Talos has added and modified multiple rules in the blacklist, browser-other, browser-plugins, deleted, exploit-kit, file-flash, malware-cnc, malware-other, os-mobile, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36359 <-> DISABLED <-> SERVER-WEBAPP pfSense WebGui Zone Parameter cross-site scripting attempt (server-webapp.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36358 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36350 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36349 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36341 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36344 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36343 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36342 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36335 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-create cross site request forgery attempt (server-webapp.rules) * 1:36340 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36339 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:36337 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire permitted-clients cross site request forgery attempt (server-webapp.rules) * 1:36336 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire server properties cross site request forgery attempt (server-webapp.rules) * 1:36334 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-password cross site request forgery attempt (server-webapp.rules) * 1:35724 <-> DISABLED <-> DELETED OS-WINDOWS Microsoft Windows OpenType font parsing memory corruption attempt (deleted.rules) * 1:36333 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:35723 <-> DISABLED <-> DELETED OS-WINDOWS Microsoft Windows OpenType font parsing memory corruption attempt (deleted.rules) * 1:36381 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yidjskdfjskdfsdf.cf - Necurs (blacklist.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dnsfor.dnsfor.me - Win.Trojan.DustySky (blacklist.rules) * 1:36382 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mindfucktoys.com - Necurs (blacklist.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain games.buybit.us - Win.Trojan.DustySky (blacklist.rules) * 1:36392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news.buybit.us - Win.Trojan.DustySky (blacklist.rules) * 1:36393 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news.net-freaks.com - Win.Trojan.DustySky (blacklist.rules) * 1:36394 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sip.supportcom.xyz - Win.Trojan.DustySky (blacklist.rules) * 1:36395 <-> ENABLED <-> BLACKLIST DNS request for known malware domain update.ciscofreak.com - Win.Trojan.DustySky (blacklist.rules) * 1:36396 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:36399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:36390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain facetoo.co.vu - Win.Trojan.DustySky (blacklist.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36369 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules)
* 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dnsfor.dnsfor.me - Win.Trojan.DustySky (blacklist.rules) * 1:36382 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mindfucktoys.com - Necurs (blacklist.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain games.buybit.us - Win.Trojan.DustySky (blacklist.rules) * 1:36392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news.buybit.us - Win.Trojan.DustySky (blacklist.rules) * 1:36393 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news.net-freaks.com - Win.Trojan.DustySky (blacklist.rules) * 1:36394 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sip.supportcom.xyz - Win.Trojan.DustySky (blacklist.rules) * 1:36395 <-> ENABLED <-> BLACKLIST DNS request for known malware domain update.ciscofreak.com - Win.Trojan.DustySky (blacklist.rules) * 1:36396 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:36399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:35723 <-> DISABLED <-> DELETED OS-WINDOWS Microsoft Windows OpenType font parsing memory corruption attempt (deleted.rules) * 1:35724 <-> DISABLED <-> DELETED OS-WINDOWS Microsoft Windows OpenType font parsing memory corruption attempt (deleted.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36333 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:36334 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-password cross site request forgery attempt (server-webapp.rules) * 1:36335 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-create cross site request forgery attempt (server-webapp.rules) * 1:36336 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire server properties cross site request forgery attempt (server-webapp.rules) * 1:36337 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire permitted-clients cross site request forgery attempt (server-webapp.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:36339 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36340 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36341 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36342 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36343 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36344 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36349 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36350 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36358 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36359 <-> DISABLED <-> SERVER-WEBAPP pfSense WebGui Zone Parameter cross-site scripting attempt (server-webapp.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36369 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain facetoo.co.vu - Win.Trojan.DustySky (blacklist.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36381 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yidjskdfjskdfsdf.cf - Necurs (blacklist.rules) * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules)
