The VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-plugins, deleted, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, malware-cnc, malware-other, os-windows, policy-other, protocol-scada, pua-adware, pua-toolbars, server-mail, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33546 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Decompressed File object type confusion attempt (file-flash.rules) * 1:33544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33543 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33486 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33511 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33521 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33484 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33512 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33480 <-> ENABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (server-webapp.rules) * 1:33519 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - ALIZER (blacklist.rules) * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules) * 1:33503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33501 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33523 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33485 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33498 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33500 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:33490 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:33487 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33489 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (deleted.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33488 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (deleted.rules) * 1:33491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:33520 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33522 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - DNS Changer (blacklist.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33482 <-> ENABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules) * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33497 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33513 <-> ENABLED <-> BLACKLIST USER-AGENT known malicous user agent string - XAgent - Operation Pawn Storm (blacklist.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33524 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Decompressed File object type confusion attempt (file-flash.rules) * 1:33537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules)
* 1:23880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23881 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23884 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23891 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23892 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23964 <-> ENABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules) * 1:23965 <-> ENABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24149 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24155 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24364 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24367 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24570 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24573 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24581 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24584 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24585 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24650 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24672 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:24762 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24809 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24811 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24882 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24896 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24915 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24981 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24990 <-> ENABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24992 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24993 <-> ENABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:25228 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25460 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader incomplete JP2K image geometry exploit attempt (file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25475 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules) * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25834 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flashplayer sortOn heap overflow attempt (file-flash.rules) * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26496 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26899 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager fakedriver exploit attempt (browser-plugins.rules) * 1:26900 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager exploit attempt (browser-plugins.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules) * 1:33392 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33388 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33390 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33386 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33384 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33380 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33269 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33092 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FlashUtil memory corruption attempt (file-flash.rules) * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:32897 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32896 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32822 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (server-webapp.rules) * 1:32721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules) * 1:32701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32697 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32698 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32696 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32695 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32459 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer clipboardData unauthorized JavaScript read and write attempt (browser-ie.rules) * 1:32461 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPtsTextParaclient out of bounds error remote code execution attempt (browser-ie.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules) * 1:32431 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHeaderElement object use-after-free remote code execution attempt (browser-ie.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules) * 1:32245 <-> ENABLED <-> SERVER-OTHER Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (server-other.rules) * 1:32246 <-> ENABLED <-> SERVER-OTHER Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (server-other.rules) * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28712 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28713 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28714 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28715 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28903 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28908 <-> ENABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28962 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:29000 <-> DISABLED <-> SERVER-WEBAPP Cisco EPC3925 cross site request forgery attempt (server-webapp.rules) * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules) * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29097 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules) * 1:29098 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (browser-plugins.rules) * 1:29099 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules) * 1:29100 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules) * 1:29101 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules) * 1:29102 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (browser-plugins.rules) * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29410 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29527 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29574 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29575 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29576 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29577 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29617 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29668 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos deleted object access attempt (browser-ie.rules) * 1:29681 <-> ENABLED <-> BROWSER-PLUGINS Microsoft XML Core Services same origin policy bypass attempt (browser-plugins.rules) * 1:29710 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer fontFamily attribute deleted object access memory corruption attempt (browser-ie.rules) * 1:29742 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29933 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29934 <-> ENABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:29955 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting (server-webapp.rules) * 1:29956 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget POST request cross-site scripting (server-webapp.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:30145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ruby text tag heap-based buffer overflow attempt (browser-ie.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30320 <-> ENABLED <-> BLACKLIST Connection to malware sinkhole (blacklist.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt (browser-ie.rules) * 1:31285 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules) * 1:31389 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer improper object cast memory corruption attempt (browser-ie.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31582 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules) * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:31583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules) * 1:31585 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt (browser-ie.rules) * 1:31610 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31611 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup insertMarquee use after free attempt (browser-ie.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:31671 <-> ENABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31707 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31800 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell Use After Free exploit attempt (browser-ie.rules) * 1:31810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer integer overflow exploit attempt (browser-ie.rules) * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:23867 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:33463 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:33462 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:33461 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:33402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33400 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:23865 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:33396 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:23871 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:15481 <-> ENABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:19257 <-> ENABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:14037 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:14038 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:13679 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:18768 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:16289 <-> ENABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:23611 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules) * 1:33394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:23869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23875 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TrueType font corrupt header attempt (file-pdf.rules) * 1:24365 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24511 <-> ENABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24582 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24703 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24986 <-> ENABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:25298 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25833 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26665 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules) * 1:27742 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules) * 1:27743 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:28126 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX clsid access (browser-plugins.rules) * 1:28127 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX function call access (browser-plugins.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules) * 1:28495 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand CTreePos memory corruption attempt (browser-ie.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33546 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33543 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules) * 1:33542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules) * 1:33541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules) * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Decompressed File object type confusion attempt (file-flash.rules) * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Decompressed File object type confusion attempt (file-flash.rules) * 1:33538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules) * 1:33536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules) * 1:33534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules) * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules) * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules) * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules) * 1:33524 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33523 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules) * 1:33522 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - DNS Changer (blacklist.rules) * 1:33521 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules) * 1:33520 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules) * 1:33519 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - ALIZER (blacklist.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (server-webapp.rules) * 1:33513 <-> ENABLED <-> BLACKLIST USER-AGENT known malicous user agent string - XAgent - Operation Pawn Storm (blacklist.rules) * 1:33512 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33511 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules) * 1:33508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules) * 1:33504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33501 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules) * 1:33500 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33498 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33497 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules) * 1:33496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules) * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:33491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:33490 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:33489 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (deleted.rules) * 1:33488 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (deleted.rules) * 1:33487 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33486 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33485 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33484 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules) * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules) * 1:33482 <-> ENABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules) * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules) * 1:33480 <-> ENABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules)
