Talos has added and modified multiple rules in the exploit-kit, file-flash, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:37219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37211 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37209 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37207 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:37204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37202 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules) * 1:37203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37201 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules) * 1:37206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules) * 1:37200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules) * 1:37223 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules) * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules) * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37231 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules) * 1:37232 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules) * 1:37218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37233 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus FileUploader servlet directory traversal attempt (server-webapp.rules) * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37224 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules) * 1:37221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules) * 1:37220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules) * 1:37240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules) * 1:37241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules)
* 1:26749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26742 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26743 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26725 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26729 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26737 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26739 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26736 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26735 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26740 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules) * 1:26748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:37223 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules) * 1:37238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37210 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37211 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37209 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37207 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:37204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules) * 1:37203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37202 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules) * 1:37201 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules) * 1:37199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules) * 1:37218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:37221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules) * 1:37224 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules) * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules) * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules) * 1:37231 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules) * 1:37232 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules) * 1:37233 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus FileUploader servlet directory traversal attempt (server-webapp.rules) * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules) * 1:37240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules)
* 1:26725 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26728 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26729 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26735 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26734 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26736 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26740 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26739 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26737 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26743 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules) * 1:26744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26742 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:37241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules) * 1:37240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules) * 1:37239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37233 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus FileUploader servlet directory traversal attempt (server-webapp.rules) * 1:37232 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules) * 1:37231 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules) * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules) * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules) * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules) * 1:37224 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules) * 1:37223 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules) * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules) * 1:37221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules) * 1:37220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules) * 1:37219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules) * 1:37211 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37209 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37207 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules) * 1:37206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37202 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules) * 1:37201 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules) * 1:37200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules) * 1:37199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules)
* 1:26725 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules) * 1:26726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules) * 1:26727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules) * 1:26728 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules) * 1:26729 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules) * 1:26730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules) * 1:26731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules) * 1:26732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules) * 1:26733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules) * 1:26734 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules) * 1:26735 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules) * 1:26736 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules) * 1:26737 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules) * 1:26738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules) * 1:26739 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules) * 1:26740 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules) * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:26742 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules) * 1:26743 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules) * 1:26744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules) * 1:26745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules) * 1:26746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules) * 1:26747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules) * 1:26748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules) * 1:26749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules) * 1:26750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules) * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules) * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
