Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:64078
This rule looks for command injection metacharcters present in the `filename` parameter in requests to the "/cgi-bin/mainfunction.cgi/cvmcfgupload" endpoint on DrayTek Vigor routers.
1:64076
This rule alerts on malicious files known to distribute the Win.Keylogger.Snake malware family. Snake is a credential stealer and keylogging application that exfiltrates via SMTP, Telegram, and FTP. The indicated endpoint is likely compromised with a malicious Microsoft Office file.
1:64075
This rule alerts on known process injectors associated with the Win.Keylogger.Snake malware family. This file is responsible for injecting the Snake keylogger into memory and establishing persistence. The indicated endpoint is likely compromised with an initial malicious downloader file.
1:64074
This rule alerts on known process injectors associated with the Win.Keylogger.Snake malware family. This file is responsible for injecting the Snake keylogger into memory and establishing persistence. The indicated endpoint is likely compromised with an initial malicious downloader file.
1:64073
This rule alerts on files from the Win.KeyLogger.Snake malware family. Snake is a keylogger and information stealer that communicates over SMTP, telegram, and FTP.
1:64072
This rule alerts on communications from the Win.KeyLogger.Snake malware family. Snake is a keylogger and information stealer that communicates over SMTP, telegram, and FTP.