Talos has added and modified multiple rules in the file-flash, file-image, file-multimedia, file-other, file-pdf, indicator-compromise, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41336 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules) * 1:41337 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules) * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules) * 1:41331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection attempt (malware-cnc.rules) * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41355 <-> DISABLED <-> SERVER-WEBAPP WordPress Admin API ajax-actions.php directory traversal attempt (server-webapp.rules) * 1:41354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules) * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41332 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules) * 1:41335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules) * 1:41333 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules) * 1:41334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules) * 1:41330 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules) * 1:41329 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules) * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 3:41351 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules) * 3:41344 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules) * 3:41345 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules) * 3:41352 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0232 attack attempt (server-webapp.rules) * 3:41350 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules)
* 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules) * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40431 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules) * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules) * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules) * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41329 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules) * 1:41330 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules) * 1:41331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection attempt (malware-cnc.rules) * 1:41332 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules) * 1:41333 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules) * 1:41334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules) * 1:41335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules) * 1:41336 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules) * 1:41337 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules) * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41355 <-> DISABLED <-> SERVER-WEBAPP WordPress Admin API ajax-actions.php directory traversal attempt (server-webapp.rules) * 1:41353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules) * 1:41354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules) * 3:41344 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules) * 3:41345 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules) * 3:41350 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules) * 3:41351 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules) * 3:41352 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0232 attack attempt (server-webapp.rules)
* 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules) * 1:40431 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules) * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules) * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41355 <-> DISABLED <-> SERVER-WEBAPP WordPress Admin API ajax-actions.php directory traversal attempt (server-webapp.rules) * 1:41354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules) * 1:41353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules) * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules) * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41337 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules) * 1:41336 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules) * 1:41335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules) * 1:41334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules) * 1:41333 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules) * 1:41332 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules) * 1:41331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection attempt (malware-cnc.rules) * 1:41330 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules) * 1:41329 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules) * 3:41344 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules) * 3:41345 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules) * 3:41350 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules) * 3:41351 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules) * 3:41352 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0232 attack attempt (server-webapp.rules)
* 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules) * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules) * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40431 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules) * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules) * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules) * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules) * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules) * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules) * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules) * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules) * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
