Snort - Network Intrusion Detection & Prevention System

VRT Rules 2015-04-28

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-multimedia, file-other, indicator-obfuscation, indicator-shellcode, malware-cnc, protocol-ftp, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2962

2015-04-28 14:38:55 UTC

Snort Subscriber Rules Update

Date: 2015-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34213 <-> DISABLED <-> SERVER-WEBAPP WordPress overly large password class-phpass.php denial of service attempt (server-webapp.rules)
 * 1:34214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules)
 * 1:34216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34218 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lazyshare.net - Win.Trojan.Nanocore (blacklist.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection attempt (malware-cnc.rules)
 * 1:34267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34255 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34256 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34252 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34251 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34249 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34250 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34247 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection attempt (malware-cnc.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules)
 * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules)
 * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34230 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34229 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34228 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules)
 * 1:34223 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34194 <-> ENABLED <-> SERVER-WEBAPP RevSlider information disclosure attempt (server-webapp.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34275 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34248 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34272 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34273 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34268 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34274 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34269 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)

Modified Rules:


 * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules)
 * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:26777 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)

2970

2015-04-28 14:38:55 UTC

Snort Subscriber Rules Update

Date: 2015-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34213 <-> DISABLED <-> SERVER-WEBAPP WordPress overly large password class-phpass.php denial of service attempt (server-webapp.rules)
 * 1:34214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules)
 * 1:34216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34218 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lazyshare.net - Win.Trojan.Nanocore (blacklist.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection attempt (malware-cnc.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34230 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34229 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34228 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules)
 * 1:34223 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34194 <-> ENABLED <-> SERVER-WEBAPP RevSlider information disclosure attempt (server-webapp.rules)
 * 1:34195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules)
 * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules)
 * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection attempt (malware-cnc.rules)
 * 1:34247 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34248 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34249 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34250 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34251 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34252 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34255 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34256 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34275 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34273 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34274 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34272 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34268 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34269 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)

Modified Rules:


 * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules)
 * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:26777 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)

2972

2015-04-28 14:38:55 UTC

Snort Subscriber Rules Update

Date: 2015-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34256 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34255 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34252 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34251 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34250 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34249 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34248 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34247 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection attempt (malware-cnc.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34275 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34274 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34273 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34272 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34269 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34268 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules)
 * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules)
 * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34230 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34229 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34228 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules)
 * 1:34223 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection attempt (malware-cnc.rules)
 * 1:34218 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lazyshare.net - Win.Trojan.Nanocore (blacklist.rules)
 * 1:34217 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules)
 * 1:34214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34213 <-> DISABLED <-> SERVER-WEBAPP WordPress overly large password class-phpass.php denial of service attempt (server-webapp.rules)
 * 1:34212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34194 <-> ENABLED <-> SERVER-WEBAPP RevSlider information disclosure attempt (server-webapp.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)

Modified Rules:


 * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules)
 * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:26777 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)