Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-flash, file-identify, file-multimedia, file-office, indicator-obfuscation, malware-cnc, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36170 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36130 <-> DISABLED <-> PROTOCOL-DNS ISC BIND zero length OPENPGPKEY rdata response attempt (protocol-dns.rules) * 1:36104 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA configdb_file.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:36150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection attempt (malware-cnc.rules) * 1:36105 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36131 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyIE 3.01 (blacklist.rules) * 1:36165 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 1:36097 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36098 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36099 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36100 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager default credentials authentication attempt (server-webapp.rules) * 1:36101 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules) * 1:36102 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules) * 1:36103 <-> ENABLED <-> BLACKLIST DNS request for known malware domain faq-adobe-directs.com - Win.Trojan.MWZLesson (blacklist.rules) * 1:36122 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36163 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36147 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules) * 1:36142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36137 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36132 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36120 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36115 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36114 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player ID3 tag integer overflow attempt (file-multimedia.rules) * 1:36113 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player ID3 tag integer overflow attempt (file-multimedia.rules) * 1:36109 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36112 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36172 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36173 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36174 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36175 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36176 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36177 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36169 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36141 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36146 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36148 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules) * 1:36110 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36151 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36138 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36136 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36134 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36159 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36160 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36162 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36161 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36111 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36164 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36108 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36168 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36166 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36167 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36171 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 3:36153 <-> ENABLED <-> SERVER-OTHER IBM Domino LDAP server ModifyRequest stack buffer overflow attempt (server-other.rules)
* 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:26636 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOMTextNode object use after free attempt (browser-ie.rules) * 1:26637 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOMTextNode object use after free attempt (browser-ie.rules) * 1:29518 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:29801 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:30961 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:30963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP iControl API hostname command injection attempt (server-other.rules) * 1:31384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:32097 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32991 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32992 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35507 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt (browser-ie.rules) * 1:35508 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt (browser-ie.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36036 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36104 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA configdb_file.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:36111 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36163 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36162 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36160 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36161 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36151 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36147 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules) * 1:36149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36146 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36141 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36137 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36136 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36134 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36132 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36130 <-> DISABLED <-> PROTOCOL-DNS ISC BIND zero length OPENPGPKEY rdata response attempt (protocol-dns.rules) * 1:36131 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyIE 3.01 (blacklist.rules) * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36122 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36115 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36114 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player ID3 tag integer overflow attempt (file-multimedia.rules) * 1:36113 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player ID3 tag integer overflow attempt (file-multimedia.rules) * 1:36109 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection attempt (malware-cnc.rules) * 1:36107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36112 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 1:36097 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36098 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36099 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36100 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager default credentials authentication attempt (server-webapp.rules) * 1:36101 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules) * 1:36102 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules) * 1:36103 <-> ENABLED <-> BLACKLIST DNS request for known malware domain faq-adobe-directs.com - Win.Trojan.MWZLesson (blacklist.rules) * 1:36120 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36138 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36148 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36159 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36164 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36108 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36177 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36176 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36175 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36174 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36173 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36172 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36171 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36110 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36170 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36169 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36167 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36168 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36166 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36105 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36165 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 3:36153 <-> ENABLED <-> SERVER-OTHER IBM Domino LDAP server ModifyRequest stack buffer overflow attempt (server-other.rules)
* 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:26636 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOMTextNode object use after free attempt (browser-ie.rules) * 1:26637 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOMTextNode object use after free attempt (browser-ie.rules) * 1:29518 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:29801 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:30961 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:30963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP iControl API hostname command injection attempt (server-other.rules) * 1:31384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:32097 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32991 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32992 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35507 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt (browser-ie.rules) * 1:35508 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt (browser-ie.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36036 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36177 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36176 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36175 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36174 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36173 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36172 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36171 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36170 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36169 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36168 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36167 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36166 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36165 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36164 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36163 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36162 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36161 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36160 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:36159 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36151 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36150 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36149 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36148 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules) * 1:36147 <-> ENABLED <-> FILE-OFFICE Microsoft Windows OLE Packer Remote Code Execution attempt (file-office.rules) * 1:36146 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection AS2 arbitrary code execution attempt (file-flash.rules) * 1:36142 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36141 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36140 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36139 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36138 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36137 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36136 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36135 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:36134 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36133 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36132 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36131 <-> ENABLED <-> BLACKLIST USER-AGENT known malicious User-Agent string - MyIE 3.01 (blacklist.rules) * 1:36130 <-> DISABLED <-> PROTOCOL-DNS ISC BIND zero length OPENPGPKEY rdata response attempt (protocol-dns.rules) * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36122 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36120 <-> DISABLED <-> FILE-FLASH Adobe Flash Player regexp heap buffer overflow attempt (file-flash.rules) * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:36115 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36114 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player ID3 tag integer overflow attempt (file-multimedia.rules) * 1:36113 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player ID3 tag integer overflow attempt (file-multimedia.rules) * 1:36112 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36111 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36110 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36109 <-> ENABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj ActiveX clsid access attempt (browser-plugins.rules) * 1:36108 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection attempt (malware-cnc.rules) * 1:36105 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36104 <-> DISABLED <-> SERVER-WEBAPP Silver Peak VXOA configdb_file.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:36103 <-> ENABLED <-> BLACKLIST DNS request for known malware domain faq-adobe-directs.com - Win.Trojan.MWZLesson (blacklist.rules) * 1:36102 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules) * 1:36101 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk ExportImport.do directory traversal attempt (server-webapp.rules) * 1:36100 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager default credentials authentication attempt (server-webapp.rules) * 1:36099 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36098 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36097 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager SubmitQuery SQL injection attempt (server-webapp.rules) * 1:36096 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake oversized fragment length denial of service attempt (server-other.rules) * 3:36153 <-> ENABLED <-> SERVER-OTHER IBM Domino LDAP server ModifyRequest stack buffer overflow attempt (server-other.rules)
* 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:25451 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules) * 1:25452 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules) * 1:26636 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOMTextNode object use after free attempt (browser-ie.rules) * 1:26637 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DCOMTextNode object use after free attempt (browser-ie.rules) * 1:29518 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:29801 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:30961 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:30963 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CElement use after free attempt (browser-ie.rules) * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP iControl API hostname command injection attempt (server-other.rules) * 1:31384 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:31385 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:32097 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:32609 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:32991 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32992 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35507 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt (browser-ie.rules) * 1:35508 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer array prototype type confusion memory corruption attempt (browser-ie.rules) * 1:35630 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35631 <-> DISABLED <-> SERVER-OTHER LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale denial of service attempt (server-other.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:36035 <-> DISABLED <-> FILE-FLASH Infinity popup toolkit detected (file-flash.rules) * 1:36036 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
