The VRT has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-flash, file-image, file-pdf, malware-cnc, malware-other and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32791 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection attempt (malware-cnc.rules) * 1:32779 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.web.lookin.at - Win.Backdoor.Eskaetee variant (blacklist.rules) * 1:32780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection attempt (malware-cnc.rules) * 1:32781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32800 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32803 <-> ENABLED <-> EXPLOIT-KIT CK exploit kit landing page (exploit-kit.rules) * 1:32805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32804 <-> ENABLED <-> EXPLOIT-KIT CK exploit kit landing page (exploit-kit.rules) * 1:32806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32811 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32821 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32822 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection attempt (malware-cnc.rules) * 1:32824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbount connection attempt (malware-cnc.rules) * 1:32825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection attempt (malware-cnc.rules) * 1:32784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32827 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules)
* 1:32472 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:26924 <-> ENABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:21534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Stage3D null dereference attempt (file-flash.rules) * 1:32473 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:21533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Stage3D null dereference attempt (file-flash.rules) * 1:21535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:32470 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32471 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32791 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection attempt (malware-cnc.rules) * 1:32779 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.web.lookin.at - Win.Backdoor.Eskaetee variant (blacklist.rules) * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection attempt (malware-cnc.rules) * 1:32780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32800 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32803 <-> ENABLED <-> EXPLOIT-KIT CK exploit kit landing page (exploit-kit.rules) * 1:32804 <-> ENABLED <-> EXPLOIT-KIT CK exploit kit landing page (exploit-kit.rules) * 1:32805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32811 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32821 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32822 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection attempt (malware-cnc.rules) * 1:32824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbount connection attempt (malware-cnc.rules) * 1:32825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection attempt (malware-cnc.rules) * 1:32784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32827 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules)
* 1:32473 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:21533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:26924 <-> ENABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:21536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Stage3D null dereference attempt (file-flash.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:32470 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32471 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32472 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:32839 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32838 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ANTrustPropgateAll privilege propagation attempt (file-pdf.rules) * 1:32837 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32836 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32835 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32834 <-> ENABLED <-> FILE-PDF Adobe Reader embedded font type max subroutine buffer overflow attempt (file-pdf.rules) * 1:32833 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32832 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32831 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32830 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32829 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32828 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32827 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel response connection attempt (malware-cnc.rules) * 1:32826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel data upload attempt (malware-cnc.rules) * 1:32825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection attempt (malware-cnc.rules) * 1:32824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbount connection attempt (malware-cnc.rules) * 1:32823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection attempt (malware-cnc.rules) * 1:32822 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32821 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32820 <-> ENABLED <-> FILE-PDF Adobe Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32819 <-> ENABLED <-> FILE-PDF Adobe Reader JBIG2 row out of bounds memory corruption attempt (file-pdf.rules) * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32816 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32815 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32814 <-> ENABLED <-> FILE-PDF Adobe Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32813 <-> ENABLED <-> FILE-PDF Adobe Reader malformed U3D object use after free attempt (file-pdf.rules) * 1:32812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32811 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex buffer overflow attempt (file-flash.rules) * 1:32804 <-> ENABLED <-> EXPLOIT-KIT CK exploit kit landing page (exploit-kit.rules) * 1:32803 <-> ENABLED <-> EXPLOIT-KIT CK exploit kit landing page (exploit-kit.rules) * 1:32802 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32801 <-> DISABLED <-> FILE-FLASH Adobe Flash Player orphaning MP3 crash attempt (file-flash.rules) * 1:32800 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32798 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32797 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XFA loadXML escape attempt (file-pdf.rules) * 1:32796 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32795 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D light resource orphaned array use after free attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection attempt (malware-cnc.rules) * 1:32791 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection attempt (malware-cnc.rules) * 1:32790 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32789 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32788 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32787 <-> DISABLED <-> FILE-PDF Adobe Acrobot Reader privileged JavaScript execution attempt (file-pdf.rules) * 1:32786 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:32785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32781 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32780 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Eskaetee outbound connection (malware-cnc.rules) * 1:32779 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.web.lookin.at - Win.Backdoor.Eskaetee variant (blacklist.rules)
* 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:21533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Stage3D null dereference attempt (file-flash.rules) * 1:21534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21535 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Matrix3D.copyRawDataFrom buffer overflow attempt (file-flash.rules) * 1:21536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Actionscript Stage3D null dereference attempt (file-flash.rules) * 1:26924 <-> ENABLED <-> MALWARE-CNC Potential Gozi Trojan HTTP Header Structure (malware-cnc.rules) * 1:30946 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Wysotot variant download attempt (malware-other.rules) * 1:31489 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31490 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31491 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:31494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player security sandbox bypass attempt (file-flash.rules) * 1:32470 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32471 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32472 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:32473 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
