Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, exploit-kit, file-flash, indicator-obfuscation, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:38541 <-> DISABLED <-> INDICATOR-OBFUSCATION newline only separator evasion (indicator-obfuscation.rules) * 1:38536 <-> DISABLED <-> SERVER-WEBAPP Wordpress Scoreme cross site scripting attempt (server-webapp.rules) * 1:38537 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:38534 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38535 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38531 <-> DISABLED <-> SERVER-WEBAPP WSN Live SQL injection attempt SQL injection attempt (server-webapp.rules) * 1:38532 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:38527 <-> ENABLED <-> BLACKLIST DNS request for known malware domain melon25.ru - XBot (blacklist.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38509 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38511 <-> DISABLED <-> SERVER-WEBAPP Novell Service Desk directory traversal attempt (server-webapp.rules) * 1:38513 <-> DISABLED <-> SERVER-WEBAPP ATutor question_import.php directory traversal attempt (server-webapp.rules) * 1:38510 <-> ENABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38512 <-> DISABLED <-> SERVER-WEBAPP ATutor question_import.php directory traversal attempt (server-webapp.rules) * 1:38523 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 1:38538 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:38539 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 1:38517 <-> ENABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38518 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38519 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38520 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38521 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirect page detected (exploit-kit.rules) * 1:38522 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38524 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:38530 <-> ENABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38533 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38540 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 3:38543 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central Web Framework remote file include attempt (server-webapp.rules)
* 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:31299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Necurs or Win.Trojan.Locky variant outbound detection (malware-cnc.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:12252 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:12248 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:12246 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:29281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:32666 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:37970 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:38020 <-> DISABLED <-> FILE-FLASH Adobe Flash file with CreateFileA shellcode (file-flash.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38021 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38022 <-> DISABLED <-> FILE-FLASH Adobe Flash file with RC4 decryption routine detected (file-flash.rules) * 1:38023 <-> DISABLED <-> FILE-FLASH Adobe Flash file CreateFileA shellcode found (file-flash.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38024 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38025 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38026 <-> DISABLED <-> FILE-FLASH Adobe Flash file with RC4 decryption routine detected (file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38510 <-> ENABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38509 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38511 <-> DISABLED <-> SERVER-WEBAPP Novell Service Desk directory traversal attempt (server-webapp.rules) * 1:38512 <-> DISABLED <-> SERVER-WEBAPP ATutor question_import.php directory traversal attempt (server-webapp.rules) * 1:38513 <-> DISABLED <-> SERVER-WEBAPP ATutor question_import.php directory traversal attempt (server-webapp.rules) * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 1:38517 <-> ENABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38518 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38520 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38519 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38521 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirect page detected (exploit-kit.rules) * 1:38522 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38523 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38524 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38527 <-> ENABLED <-> BLACKLIST DNS request for known malware domain melon25.ru - XBot (blacklist.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:38530 <-> ENABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:38531 <-> DISABLED <-> SERVER-WEBAPP WSN Live SQL injection attempt SQL injection attempt (server-webapp.rules) * 1:38532 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38533 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38534 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38535 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38536 <-> DISABLED <-> SERVER-WEBAPP Wordpress Scoreme cross site scripting attempt (server-webapp.rules) * 1:38537 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:38538 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:38540 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:38539 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:38541 <-> DISABLED <-> INDICATOR-OBFUSCATION newline only separator evasion (indicator-obfuscation.rules) * 3:38543 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central Web Framework remote file include attempt (server-webapp.rules)
