The VRT has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-flash, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33156 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication (malware-cnc.rules) * 1:33151 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ford-mustang.ro (blacklist.rules) * 1:33152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection attempt (malware-cnc.rules) * 1:33153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection attempt (malware-cnc.rules) * 1:33147 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33148 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33146 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:33106 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33105 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33107 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33108 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33109 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33110 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33111 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33112 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules) * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:33115 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33116 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bf2back.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bfisback.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33119 <-> ENABLED <-> BLACKLIST DNS request for known malware domain binaryfeed.in - Win.Trojan.Mariposa (blacklist.rules) * 1:33120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain booster.estr.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33121 <-> ENABLED <-> BLACKLIST DNS request for known malware domain butterfly.BigMoney.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33123 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33124 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33125 <-> ENABLED <-> BLACKLIST DNS request for known malware domain extraperlo.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33126 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.mobi - Win.Trojan.Mariposa (blacklist.rules) * 1:33127 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33128 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lalundelau.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legion.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33131 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mierda.notengodominio.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33132 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sexme.in - Win.Trojan.Mariposa (blacklist.rules) * 1:33133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.org - Win.Trojan.Mariposa (blacklist.rules) * 1:33135 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33136 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.mobi - Win.Trojan.Mariposa (blacklist.rules) * 1:33137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.us - Win.Trojan.Mariposa (blacklist.rules) * 1:33138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thesexydude.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33155 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33154 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news-bbc.podzone.org - Linux.Trojan.Turla (blacklist.rules) * 1:33139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain youare.sexidude.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hnox.org - Win.Trojan.Mariposa (blacklist.rules) * 1:33141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ronpc.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33150 <-> ENABLED <-> BLACKLIST DNS request for known malware domain okurimono.ina-ka.com (blacklist.rules) * 1:33142 <-> ENABLED <-> BLACKLIST DNS request for known malware domain socksa.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33143 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thepicturehut.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33144 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yougotissuez.com - Win.Trojan.Mariposa (blacklist.rules)
* 1:32990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection attempt (malware-cnc.rules) * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:1546 <-> DISABLED <-> SERVER-WEBAPP Cisco HTTP double-percent DOS attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:33105 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33106 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33107 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33108 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33109 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33110 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33111 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33112 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules) * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:33115 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33116 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bf2back.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bfisback.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33119 <-> ENABLED <-> BLACKLIST DNS request for known malware domain binaryfeed.in - Win.Trojan.Mariposa (blacklist.rules) * 1:33120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain booster.estr.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33121 <-> ENABLED <-> BLACKLIST DNS request for known malware domain butterfly.BigMoney.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33123 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33124 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33125 <-> ENABLED <-> BLACKLIST DNS request for known malware domain extraperlo.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33126 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.mobi - Win.Trojan.Mariposa (blacklist.rules) * 1:33127 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33128 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lalundelau.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legion.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33131 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mierda.notengodominio.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33132 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sexme.in - Win.Trojan.Mariposa (blacklist.rules) * 1:33133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.org - Win.Trojan.Mariposa (blacklist.rules) * 1:33135 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33136 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.mobi - Win.Trojan.Mariposa (blacklist.rules) * 1:33137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.us - Win.Trojan.Mariposa (blacklist.rules) * 1:33138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thesexydude.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain youare.sexidude.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hnox.org - Win.Trojan.Mariposa (blacklist.rules) * 1:33141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ronpc.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33142 <-> ENABLED <-> BLACKLIST DNS request for known malware domain socksa.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33156 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33155 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33154 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news-bbc.podzone.org - Linux.Trojan.Turla (blacklist.rules) * 1:33153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection attempt (malware-cnc.rules) * 1:33152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection attempt (malware-cnc.rules) * 1:33151 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ford-mustang.ro (blacklist.rules) * 1:33150 <-> ENABLED <-> BLACKLIST DNS request for known malware domain okurimono.ina-ka.com (blacklist.rules) * 1:33149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33148 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33147 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication (malware-cnc.rules) * 1:33146 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33144 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yougotissuez.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33143 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thepicturehut.net - Win.Trojan.Mariposa (blacklist.rules)
* 1:32990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection attempt (malware-cnc.rules) * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:1546 <-> DISABLED <-> SERVER-WEBAPP Cisco HTTP double-percent DOS attempt (server-webapp.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33156 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33155 <-> ENABLED <-> OS-WINDOWS CryptProtectMemory Impersonation Check Bypass attempt (os-windows.rules) * 1:33154 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news-bbc.podzone.org - Linux.Trojan.Turla (blacklist.rules) * 1:33153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection attempt (malware-cnc.rules) * 1:33152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection attempt (malware-cnc.rules) * 1:33151 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ford-mustang.ro (blacklist.rules) * 1:33150 <-> ENABLED <-> BLACKLIST DNS request for known malware domain okurimono.ina-ka.com (blacklist.rules) * 1:33149 <-> ENABLED <-> MALWARE-CNC Win.Worm.Ultramine outbound connection (malware-cnc.rules) * 1:33148 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33147 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant SMTP reporting attempt (malware-cnc.rules) * 1:33146 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules) * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound communication (malware-cnc.rules) * 1:33144 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yougotissuez.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33143 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thepicturehut.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33142 <-> ENABLED <-> BLACKLIST DNS request for known malware domain socksa.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33141 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ronpc.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33140 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hnox.org - Win.Trojan.Mariposa (blacklist.rules) * 1:33139 <-> ENABLED <-> BLACKLIST DNS request for known malware domain youare.sexidude.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33138 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thesexydude.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33137 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.us - Win.Trojan.Mariposa (blacklist.rules) * 1:33136 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.mobi - Win.Trojan.Mariposa (blacklist.rules) * 1:33135 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thejacksonfive.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33134 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.org - Win.Trojan.Mariposa (blacklist.rules) * 1:33133 <-> ENABLED <-> BLACKLIST DNS request for known malware domain tamiflux.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33132 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sexme.in - Win.Trojan.Mariposa (blacklist.rules) * 1:33131 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mierda.notengodominio.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33130 <-> ENABLED <-> BLACKLIST DNS request for known malware domain legion.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lalundelau.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33128 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33127 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33126 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gusanodeseda.mobi - Win.Trojan.Mariposa (blacklist.rules) * 1:33125 <-> ENABLED <-> BLACKLIST DNS request for known malware domain extraperlo.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33124 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33123 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.net - Win.Trojan.Mariposa (blacklist.rules) * 1:33122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain defintelsucks.com - Win.Trojan.Mariposa (blacklist.rules) * 1:33121 <-> ENABLED <-> BLACKLIST DNS request for known malware domain butterfly.BigMoney.biz - Win.Trojan.Mariposa (blacklist.rules) * 1:33120 <-> ENABLED <-> BLACKLIST DNS request for known malware domain booster.estr.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33119 <-> ENABLED <-> BLACKLIST DNS request for known malware domain binaryfeed.in - Win.Trojan.Mariposa (blacklist.rules) * 1:33118 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bfisback.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33117 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bf2back.sinip.es - Win.Trojan.Mariposa (blacklist.rules) * 1:33116 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33115 <-> ENABLED <-> BROWSER-IE Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules) * 1:33112 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33111 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33110 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33109 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scale.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33108 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33107 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33106 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33105 <-> DISABLED <-> BROWSER-PLUGINS Honeywell OPOS Suite Scanner.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules) * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
* 1:1546 <-> DISABLED <-> SERVER-WEBAPP Cisco HTTP double-percent DOS attempt (server-webapp.rules) * 1:30990 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:32817 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32818 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules) * 1:32990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection attempt (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
