Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, exploit-kit, file-pdf, indicator-obfuscation, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:39173 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.BladeShades Crypter outbound connection (malware-cnc.rules) * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules) * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules) * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules) * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules) * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules) * 1:39159 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39163 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39160 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules) * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
* 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules) * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules) * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules) * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules) * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38556 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:39173 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.BladeShades Crypter outbound connection (malware-cnc.rules) * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules) * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules) * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules) * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39159 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules) * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39163 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39160 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules) * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules) * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
* 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules) * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules) * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules) * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules) * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38556 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:39173 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.BladeShades Crypter outbound connection (malware-cnc.rules) * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules) * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules) * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules) * 1:39164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39163 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39160 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39159 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:39176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules) * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules) * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules) * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
* 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules) * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules) * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules) * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules) * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38556 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules) * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules) * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules) * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules) * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules) * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules) * 1:39176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:39173 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.BladeShades Crypter outbound connection (malware-cnc.rules) * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules) * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules) * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules) * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules) * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules) * 1:39164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39163 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39160 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39159 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules) * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
* 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules) * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules) * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules) * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules) * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules) * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules) * 1:38556 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
