Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-executable, file-flash, file-identify, file-java, file-office, file-other, file-pdf, indicator-obfuscation, indicator-shellcode, malware-cnc, os-solaris, os-windows, policy-other, protocol-imap, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:37783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules) * 1:37782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37779 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules) * 1:37780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules) * 1:37778 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules) * 1:37777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37776 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37774 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37775 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37771 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37772 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules) * 1:37792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37791 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37790 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37789 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37773 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37836 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:37834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37827 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules) * 1:37825 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37826 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:37824 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37821 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37820 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37819 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37817 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37816 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37812 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.handshake.client flowbit (policy-other.rules) * 1:37811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:37810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:37808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37800 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:37801 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37799 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules) * 1:37796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37766 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37769 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37768 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37765 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37818 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37763 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37823 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37757 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules) * 1:37752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules) * 1:37750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules) * 1:37748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules) * 1:37749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules) * 1:37745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules) * 1:37744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37852 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:37849 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules) * 1:37770 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37840 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules) * 1:37844 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules) * 1:37846 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:37847 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:37838 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:37837 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:37851 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules) * 1:37850 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules)
* 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules) * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules) * 1:37686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules) * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules) * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules) * 1:37684 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:35378 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35376 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35379 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35377 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:6470 <-> ENABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29272 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29273 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29270 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29271 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:26601 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:26590 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:37773 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules) * 1:37780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules) * 1:37778 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules) * 1:37779 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules) * 1:37776 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37774 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37775 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37772 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37770 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37769 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37789 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37790 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37791 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules) * 1:37792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules) * 1:37748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules) * 1:37749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules) * 1:37750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules) * 1:37793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules) * 1:37751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules) * 1:37752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules) * 1:37754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37757 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37758 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37763 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37765 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37766 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37768 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37798 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37799 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:37800 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:37801 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:37811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:37812 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.handshake.client flowbit (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37816 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37817 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37819 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37818 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37820 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37821 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:37824 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37823 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:37825 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37826 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules) * 1:37827 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules) * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37836 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:37771 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37852 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules) * 1:37851 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules) * 1:37850 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules) * 1:37849 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules) * 1:37848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:37847 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:37846 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37840 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules) * 1:37839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules) * 1:37844 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:37838 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:37837 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules)
* 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules) * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:26590 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:26601 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:29270 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29271 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29272 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29273 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:35376 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35377 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35379 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35378 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:37684 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules) * 1:37685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules) * 1:37686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules) * 1:6470 <-> ENABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules) * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37801 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37800 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:37799 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:37798 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules) * 1:37793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 URLRequest class use after free attempt (file-flash.rules) * 1:37792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37791 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37790 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37789 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37788 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file download request (file-identify.rules) * 1:37787 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37786 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37785 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file attachment detected (file-identify.rules) * 1:37784 <-> ENABLED <-> FILE-IDENTIFY Adobe Texture Format file magic detected (file-identify.rules) * 1:37783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37852 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules) * 1:37851 <-> DISABLED <-> FILE-OTHER Oracle Outside-In invalid CRG segment memory corruption attempt (file-other.rules) * 1:37850 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules) * 1:37849 <-> DISABLED <-> FILE-FLASH Adobe Flash file with embedded PE detected (file-flash.rules) * 1:37848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:37847 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:37846 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:37845 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable imap.cram_md5 flowbit (policy-other.rules) * 1:37844 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:37840 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules) * 1:37839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AAC audio memory corruption attempt (file-flash.rules) * 1:37838 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:37837 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:37836 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:37835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37834 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37827 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules) * 1:37826 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX function call access attempt (browser-plugins.rules) * 1:37825 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37824 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37823 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:37822 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:37821 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37820 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37819 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37818 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:37817 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37816 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37815 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37814 <-> DISABLED <-> POLICY-OTHER Polycom Botnet inbound connection attempt (policy-other.rules) * 1:37813 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.server.auth.types flowbit (policy-other.rules) * 1:37812 <-> DISABLED <-> POLICY-OTHER junk rule to autoenable vnc.handshake.client flowbit (policy-other.rules) * 1:37811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:37810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:37809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules) * 1:37780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative memory corruption attempt (file-flash.rules) * 1:37779 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules) * 1:37778 <-> ENABLED <-> FILE-OTHER Adobe Flash Player unsupported video encoding remote code execution attempt (file-other.rules) * 1:37777 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37776 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37775 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37774 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37773 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37772 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37771 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37770 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37769 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37768 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37767 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37766 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37765 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37764 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37763 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37757 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules) * 1:37750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid reference frame count memory corruption attempt (file-flash.rules) * 1:37749 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules) * 1:37748 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object Type Confusion Attempt (file-flash.rules) * 1:37747 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules) * 1:37746 <-> ENABLED <-> FILE-FLASH Adobe Flash Player list filter memory corruption attempt (file-flash.rules) * 1:37745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules)
* 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules) * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:26590 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:26601 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:29270 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29271 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29272 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29273 <-> DISABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29281 <-> ENABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:32375 <-> DISABLED <-> BROWSER-OTHER WGet symlink arbitrary file write attempt (browser-other.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33170 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33171 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:33172 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33173 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX clsid access attempt (browser-plugins.rules) * 1:33174 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:33175 <-> DISABLED <-> BROWSER-PLUGINS Attachmate Reflection FTP Client Memory Corruption ActiveX function call access attempt (browser-plugins.rules) * 1:35376 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35377 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35378 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35379 <-> DISABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35607 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:35608 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CreateTextField use-after-free attempt (file-flash.rules) * 1:36536 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK packet flood attempt (server-other.rules) * 1:37684 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules) * 1:37685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object user-after-free attempt (file-flash.rules) * 1:37686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules) * 1:6469 <-> ENABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:647 <-> DISABLED <-> INDICATOR-SHELLCODE Oracle sparc setuid 0 (indicator-shellcode.rules) * 1:6470 <-> ENABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules) * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
