Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-53552
This rule alerts when an attempt to download an executable matching ClamAV signature Unix.Malware.Lotoor-7645228-0 is detected
1-53551
This rule alerts when an attempt to download an executable matching ClamAV signature Unix.Malware.Lotoor-7645228-0 is detected
1-53548
The rule looks for metacharacters associated with command injection in the vulnerable parameter.
1-53547
The rule looks for metacharacters associated with command injection in the vulnerable parameter.
1-53544
This rule will alert when a Win.Trojan.Agent variant is detected on the network making a beacon request to a cnc server.
1-53543
This rule will alert on requests by a Doc.Trojan.Agent variant to fetch an additional malicious Windows executable payload. This particular document has been seen fetching NetSupport Manager and using it for malicious purposes.