Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, exploit-kit, file-flash, malware-cnc, policy-other, server-mssql and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35536 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules) * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35685 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules) * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules) * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35671 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35672 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35667 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules) * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35666 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35663 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules) * 1:35662 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules) * 1:35660 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35661 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35658 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35659 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35656 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35657 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35654 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35655 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35650 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35648 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35649 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35646 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35647 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35644 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35645 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35642 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35643 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35640 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35641 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35638 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35639 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35635 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35537 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules) * 1:35696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35698 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35697 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35699 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35700 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules) * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules) * 1:35693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35687 <-> ENABLED <-> SERVER-WEBAPP Semantec Endpoint Protection Manager server elevated privilege code execution attempt (server-webapp.rules) * 1:35686 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
* 1:31627 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules) * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit flash exploit download attempt (exploit-kit.rules) * 1:35198 <-> ENABLED <-> SERVER-MSSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mssql.rules) * 1:35462 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:31628 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35685 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules) * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules) * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35672 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35671 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35666 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules) * 1:35667 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35662 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules) * 1:35663 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules) * 1:35660 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35661 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35658 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35659 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35656 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35657 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35655 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35654 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35650 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35648 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35649 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35646 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35647 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35644 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35645 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35642 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35643 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35640 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35641 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35638 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35639 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35635 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35537 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules) * 1:35536 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules) * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules) * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35700 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35699 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35698 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35697 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35687 <-> ENABLED <-> SERVER-WEBAPP Semantec Endpoint Protection Manager server elevated privilege code execution attempt (server-webapp.rules) * 1:35686 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
* 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit flash exploit download attempt (exploit-kit.rules) * 1:35198 <-> ENABLED <-> SERVER-MSSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mssql.rules) * 1:35462 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:31628 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules) * 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules) * 1:31627 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35706 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules) * 1:35705 <-> ENABLED <-> BROWSER-IE Microsoft Edge history.state use after free attempt (browser-ie.rules) * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35700 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35699 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35698 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35697 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Trillium TSS12.LoaderWizard.lwctrl ActiveX clsid access attempt (browser-plugins.rules) * 1:35696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35687 <-> ENABLED <-> SERVER-WEBAPP Semantec Endpoint Protection Manager server elevated privilege code execution attempt (server-webapp.rules) * 1:35686 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:35685 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules) * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules) * 1:35676 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35675 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PDF.js same origin policy violation attempt (browser-firefox.rules) * 1:35674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35672 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35671 <-> ENABLED <-> FILE-FLASH Adobe Flash Player incorrect reference to IExternalizable object attempt (file-flash.rules) * 1:35670 <-> DISABLED <-> POLICY-OTHER Symantec Endpoint Protection insecure password reset attempt (policy-other.rules) * 1:35669 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35668 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise WebAccess cross-site scripting attempt (server-webapp.rules) * 1:35667 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules) * 1:35666 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap handling memory corruption attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35663 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules) * 1:35662 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt glyph array out of bounds attempt (file-flash.rules) * 1:35661 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35660 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35659 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35658 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference constructor type confusion attempt (file-flash.rules) * 1:35657 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35656 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35655 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35654 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML property delete out of bounds memory write attempt (file-flash.rules) * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35652 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35650 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:35649 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35648 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35647 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35646 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XML pointer wrong parent reference (file-flash.rules) * 1:35645 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35644 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35643 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35642 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative previously set SharedObject variable set attempt (file-flash.rules) * 1:35641 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35640 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object after free attempt (file-flash.rules) * 1:35639 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35638 <-> ENABLED <-> FILE-FLASH Adobe Flash Player childNodes XML object use after free attempt (file-flash.rules) * 1:35637 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35636 <-> DISABLED <-> FILE-FLASH Adobe Flash invalid swf tag parsing buffer overflow attempt (file-flash.rules) * 1:35635 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetMonitor use-after-free attempt (file-flash.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35537 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules) * 1:35536 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer table layout cache arbitrary code execution attempt (browser-ie.rules)
* 1:30973 <-> ENABLED <-> EXPLOIT-KIT CritX exploit kit payload request (exploit-kit.rules) * 1:31627 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules) * 1:31628 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt (browser-ie.rules) * 1:35198 <-> ENABLED <-> SERVER-MSSQL Microsoft SQL Server transcational replication and showxmlplan enabled remote code execution attempt (server-mssql.rules) * 1:35462 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35542 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit flash exploit download attempt (exploit-kit.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
