Talos has added and modified multiple rules in the blacklist, browser-chrome, browser-ie, exploit-kit, file-flash, file-other, file-pdf, malware-cnc, malware-other, policy-other, protocol-ftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection attempt (malware-cnc.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33979 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33942 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33937 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33932 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection attempt (malware-cnc.rules) * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection attempt (malware-cnc.rules) * 1:33930 <-> ENABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33938 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS send_test_email command injection attempt (server-webapp.rules) * 1:33936 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33935 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin privilege escalation attempt (server-webapp.rules) * 1:33934 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin directory traversal attempt (server-webapp.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33975 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF object type mismatch attempt (file-flash.rules) * 1:33976 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF object type mismatch attempt (file-flash.rules) * 1:33968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33967 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33971 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33969 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33970 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33974 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33973 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33972 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33965 <-> DISABLED <-> BLACKLIST DNS request for known malware domain synergy-dev.sytes.net - Worm.MSIL.Mafusc.A (blacklist.rules) * 1:33978 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt (file-flash.rules) * 1:33977 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt (file-flash.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
* 1:23258 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:33435 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:820 <-> DISABLED <-> SERVER-WEBAPP anaconda directory traversal attempt (server-webapp.rules) * 1:360 <-> DISABLED <-> PROTOCOL-FTP serv-u directory traversal (protocol-ftp.rules) * 1:26704 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:27908 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:23259 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:33432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:27909 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules) * 1:33433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:2125 <-> DISABLED <-> PROTOCOL-FTP CWD Root directory traversal attempt (protocol-ftp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33937 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33938 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS send_test_email command injection attempt (server-webapp.rules) * 1:33935 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin privilege escalation attempt (server-webapp.rules) * 1:33936 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection attempt (malware-cnc.rules) * 1:33934 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin directory traversal attempt (server-webapp.rules) * 1:33932 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection attempt (malware-cnc.rules) * 1:33930 <-> ENABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33942 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection attempt (malware-cnc.rules) * 1:33965 <-> DISABLED <-> BLACKLIST DNS request for known malware domain synergy-dev.sytes.net - Worm.MSIL.Mafusc.A (blacklist.rules) * 1:33967 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33969 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33971 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33970 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33972 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33973 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33974 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33976 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF object type mismatch attempt (file-flash.rules) * 1:33975 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF object type mismatch attempt (file-flash.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:33980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33979 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules) * 1:33977 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt (file-flash.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33978 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt (file-flash.rules)
* 1:820 <-> DISABLED <-> SERVER-WEBAPP anaconda directory traversal attempt (server-webapp.rules) * 1:360 <-> DISABLED <-> PROTOCOL-FTP serv-u directory traversal (protocol-ftp.rules) * 1:33435 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:27908 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27909 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:33228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules) * 1:2125 <-> DISABLED <-> PROTOCOL-FTP CWD Root directory traversal attempt (protocol-ftp.rules) * 1:23258 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:23259 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:26704 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules) * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules) * 1:33980 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33979 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules) * 1:33978 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt (file-flash.rules) * 1:33977 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sandbox escape attempt (file-flash.rules) * 1:33976 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF object type mismatch attempt (file-flash.rules) * 1:33975 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF object type mismatch attempt (file-flash.rules) * 1:33974 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33973 <-> ENABLED <-> FILE-FLASH Adobe Flash Player compressed file cross domain policy bypass attempt (file-flash.rules) * 1:33972 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33971 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross domain policy bypass attempt (file-flash.rules) * 1:33970 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33969 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33968 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33967 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection attempt (malware-cnc.rules) * 1:33965 <-> DISABLED <-> BLACKLIST DNS request for known malware domain synergy-dev.sytes.net - Worm.MSIL.Mafusc.A (blacklist.rules) * 1:33964 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33963 <-> DISABLED <-> POLICY-OTHER Evercookie persistent cookie storage attempt (policy-other.rules) * 1:33962 <-> DISABLED <-> BROWSER-CHROME Google Chrome Pepper Flash same-origin-policy bypass attempt (browser-chrome.rules) * 1:33961 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33960 <-> DISABLED <-> SERVER-OTHER PHP unserialize code execution attempt (server-other.rules) * 1:33959 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33958 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33957 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33956 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33955 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33954 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33953 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33952 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33951 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33950 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33949 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33948 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33947 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33946 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33945 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33944 <-> DISABLED <-> FILE-OTHER WordPerfect converter buffer overflow attempt (file-other.rules) * 1:33943 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33942 <-> ENABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33941 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33940 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33939 <-> DISABLED <-> MALWARE-OTHER Executable control panel file attachment detected (malware-other.rules) * 1:33938 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS send_test_email command injection attempt (server-webapp.rules) * 1:33937 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33936 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33935 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin privilege escalation attempt (server-webapp.rules) * 1:33934 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin directory traversal attempt (server-webapp.rules) * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection attempt (malware-cnc.rules) * 1:33932 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tempedreve Samba probe (malware-cnc.rules) * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection attempt (malware-cnc.rules) * 1:33930 <-> ENABLED <-> MALWARE-CNC Vicepass outbound connection initial request to the CNC sending system information (malware-cnc.rules)
* 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules) * 1:2125 <-> DISABLED <-> PROTOCOL-FTP CWD Root directory traversal attempt (protocol-ftp.rules) * 1:23258 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23259 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:26704 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:27908 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:27909 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPhraseElement use after free attempt (browser-ie.rules) * 1:31284 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules) * 1:31988 <-> ENABLED <-> EXPLOIT-KIT Gong Da exploit kit landing page (exploit-kit.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:33228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:33431 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33432 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33433 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33435 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall 3.0 variant outbound connection (malware-cnc.rules) * 1:33908 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:33909 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll out-of-bounds memory write access attempt (file-pdf.rules) * 1:360 <-> DISABLED <-> PROTOCOL-FTP serv-u directory traversal (protocol-ftp.rules) * 1:820 <-> DISABLED <-> SERVER-WEBAPP anaconda directory traversal attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