* 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35723 <-> DISABLED <-> DELETED OS-WINDOWS Microsoft Windows OpenType font parsing memory corruption attempt (deleted.rules) * 1:35724 <-> DISABLED <-> DELETED OS-WINDOWS Microsoft Windows OpenType font parsing memory corruption attempt (deleted.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:36333 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:36334 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-password cross site request forgery attempt (server-webapp.rules) * 1:36335 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-create cross site request forgery attempt (server-webapp.rules) * 1:36336 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire server properties cross site request forgery attempt (server-webapp.rules) * 1:36337 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire permitted-clients cross site request forgery attempt (server-webapp.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:36339 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36340 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36341 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36342 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36343 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36344 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36349 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36350 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36358 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36359 <-> DISABLED <-> SERVER-WEBAPP pfSense WebGui Zone Parameter cross-site scripting attempt (server-webapp.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36369 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:36398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36396 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36395 <-> ENABLED <-> BLACKLIST DNS request for known malware domain update.ciscofreak.com - Win.Trojan.DustySky (blacklist.rules) * 1:36394 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sip.supportcom.xyz - Win.Trojan.DustySky (blacklist.rules) * 1:36393 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news.net-freaks.com - Win.Trojan.DustySky (blacklist.rules) * 1:36392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news.buybit.us - Win.Trojan.DustySky (blacklist.rules) * 1:36391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain games.buybit.us - Win.Trojan.DustySky (blacklist.rules) * 1:36390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain facetoo.co.vu - Win.Trojan.DustySky (blacklist.rules) * 1:36389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dnsfor.dnsfor.me - Win.Trojan.DustySky (blacklist.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36382 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mindfucktoys.com - Necurs (blacklist.rules) * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules) * 1:36381 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yidjskdfjskdfsdf.cf - Necurs (blacklist.rules)
* 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36399 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:36398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36396 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36395 <-> ENABLED <-> BLACKLIST DNS request for known malware domain update.ciscofreak.com - Win.Trojan.DustySky (blacklist.rules) * 1:36394 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sip.supportcom.xyz - Win.Trojan.DustySky (blacklist.rules) * 1:36393 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news.net-freaks.com - Win.Trojan.DustySky (blacklist.rules) * 1:36392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain news.buybit.us - Win.Trojan.DustySky (blacklist.rules) * 1:36391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain games.buybit.us - Win.Trojan.DustySky (blacklist.rules) * 1:36390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain facetoo.co.vu - Win.Trojan.DustySky (blacklist.rules) * 1:36389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dnsfor.dnsfor.me - Win.Trojan.DustySky (blacklist.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36382 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mindfucktoys.com - Necurs (blacklist.rules) * 1:36381 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yidjskdfjskdfsdf.cf - Necurs (blacklist.rules) * 1:36380 <-> DISABLED <-> SERVER-WEBAPP Borland AccuRev SaveContentServiceImpl servlet directory traversal attempt (server-webapp.rules) * 1:36379 <-> DISABLED <-> POLICY-OTHER dnstunnel v0.5 outbound traffic detected (policy-other.rules) * 1:36378 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36377 <-> DISABLED <-> BROWSER-OTHER Google Chrome invalid URI denial of service attempt (browser-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36373 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36371 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid vector length memory corruption attempt (file-flash.rules) * 1:36370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36369 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DefineText buffer overflow attempt (file-flash.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36364 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:36363 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36362 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36361 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36360 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules) * 1:36359 <-> DISABLED <-> SERVER-WEBAPP pfSense WebGui Zone Parameter cross-site scripting attempt (server-webapp.rules) * 1:36358 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36357 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource null pointer attempt (file-flash.rules) * 1:36356 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36355 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVSS null pointer attempt (file-flash.rules) * 1:36350 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36349 <-> DISABLED <-> BROWSER-PLUGINS Touch22 Software Image22 DrawIcon ActiveX clsid access attempt (browser-plugins.rules) * 1:36348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36344 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36343 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36342 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36341 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36340 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36339 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayList memory corruption attempt (file-flash.rules) * 1:36338 <-> ENABLED <-> MALWARE-OTHER Apple iTunes Connect HTTP response phishing attempt (malware-other.rules) * 1:36337 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire permitted-clients cross site request forgery attempt (server-webapp.rules) * 1:36336 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire server properties cross site request forgery attempt (server-webapp.rules) * 1:36335 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-create cross site request forgery attempt (server-webapp.rules) * 1:36334 <-> DISABLED <-> SERVER-WEBAPP Ignite Realtime Openfire user-password cross site request forgery attempt (server-webapp.rules) * 1:36333 <-> DISABLED <-> SERVER-WEBAPP GE MDS PulseNET FileDownloadServlet directory traversal attempt (server-webapp.rules) * 1:36332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit relay traffic detected (exploit-kit.rules) * 1:35724 <-> DISABLED <-> DELETED OS-WINDOWS Microsoft Windows OpenType font parsing memory corruption attempt (deleted.rules) * 1:35723 <-> DISABLED <-> DELETED OS-WINDOWS Microsoft Windows OpenType font parsing memory corruption attempt (deleted.rules)
* 1:28043 <-> DISABLED <-> OS-MOBILE Android WebKit Java reflection command execution attempt (os-mobile.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
