Talos has added and modified multiple rules in the blacklist, browser-ie, deleted, exploit-kit, file-executable, file-flash, file-other, indicator-compromise, malware-backdoor, malware-cnc, malware-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41634 <-> DISABLED <-> DELETED JZUG1wVRPVZOLCvEyoHz (deleted.rules) * 1:41587 <-> DISABLED <-> DELETED v6YNZkcOtoUt4lazjOZg (deleted.rules) * 1:41590 <-> DISABLED <-> DELETED tB8in5OHkHx3L0ni1p1I (deleted.rules) * 1:41581 <-> DISABLED <-> DELETED lm06mVLIekQJco8ymvCj (deleted.rules) * 1:41583 <-> DISABLED <-> DELETED 2104Je8NeYdUapqjyLKN (deleted.rules) * 1:41579 <-> DISABLED <-> DELETED tYwrGluX5dObfE6sY3GA (deleted.rules) * 1:41580 <-> DISABLED <-> DELETED xozrA27GE3bw8z1WGapk (deleted.rules) * 1:41577 <-> DISABLED <-> DELETED 9G9ad7eS9ApSYjQCeMop (deleted.rules) * 1:41578 <-> DISABLED <-> DELETED JnY2cb8F710UF6d9lQSp (deleted.rules) * 1:41574 <-> DISABLED <-> DELETED 0GQx9qNGzD5JvIgsNsLU (deleted.rules) * 1:41575 <-> DISABLED <-> DELETED iXbkLX1dAAlk183HBDqc (deleted.rules) * 1:41572 <-> DISABLED <-> DELETED Jo29KjldkTlEL6ev8eBR (deleted.rules) * 1:41573 <-> DISABLED <-> DELETED AaEnRMGjoABYzg5s2InU (deleted.rules) * 1:41569 <-> DISABLED <-> DELETED SvuhTNxfofLNh6BDRK33 (deleted.rules) * 1:41570 <-> DISABLED <-> DELETED j9s3YbYVyYWsbrtQ3uIs (deleted.rules) * 1:41567 <-> DISABLED <-> DELETED pTXs7KUhQRGhaWTgKbb7 (deleted.rules) * 1:41568 <-> DISABLED <-> DELETED kF3nigJ4JNVVk6rUu4Y3 (deleted.rules) * 1:41564 <-> DISABLED <-> DELETED gTgCA88UF8renb5O9NNQ (deleted.rules) * 1:41565 <-> DISABLED <-> DELETED j1CGK1PYbr0q4ETiGl8i (deleted.rules) * 1:41562 <-> DISABLED <-> DELETED OAFbssmWYTUcAmr92XiO (deleted.rules) * 1:41563 <-> DISABLED <-> DELETED fK4NDvjETaezKM19vsBD (deleted.rules) * 1:41559 <-> DISABLED <-> DELETED vLuzJQZoy0uX2rfCGyX7 (deleted.rules) * 1:41560 <-> DISABLED <-> DELETED 2xy4LeeaJZxrNUR2Zrjn (deleted.rules) * 1:41557 <-> DISABLED <-> DELETED nsW9dVJiXbmLiVxuruv3 (deleted.rules) * 1:41558 <-> DISABLED <-> DELETED 0dSWPnm7dz6Fcf70zGIL (deleted.rules) * 1:41554 <-> DISABLED <-> DELETED oeXHcWOaoDqO97LWE3im (deleted.rules) * 1:41555 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use asm memory corruption attempt (browser-ie.rules) * 1:41553 <-> DISABLED <-> DELETED n0AKi5Jy0HRovEdANpIJ (deleted.rules) * 1:41550 <-> DISABLED <-> DELETED 9PiGK20daqQ4NG2yUmHJ (deleted.rules) * 1:41552 <-> DISABLED <-> DELETED j0lVhTQQnlFPNV8WbXjw (deleted.rules) * 1:41549 <-> DISABLED <-> DELETED 3KS9XNn1eqWy808Nag8X (deleted.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41606 <-> DISABLED <-> DELETED DyPtd537A4oTXII67lLY (deleted.rules) * 1:41608 <-> DISABLED <-> DELETED DlljTt5vFr4wpoNJnBJD (deleted.rules) * 1:41607 <-> DISABLED <-> DELETED rAZFmWHsPbKcUty7MgrA (deleted.rules) * 1:41610 <-> DISABLED <-> DELETED kOVvZrK2dixrCRdcdldP (deleted.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41584 <-> DISABLED <-> DELETED xQLvvhaNbAQnF8Jikc0m (deleted.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41602 <-> DISABLED <-> DELETED aw5zsD18HZVNLa9fNWB7 (deleted.rules) * 1:41551 <-> DISABLED <-> DELETED qS9HxX8E8ZuwjJmc2QYy (deleted.rules) * 1:41609 <-> DISABLED <-> DELETED Vehj0FCBGiPlqED8fNo1 (deleted.rules) * 1:41556 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use asm memory corruption attempt (browser-ie.rules) * 1:41561 <-> DISABLED <-> DELETED WEJm6bj4v3duVaDCRGYl (deleted.rules) * 1:41566 <-> DISABLED <-> DELETED eh2wYUkuI278GyheZZwI (deleted.rules) * 1:41571 <-> DISABLED <-> DELETED HIFsM6I1zeAoJJ5Yf5li (deleted.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41576 <-> DISABLED <-> DELETED l77NiJB8YylQIdXeb6CM (deleted.rules) * 1:41582 <-> DISABLED <-> DELETED A9MKNbvdALHvn3CdLpqv (deleted.