* 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules) * 1:33463 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:33462 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:33461 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules) * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules) * 1:33410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33400 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33396 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33392 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33390 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33388 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33386 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33384 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33380 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33269 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules) * 1:33092 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FlashUtil memory corruption attempt (file-flash.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:32897 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32896 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules) * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules) * 1:32822 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules) * 1:32785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules) * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules) * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (server-webapp.rules) * 1:32721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules) * 1:32702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32698 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32697 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32696 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32695 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules) * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules) * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules) * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules) * 1:32461 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPtsTextParaclient out of bounds error remote code execution attempt (browser-ie.rules) * 1:32459 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer clipboardData unauthorized JavaScript read and write attempt (browser-ie.rules) * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Word fcPlfguidUim out-of-bounds attempt (file-office.rules) * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules) * 1:32431 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHeaderElement object use-after-free remote code execution attempt (browser-ie.rules) * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules) * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules) * 1:32246 <-> ENABLED <-> SERVER-OTHER Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (server-other.rules) * 1:32245 <-> ENABLED <-> SERVER-OTHER Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (server-other.rules) * 1:32158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules) * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules) * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules) * 1:31810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer integer overflow exploit attempt (browser-ie.rules) * 1:31800 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell Use After Free exploit attempt (browser-ie.rules) * 1:31750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules) * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules) * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules) * 1:31707 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules) * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules) * 1:31671 <-> ENABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules) * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules) * 1:31630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup insertMarquee use after free attempt (browser-ie.rules) * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules) * 1:31611 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31610 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules) * 1:31585 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt (browser-ie.rules) * 1:31583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules) * 1:31582 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:31389 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer improper object cast memory corruption attempt (browser-ie.rules) * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules) * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31285 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt (browser-ie.rules) * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules) * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules) * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules) * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:30320 <-> ENABLED <-> BLACKLIST Connection to malware sinkhole (blacklist.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ruby text tag heap-based buffer overflow attempt (browser-ie.rules) * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules) * 1:29956 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget POST request cross-site scripting (server-webapp.rules) * 1:29955 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting (server-webapp.rules) * 1:29934 <-> ENABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules) * 1:29933 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules) * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules) * 1:29742 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules) * 1:29710 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer fontFamily attribute deleted object access memory corruption attempt (browser-ie.rules) * 1:29681 <-> ENABLED <-> BROWSER-PLUGINS Microsoft XML Core Services same origin policy bypass attempt (browser-plugins.rules) * 1:29668 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos deleted object access attempt (browser-ie.rules) * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules) * 1:29617 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29577 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29576 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29575 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29574 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29527 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29410 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29102 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (browser-plugins.rules) * 1:29101 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules) * 1:29100 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules) * 1:29099 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules) * 1:29098 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (browser-plugins.rules) * 1:29097 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules) * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules) * 1:29000 <-> DISABLED <-> SERVER-WEBAPP Cisco EPC3925 cross site request forgery attempt (server-webapp.rules) * 1:28962 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:28908 <-> ENABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28907 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28903 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28715 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28714 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28713 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28712 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules) * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules) * 1:28547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules) * 1:28495 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand CTreePos memory corruption attempt (browser-ie.rules) * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules) * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28127 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX function call access (browser-plugins.rules) * 1:28126 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX clsid access (browser-plugins.rules) * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:27754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27743 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules) * 1:27742 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules) * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules) * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules) * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules) * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules) * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules) * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26900 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager exploit attempt (browser-plugins.rules) * 1:26899 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager fakedriver exploit attempt (browser-plugins.rules) * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules) * 1:26665 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26496 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flashplayer sortOn heap overflow attempt (file-flash.rules) * 1:25835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules) * 1:25834 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25833 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules) * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules) * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules) * 1:25475 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules) * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules) * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules) * 1:25460 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader incomplete JP2K image geometry exploit attempt (file-pdf.rules) * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules) * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules) * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25298 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25228 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules) * 1:24993 <-> ENABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:24992 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules) * 1:24990 <-> ENABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules) * 1:24983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24986 <-> ENABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules) * 1:24981 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules) * 1:24915 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24896 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules) * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules) * 1:24882 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules) * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24811 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules) * 1:24809 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules) * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24762 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24672 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:24703 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24650 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules) * 1:24585 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24584 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24582 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules) * 1:24581 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules) * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24573 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24570 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24511 <-> ENABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules) * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules) * 1:24367 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules) * 1:24364 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24365 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules) * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24155 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules) * 1:24153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules) * 1:24151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TrueType font corrupt header attempt (file-pdf.rules) * 1:24149 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules) * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23965 <-> ENABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules) * 1:23964 <-> ENABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules) * 1:23892 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23891 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23884 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules) * 1:23881 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23875 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules) * 1:23871 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23867 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules) * 1:23865 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules) * 1:23611 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:19257 <-> ENABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:18768 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:16289 <-> ENABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:15481 <-> ENABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules) * 1:14038 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:14037 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13679 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules)