Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-61253
The rule is specifically looking for a POST to a C2 endpoint "/contact.php" with a "name=" parameter in the client body.
1-61251
This rule looks for indicators hardcoded within the malware when reaching out to its C2 services. Namely, we are detecting the use of curl to reach the "/blob/" endpoint.
1-61250
This rule looks for indicators hardcoded within the malware when reaching out to its C2 services. Namely, we are detecting the use of curl to reach the "/blob/" endpoint.
1-61249
This rule detects a malicious TAR ball that exploit dir-traversal in VMware vRealize Log Insight
1-61248
This rule detects a malicious TAR ball that exploit dir-traversal in VMware vRealize Log Insight
1-61247
The rule detects Thrift RPC request sent to VMware vRealize Log Insight resulting in configuration including node guid leak that can used to execute other powerful commands on system.