The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-flash, file-multimedia, file-office, file-other, malware-cnc, malware-other, malware-tools, os-mobile, pua-adware, pua-toolbars and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection attempt (malware-cnc.rules) * 1:31315 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection attempt (malware-cnc.rules) * 1:31314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection attempt (malware-cnc.rules) * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection attempt (malware-cnc.rules) * 1:31318 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vividl.comze.com - Win.Trojan.Zediv (blacklist.rules) * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound communication attempt (malware-cnc.rules) * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31326 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a1.p2ptool.com - Win.Trojan.Rofin (blacklist.rules) * 1:31327 <-> ENABLED <-> BLACKLIST DNS request for known malware domain plus.zzinfor.cn - Win.Trojan.Rofin (blacklist.rules) * 1:31328 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection attempt (malware-cnc.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd command injection attempt (server-webapp.rules) * 1:31331 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules) * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules) * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules) * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules) * 1:31343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules) * 1:31344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection attempt (malware-cnc.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules) * 1:31346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
* 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:20432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:27775 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:30220 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:30937 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound PDF request (exploit-kit.rules) * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Win.Adware.MyWebSearch Toolbar funwebproducts variant outbound connection (pua-toolbars.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2960.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection attempt (malware-cnc.rules) * 1:31315 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection attempt (malware-cnc.rules) * 1:31314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection attempt (malware-cnc.rules) * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection attempt (malware-cnc.rules) * 1:31318 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vividl.comze.com - Win.Trojan.Zediv (blacklist.rules) * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound communication attempt (malware-cnc.rules) * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31326 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a1.p2ptool.com - Win.Trojan.Rofin (blacklist.rules) * 1:31327 <-> ENABLED <-> BLACKLIST DNS request for known malware domain plus.zzinfor.cn - Win.Trojan.Rofin (blacklist.rules) * 1:31328 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd command injection attempt (server-webapp.rules) * 1:31331 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules) * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules) * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules) * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules) * 1:31343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules) * 1:31344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection attempt (malware-cnc.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules) * 1:31355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection attempt (malware-cnc.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules) * 1:31345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
* 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:20432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:27775 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:30220 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:30937 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound PDF request (exploit-kit.rules) * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Win.Adware.MyWebSearch Toolbar funwebproducts variant outbound connection (pua-toolbars.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules) * 1:31355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection attempt (malware-cnc.rules) * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules) * 1:31346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules) * 1:31345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules) * 1:31344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection attempt (malware-cnc.rules) * 1:31343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules) * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules) * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules) * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules) * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules) * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules) * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31331 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd command injection attempt (server-webapp.rules) * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules) * 1:31328 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:31327 <-> ENABLED <-> BLACKLIST DNS request for known malware domain plus.zzinfor.cn - Win.Trojan.Rofin (blacklist.rules) * 1:31326 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a1.p2ptool.com - Win.Trojan.Rofin (blacklist.rules) * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound communication attempt (malware-cnc.rules) * 1:31318 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vividl.comze.com - Win.Trojan.Zediv (blacklist.rules) * 1:31317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection attempt (malware-cnc.rules) * 1:31316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection attempt (malware-cnc.rules) * 1:31315 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection attempt (malware-cnc.rules) * 1:31314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection attempt (malware-cnc.rules) * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
* 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:20432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules) * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules) * 1:27775 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules) * 1:30220 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules) * 1:30937 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound PDF request (exploit-kit.rules) * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Win.Adware.MyWebSearch Toolbar funwebproducts variant outbound connection (pua-toolbars.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
