Talos has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-flash, indicator-shellcode, malware-cnc, policy-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34021 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules) * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules) * 1:33993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33999 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules) * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:34020 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules) * 1:33995 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Pwexes (blacklist.rules) * 1:33998 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules) * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules) * 1:33992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33994 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:33991 <-> ENABLED <-> BLACKLIST DNS request for known malware domain insidiouspool.com - Win.Trojan.Insidious (blacklist.rules) * 1:33989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:33988 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Trioptid (blacklist.rules) * 1:33985 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33984 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-345 Network Storage System system_mgr.cgi command injection attempt (server-webapp.rules) * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection attempt (malware-cnc.rules) * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules) * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules) * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules) * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules) * 3:34023 <-> ENABLED <-> PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt (protocol-voip.rules)
* 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules) * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules) * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33472 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules) * 1:32639 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jar file requested on defined port (exploit-kit.rules) * 1:32804 <-> ENABLED <-> EXPLOIT-KIT known malicious javascript packer detected (exploit-kit.rules) * 1:33471 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules) * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules) * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound communication attempt (malware-cnc.rules) * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules) * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection attempt (malware-cnc.rules) * 1:29300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules) * 1:28803 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:27013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules) * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules) * 1:33999 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules) * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:33993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33994 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:33991 <-> ENABLED <-> BLACKLIST DNS request for known malware domain insidiouspool.com - Win.Trojan.Insidious (blacklist.rules) * 1:33989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:33990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:33988 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Trioptid (blacklist.rules) * 1:33985 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33984 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-345 Network Storage System system_mgr.cgi command injection attempt (server-webapp.rules) * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection attempt (malware-cnc.rules) * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34021 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules) * 1:34020 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules) * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules) * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules) * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules) * 1:33995 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Pwexes (blacklist.rules) * 1:33998 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules) * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules) * 3:34023 <-> ENABLED <-> PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt (protocol-voip.rules)
* 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules) * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules) * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33472 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules) * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:32804 <-> ENABLED <-> EXPLOIT-KIT known malicious javascript packer detected (exploit-kit.rules) * 1:33471 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules) * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules) * 1:32639 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jar file requested on defined port (exploit-kit.rules) * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules) * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound communication attempt (malware-cnc.rules) * 1:29300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules) * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection attempt (malware-cnc.rules) * 1:28803 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:27013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34021 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules) * 1:34020 <-> ENABLED <-> FILE-FLASH Adobe Flash Player mp4 trex tag heap corruption attempt (file-flash.rules) * 1:34019 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules) * 1:34018 <-> DISABLED <-> INDICATOR-SHELLCODE percent encoded heapspray detected (indicator-shellcode.rules) * 1:34017 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34016 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34015 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34014 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess webeye.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection attempt (malware-cnc.rules) * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection attempt (malware-cnc.rules) * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection attempt (malware-cnc.rules) * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules) * 1:33999 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules) * 1:33998 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed mp4 tag memory corruption attempt (file-flash.rules) * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules) * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection attempt (malware-cnc.rules) * 1:33995 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Pwexes (blacklist.rules) * 1:33994 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Beshida outbound connection (malware-cnc.rules) * 1:33993 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33992 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Insidious outbound connection (malware-cnc.rules) * 1:33991 <-> ENABLED <-> BLACKLIST DNS request for known malware domain insidiouspool.com - Win.Trojan.Insidious (blacklist.rules) * 1:33990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trioptid outbound connection (malware-cnc.rules) * 1:33988 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getb.tmpbr.net - Win.Trojan.Trioptid (blacklist.rules) * 1:33987 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33985 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:33984 <-> DISABLED <-> SERVER-WEBAPP D-Link DNS-345 Network Storage System system_mgr.cgi command injection attempt (server-webapp.rules) * 3:34022 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unity Connection malformed contact header denial of service attempt (protocol-voip.rules) * 3:34023 <-> ENABLED <-> PROTOCOL-VOIP Unity Conversation Manager record-route INVITE anomaly denial of service attempt (protocol-voip.rules)
* 1:33983 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit obfuscated file download (exploit-kit.rules) * 1:33981 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit flash file download (exploit-kit.rules) * 1:33982 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit landing page detected (exploit-kit.rules) * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33472 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules) * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:32804 <-> ENABLED <-> EXPLOIT-KIT known malicious javascript packer detected (exploit-kit.rules) * 1:33471 <-> DISABLED <-> FILE-FLASH Adobe Flash Player arbitrary code execution attempt (file-flash.rules) * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules) * 1:32639 <-> DISABLED <-> EXPLOIT-KIT Sweet Orange exploit kit jar file requested on defined port (exploit-kit.rules) * 1:31046 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules) * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules) * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound communication attempt (malware-cnc.rules) * 1:29300 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules) * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection attempt (malware-cnc.rules) * 1:28803 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector inbound connection (malware-cnc.rules) * 1:27013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Phoenot variant inbound connection (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
