Talos has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-other, browser-plugins, file-flash, file-java, file-multimedia, file-office, file-other, malware-cnc, policy-other, protocol-scada, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45226 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:45229 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - SocStealer (blacklist.rules) * 1:45230 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - SocStealer (blacklist.rules) * 1:45231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:45235 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall router.php XML attribute injection attempt (server-webapp.rules) * 1:45236 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (server-webapp.rules) * 1:45237 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules) * 1:45238 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules) * 1:45239 <-> ENABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45240 <-> DISABLED <-> SERVER-WEBAPP OpenEMR fax_dispatch.php command injection attempt (server-webapp.rules) * 1:45241 <-> DISABLED <-> SERVER-WEBAPP Multiple IP cameras format string exploitation attempt (server-webapp.rules) * 1:45242 <-> DISABLED <-> SERVER-WEBAPP Multiple IP cameras format string exploitation attempt (server-webapp.rules) * 1:45259 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45258 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45249 <-> DISABLED <-> SERVER-WEBAPP UAParser.js library regular expression denial of service attempt (server-webapp.rules) * 1:45250 <-> ENABLED <-> SERVER-WEBAPP Delta IEM DIAEnergie file upload attempt (server-webapp.rules) * 1:45251 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45252 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 1:45254 <-> DISABLED <-> SERVER-OTHER Polycom HDX Series remote code execution attempt (server-other.rules) * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
* 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-flash.rules) * 1:25074 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:29097 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:29098 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX access attempt (browser-plugins.rules) * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:29100 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:29102 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX access attempt (browser-plugins.rules) * 1:29754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:39157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45258 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45254 <-> DISABLED <-> SERVER-OTHER Polycom HDX Series remote code execution attempt (server-other.rules) * 1:45252 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 1:45250 <-> ENABLED <-> SERVER-WEBAPP Delta IEM DIAEnergie file upload attempt (server-webapp.rules) * 1:45251 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45249 <-> DISABLED <-> SERVER-WEBAPP UAParser.js library regular expression denial of service attempt (server-webapp.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:45241 <-> DISABLED <-> SERVER-WEBAPP Multiple IP cameras format string exploitation attempt (server-webapp.rules) * 1:45242 <-> DISABLED <-> SERVER-WEBAPP Multiple IP cameras format string exploitation attempt (server-webapp.rules) * 1:45239 <-> ENABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45240 <-> DISABLED <-> SERVER-WEBAPP OpenEMR fax_dispatch.php command injection attempt (server-webapp.rules) * 1:45237 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules) * 1:45238 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules) * 1:45235 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall router.php XML attribute injection attempt (server-webapp.rules) * 1:45236 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (server-webapp.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:45232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:45230 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - SocStealer (blacklist.rules) * 1:45231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:45229 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - SocStealer (blacklist.rules) * 1:45226 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45259 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45255 <-> ENABLED <-> SERVER-SAMBA Samba tree connect andx memory corruption attempt (server-samba.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
* 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-flash.rules) * 1:25074 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:29097 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:29098 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX access attempt (browser-plugins.rules) * 1:29100 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:29102 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX access attempt (browser-plugins.rules) * 1:29754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:39157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45254 <-> DISABLED <-> SERVER-OTHER Polycom HDX Series remote code execution attempt (server-other.rules) * 1:45257 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45256 <-> DISABLED <-> BROWSER-OTHER IBM Notes denial of service attempt (browser-other.rules) * 1:45255 <-> ENABLED <-> SERVER-SAMBA Samba tree connect andx memory corruption attempt (server-samba.rules) * 1:45258 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45224 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45225 <-> DISABLED <-> FILE-FLASH Adobe Flash memory corruption exploit attempt (file-flash.rules) * 1:45226 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:45227 <-> DISABLED <-> SERVER-OTHER Docker Rancher Server remote code execution attempt (server-other.rules) * 1:45228 <-> DISABLED <-> SERVER-OTHER Medal Of Honor Allied Assault getinfo buffer overflow attempt (server-other.rules) * 1:45229 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - SocStealer (blacklist.rules) * 1:45230 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - SocStealer (blacklist.rules) * 1:45231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45233 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus stop command attempt (protocol-scada.rules) * 1:45234 <-> DISABLED <-> PROTOCOL-SCADA Schneider Modicon Quantum modbus start command attempt (protocol-scada.rules) * 1:45235 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall router.php XML attribute injection attempt (server-webapp.rules) * 1:45236 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (server-webapp.rules) * 1:45237 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules) * 1:45238 <-> DISABLED <-> SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt (server-webapp.rules) * 1:45239 <-> ENABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45240 <-> DISABLED <-> SERVER-WEBAPP OpenEMR fax_dispatch.php command injection attempt (server-webapp.rules) * 1:45241 <-> DISABLED <-> SERVER-WEBAPP Multiple IP cameras format string exploitation attempt (server-webapp.rules) * 1:45242 <-> DISABLED <-> SERVER-WEBAPP Multiple IP cameras format string exploitation attempt (server-webapp.rules) * 1:45243 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45244 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded root password telnet login attempt (policy-other.rules) * 1:45245 <-> DISABLED <-> POLICY-OTHER ZyXEL PK5001Z modem hardcoded admin password telnet login attempt (policy-other.rules) * 1:45246 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45247 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOM event handler privilege escalation attempt (browser-firefox.rules) * 1:45249 <-> DISABLED <-> SERVER-WEBAPP UAParser.js library regular expression denial of service attempt (server-webapp.rules) * 1:45250 <-> ENABLED <-> SERVER-WEBAPP Delta IEM DIAEnergie file upload attempt (server-webapp.rules) * 1:45251 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45259 <-> DISABLED <-> FILE-JAVA Oracle Java strlen denial of service attempt (file-java.rules) * 1:45252 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45253 <-> DISABLED <-> SERVER-OTHER Dahua DVR hard-coded root login attempt (server-other.rules) * 3:45248 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0510 attack attempt (server-other.rules)
* 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:43765 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:21319 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-flash.rules) * 1:21322 <-> DISABLED <-> FILE-OTHER Multiple products version.dll dll-load exploit attempt (file-flash.rules) * 1:25074 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules) * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:29097 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:29098 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX access attempt (browser-plugins.rules) * 1:29100 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access attempt (browser-plugins.rules) * 1:29102 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX access attempt (browser-plugins.rules) * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:29754 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:33565 <-> DISABLED <-> SERVER-OTHER McAfee E-Business Server remote preauth code execution attempt (server-other.rules) * 1:35773 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35774 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:35775 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35776 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:35777 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:35778 <-> DISABLED <-> FILE-MULTIMEDIA Matroska libmatroska track video double free attempt (file-multimedia.rules) * 1:36365 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS show_rechis cross site scripting attempt (server-webapp.rules) * 1:36366 <-> DISABLED <-> SERVER-WEBAPP Typo3 CMS index cross site scripting attempt (server-webapp.rules) * 1:39157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:43763 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:43764 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree node removal memory corruption attempt (browser-firefox.rules) * 1:43766 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL null menu memory corruption attempt (browser-firefox.rules) * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
