacklist.rules) * 1:32293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection attempt (malware-cnc.rules) * 1:32292 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32291 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker download detected (malware-cnc.rules) * 1:32288 <-> ENABLED <-> BLACKLIST DNS request for known malware domain royalgourp.org (blacklist.rules) * 1:32287 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sapertilz variant outbound connection (malware-cnc.rules) * 1:32286 <-> ENABLED <-> BLACKLIST DNS request for known malware domain test.hoseen454r.com - Win.Trojan.Sapertilz (blacklist.rules) * 1:32285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zoxpng variant outbound connection (malware-cnc.rules) * 1:32284 <-> DISABLED <-> DELETED MALWARE-CNC Win.Trojan.Gresim variant outbound connection (deleted.rules) * 1:32283 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.winxps.com - Win.Trojan.Gresim (blacklist.rules) * 1:32282 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.webok.net - Win.Trojan.Gresim (blacklist.rules) * 1:32281 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.geekgalaxy.com - Win.Trojan.Gresim (blacklist.rules) * 1:32280 <-> ENABLED <-> BLACKLIST DNS request for known malware domain war.eatuo.com - Win.Trojan.Gresim (blacklist.rules) * 1:32279 <-> ENABLED <-> BLACKLIST DNS request for known malware domain revjj.syshell.org - Win.Trojan.Gresim (blacklist.rules) * 1:32278 <-> ENABLED <-> BLACKLIST DNS request for known malware domain images.iphone-android-mobile.com - Win.Trojan.Gresim (blacklist.rules) * 1:32277 <-> DISABLED <-> SERVER-OTHER Novell ZENworks PreBoot directory traversal attempt (server-other.rules) * 1:32276 <-> DISABLED <-> SERVER-WEBAPP WordPress Infusionsoft Gravity Forms Plugin arbitrary code execution attempt (server-webapp.rules) * 1:32275 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32274 <-> DISABLED <-> OS-MOBILE Apple iOS 8.x jailbreak download attempt (os-mobile.rules) * 1:32273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spamnost variant outbound connection (malware-cnc.rules) * 1:32272 <-> ENABLED <-> MALWARE-CNC WIN.Trojan.Hesechca variant outbound connection (malware-cnc.rules) * 1:32271 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cache.bsqlserver.com - Win.Trojan.Hesechca (blacklist.rules) * 1:32270 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:32269 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules) * 1:32268 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php install license command injection attempt (server-webapp.rules)
* 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:26564 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:32186 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:32187 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