* 1:32666 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:37970 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:31299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Necurs or Win.Trojan.Locky variant outbound detection (malware-cnc.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:12252 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:29281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:12248 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:12246 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38020 <-> DISABLED <-> FILE-FLASH Adobe Flash file with CreateFileA shellcode (file-flash.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38021 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38022 <-> DISABLED <-> FILE-FLASH Adobe Flash file with RC4 decryption routine detected (file-flash.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38023 <-> DISABLED <-> FILE-FLASH Adobe Flash file CreateFileA shellcode found (file-flash.rules) * 1:38024 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38026 <-> DISABLED <-> FILE-FLASH Adobe Flash file with RC4 decryption routine detected (file-flash.rules) * 1:38025 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38541 <-> DISABLED <-> INDICATOR-OBFUSCATION newline only separator evasion (indicator-obfuscation.rules) * 1:38540 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:38539 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:38538 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:38537 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:38536 <-> DISABLED <-> SERVER-WEBAPP Wordpress Scoreme cross site scripting attempt (server-webapp.rules) * 1:38535 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38534 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38533 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38532 <-> DISABLED <-> FILE-FLASH Rig Exploit Kit exploitation attempt (file-flash.rules) * 1:38531 <-> DISABLED <-> SERVER-WEBAPP WSN Live SQL injection attempt SQL injection attempt (server-webapp.rules) * 1:38530 <-> ENABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38529 <-> DISABLED <-> MALWARE-OTHER XBot CC Social Engineering (malware-other.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:38527 <-> ENABLED <-> BLACKLIST DNS request for known malware domain melon25.ru - XBot (blacklist.rules) * 1:38526 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38525 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Troll dropper document file detected (malware-other.rules) * 1:38524 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38523 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38522 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page detected (exploit-kit.rules) * 1:38521 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit redirect page detected (exploit-kit.rules) * 1:38520 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38519 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38518 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:38517 <-> ENABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection attempt (malware-cnc.rules) * 1:38513 <-> DISABLED <-> SERVER-WEBAPP ATutor question_import.php directory traversal attempt (server-webapp.rules) * 1:38512 <-> DISABLED <-> SERVER-WEBAPP ATutor question_import.php directory traversal attempt (server-webapp.rules) * 1:38511 <-> DISABLED <-> SERVER-WEBAPP Novell Service Desk directory traversal attempt (server-webapp.rules) * 1:38510 <-> ENABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38509 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 3:38543 <-> ENABLED <-> SERVER-WEBAPP Cisco UCS Central Web Framework remote file include attempt (server-webapp.rules)
* 1:38364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted button use after free attempt (browser-ie.rules) * 1:38059 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:38058 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:38057 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38056 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:12246 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX clsid access attempt (browser-plugins.rules) * 1:12248 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32 ActiveX function call access attempt (browser-plugins.rules) * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access attempt (browser-plugins.rules) * 1:38055 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:12252 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX function call access attempt (browser-plugins.rules) * 1:29281 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29282 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29283 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38054 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing protoType.valueOf function download detected (policy-other.rules) * 1:29284 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29286 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:29287 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:38053 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing getDefinitionByName function download detected (policy-other.rules) * 1:29288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player sharable ByteArray code execution attempt (file-flash.rules) * 1:31299 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Necurs or Win.Trojan.Locky variant outbound detection (malware-cnc.rules) * 1:32666 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Coreshell variant outbound connection (malware-cnc.rules) * 1:37970 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DataView use-after-free attempt (browser-ie.rules) * 1:38052 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing parseFloat function download detected (policy-other.rules) * 1:38020 <-> DISABLED <-> FILE-FLASH Adobe Flash file with CreateFileA shellcode (file-flash.rules) * 1:38021 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38022 <-> DISABLED <-> FILE-FLASH Adobe Flash file with RC4 decryption routine detected (file-flash.rules) * 1:38023 <-> DISABLED <-> FILE-FLASH Adobe Flash file CreateFileA shellcode found (file-flash.rules) * 1:38051 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing domainMemory function download detected (policy-other.rules) * 1:38024 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38025 <-> DISABLED <-> FILE-FLASH Adobe Flash file with large DefineBinaryData tag (file-flash.rules) * 1:38026 <-> DISABLED <-> FILE-FLASH Adobe Flash file with RC4 decryption routine detected (file-flash.rules) * 1:38050 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing defaultValue function download detected (policy-other.rules) * 1:38034 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38033 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing allowLoadBytesCodeExecution function download detected (policy-other.rules) * 1:38032 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38031 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function download detected (policy-other.rules) * 1:38030 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38029 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing atomicCompareAndSwapLength function download detected (policy-other.rules) * 1:38027 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing ExternalInterface function download detected (policy-other.rules) * 1:38028 <-> DISABLED <-> POLICY-OTHER Adobe Flash file containing loadBytes function (policy-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