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41601 <-> DISABLED <-> DELETED QFHU2S6OJHLagIz6pOvI (deleted.rules) * 1:41599 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPeerHolder use after free attempt (browser-ie.rules) * 1:41600 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPeerHolder use after free attempt (browser-ie.rules) * 1:41597 <-> DISABLED <-> DELETED bpYVBffSltC9snfZm375 (deleted.rules) * 1:41598 <-> DISABLED <-> DELETED tlGo6aXOokNuyU1LDLf2 (deleted.rules) * 1:41595 <-> DISABLED <-> DELETED YCkW8nqU9F5eK8z8YSbn (deleted.rules) * 1:41596 <-> DISABLED <-> DELETED 92rMZYmep1qp65DS5D1V (deleted.rules) * 1:41593 <-> DISABLED <-> DELETED 7ZUEraI3djmWkEg1YJQz (deleted.rules) * 1:41594 <-> DISABLED <-> DELETED QB7rs3Z2BDil1quuJNKT (deleted.rules) * 1:41591 <-> DISABLED <-> DELETED SZEKQhOGrioANnhLEW71 (deleted.rules) * 1:41592 <-> DISABLED <-> DELETED 0POZmpuYEnQ8DWiFvIqZ (deleted.rules) * 1:41588 <-> DISABLED <-> DELETED 2rR4CIpZQ1oZBLU01E4M (deleted.rules) * 1:41589 <-> DISABLED <-> DELETED BKyoksClYkHqRyMDLret (deleted.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41633 <-> DISABLED <-> DELETED sxNxlO0jW0maiNpR7aM4 (deleted.rules) * 1:41625 <-> DISABLED <-> DELETED 1Yn0o2sUhWRHdpZIYQCe (deleted.rules) * 1:41626 <-> DISABLED <-> DELETED A8bNNfsFmpiJzXVSVbt6 (deleted.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41585 <-> DISABLED <-> DELETED xePvFEaRV1KmQNOzRGXH (deleted.rules) * 1:41586 <-> DISABLED <-> DELETED GXtNgBGUZsao7PElnBoI (deleted.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:41635 <-> ENABLED <-> FILE-OTHER Adobe AcrobatDC EMF buffer underflow attempt (file-other.rules) * 1:41638 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN gallery directory traversal attempt (server-webapp.rules) * 1:41636 <-> ENABLED <-> FILE-OTHER Adobe AcrobatDC EMF buffer underflow attempt (file-other.rules) * 1:41639 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN gallery directory traversal attempt (server-webapp.rules) * 1:41642 <-> DISABLED <-> SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (server-webapp.rules) * 1:41605 <-> DISABLED <-> DELETED ILkVCsobqFaujNaEjEQV (deleted.rules)
* 1:41122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain editprod.waterfilter.in.ua (blacklist.rules) * 1:39220 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:38681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka POST attempt (malware-cnc.rules) * 1:39219 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:38260 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:38729 <-> ENABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules) * 1:38610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla downloader successful base64 binary download (malware-cnc.rules) * 1:38261 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:38259 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:37091 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37679 <-> ENABLED <-> FILE-FLASH Adobe Flash player ASNative textField use after free attempt (file-flash.rules) * 1:37680 <-> ENABLED <-> FILE-FLASH Adobe Flash player ASNative textField use after free attempt (file-flash.rules) * 1:37076 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37089 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37090 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37088 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37075 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37073 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37071 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:34842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:35783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jiripbot variant outbound connection (malware-cnc.rules) * 1:33756 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:35035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Taleretzbj outbound connection (malware-cnc.rules) * 1:33812 <-> ENABLED <-> SERVER-WEBAPP Seagate NAS remote code execution attempt (server-webapp.rules) * 1:33880 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules) * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:33757 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:32555 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit outbound Oracle Java jar request (exploit-kit.rules) * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:32623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32753 <-> ENABLED <-> SERVER-WEBAPP FreePBX Framework Asterisk recording interface PHP unserialize code execution attempt (server-webapp.rules) * 1:29863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:32622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:31896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magnetor vairant outbound connection (malware-cnc.rules) * 1:31944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules) * 1:28516 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:31682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules) * 1:28985 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules) * 1:28879 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Tavdig variant outbound connection (malware-cnc.rules) * 1:28509 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28517 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28511 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28515 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:27601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant connection (malware-cnc.rules) * 1:28510 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecifg variant outbound connection (malware-cnc.rules) * 1:28315 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:24285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nomno variant outbound connection (malware-cnc.rules) * 1:27804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:27057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalbot variant outbound connection (malware-cnc.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 3:36228 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:36225 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:36226 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:41221 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0234 attack attempt (server-webapp.rules) * 3:41467 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0276 TALOS-2017-0277 attack attempt (server-other.rules) * 3:36227 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41633 <-> DISABLED <-> DELETED sxNxlO0jW0maiNpR7aM4 (deleted.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41626 <-> DISABLED <-> DELETED A8bNNfsFmpiJzXVSVbt6 (deleted.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41625 <-> DISABLED <-> DELETED 1Yn0o2sUhWRHdpZIYQCe (deleted.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41599 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPeerHolder use after free attempt (browser-ie.rules) * 1:41600 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPeerHolder use after free attempt (browser-ie.rules) * 1:41598 <-> DISABLED <-> DELETED tlGo6aXOokNuyU1LDLf2 (deleted.rules) * 1:41596 <-> DISABLED <-> DELETED 92rMZYmep1qp65DS5D1V (deleted.rules) * 1:41597 <-> DISABLED <-> DELETED bpYVBffSltC9snfZm375 (deleted.rules) * 1:41594 <-> DISABLED <-> DELETED QB7rs3Z2BDil1quuJNKT (deleted.rules) * 1:41595 <-> DISABLED <-> DELETED YCkW8nqU9F5eK8z8YSbn (deleted.rules) * 1:41593 <-> DISABLED <-> DELETED 7ZUEraI3djmWkEg1YJQz (deleted.rules) * 1:41591 <-> DISABLED <-> DELETED SZEKQhOGrioANnhLEW71 (deleted.rules) * 1:41592 <-> DISABLED <-> DELETED 0POZmpuYEnQ8DWiFvIqZ (deleted.rules) * 1:41590 <-> DISABLED <-> DELETED tB8in5OHkHx3L0ni1p1I (deleted.rules) * 1:41583 <-> DISABLED <-> DELETED 2104Je8NeYdUapqjyLKN (deleted.rules) * 1:41584 <-> DISABLED <-> DELETED xQLvvhaNbAQnF8Jikc0m (deleted.rules) * 1:41586 <-> DISABLED <-> DELETED GXtNgBGUZsao7PElnBoI (deleted.rules) * 1:41601 <-> DISABLED <-> DELETED QFHU2S6OJHLagIz6pOvI (deleted.rules) * 1:41582 <-> DISABLED <-> DELETED A9MKNbvdALHvn3CdLpqv (deleted.rules) * 1:41581 <-> DISABLED <-> DELETED lm06mVLIekQJco8ymvCj (deleted.rules) * 1:41579 <-> DISABLED <-> DELETED tYwrGluX5dObfE6sY3GA (deleted.rules) * 1:41602 <-> DISABLED <-> DELETED aw5zsD18HZVNLa9fNWB7 (deleted.rules) * 1:41580 <-> DISABLED <-> DELETED xozrA27GE3bw8z1WGapk (deleted.rules) * 1:41577 <-> DISABLED <-> DELETED 9G9ad7eS9ApSYjQCeMop (deleted.rules) * 1:41578 <-> DISABLED <-> DELETED JnY2cb8F710UF6d9lQSp (deleted.rules) * 1:41575 <-> DISABLED <-> DELETED iXbkLX1dAAlk183HBDqc (deleted.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41576 <-> DISABLED <-> DELETED l77NiJB8YylQIdXeb6CM (deleted.rules) * 1:41574 <-> DISABLED <-> DELETED 0GQx9qNGzD5JvIgsNsLU (deleted.rules) * 1:41572 <-> DISABLED <-> DELETED Jo29KjldkTlEL6ev8eBR (deleted.rules) * 1:41573 <-> DISABLED <-> DELETED AaEnRMGjoABYzg5s2InU (deleted.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41570 <-> DISABLED <-> DELETED j9s3YbYVyYWsbrtQ3uIs (deleted.rules) * 1:41571 <-> DISABLED <-> DELETED HIFsM6I1zeAoJJ5Yf5li (deleted.rules) * 1:41568 <-> DISABLED <-> DELETED kF3nigJ4JNVVk6rUu4Y3 (deleted.rules) * 1:41569 <-> DISABLED <-> DELETED SvuhTNxfofLNh6BDRK33 (deleted.rules) * 1:41605 <-> DISABLED <-> DELETED ILkVCsobqFaujNaEjEQV (deleted.rules) * 1:41566 <-> DISABLED <-> DELETED eh2wYUkuI278GyheZZwI (deleted.rules) * 1:41567 <-> DISABLED <-> DELETED pTXs7KUhQRGhaWTgKbb7 (deleted.rules) * 1:41564 <-> DISABLED <-> DELETED gTgCA88UF8renb5O9NNQ (deleted.rules) * 1:41565 <-> DISABLED <-> DELETED j1CGK1PYbr0q4ETiGl8i (deleted.rules) * 1:41606 <-> DISABLED <-> DELETED DyPtd537A4oTXII67lLY (deleted.rules) * 1:41562 <-> DISABLED <-> DELETED OAFbssmWYTUcAmr92XiO (deleted.rules) * 1:41563 <-> DISABLED <-> DELETED fK4NDvjETaezKM19vsBD (deleted.rules) * 1:41560 <-> DISABLED <-> DELETED 2xy4LeeaJZxrNUR2Zrjn (deleted.rules) * 1:41561 <-> DISABLED <-> DELETED WEJm6bj4v3duVaDCRGYl (deleted.rules) * 1:41607 <-> DISABLED <-> DELETED rAZFmWHsPbKcUty7MgrA (deleted.rules) * 1:41558 <-> DISABLED <-> DELETED 0dSWPnm7dz6Fcf70zGIL (deleted.rules) * 1:41559 <-> DISABLED <-> DELETED vLuzJQZoy0uX2rfCGyX7 (deleted.rules) * 1:41556 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use asm memory corruption attempt (browser-ie.rules) * 1:41557 <-> DISABLED <-> DELETED nsW9dVJiXbmLiVxuruv3 (deleted.rules) * 1:41608 <-> DISABLED <-> DELETED DlljTt5vFr4wpoNJnBJD (deleted.rules) * 1:41554 <-> DISABLED <-> DELETED oeXHcWOaoDqO97LWE3im (deleted.rules) * 1:41555 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use asm memory corruption attempt (browser-ie.rules) * 1:41552 <-> DISABLED <-> DELETED j0lVhTQQnlFPNV8WbXjw (deleted.rules) * 1:41553 <-> DISABLED <-> DELETED n0AKi5Jy0HRovEdANpIJ (deleted.rules) * 1:41550 <-> DISABLED <-> DELETED 9PiGK20daqQ4NG2yUmHJ (deleted.rules) * 1:41609 <-> DISABLED <-> DELETED Vehj0FCBGiPlqED8fNo1 (deleted.rules) * 1:41551 <-> DISABLED <-> DELETED qS9HxX8E8ZuwjJmc2QYy (deleted.rules) * 1:41549 <-> DISABLED <-> DELETED 3KS9XNn1eqWy808Nag8X (deleted.rules) * 1:41610 <-> DISABLED <-> DELETED kOVvZrK2dixrCRdcdldP (deleted.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41588 <-> DISABLED <-> DELETED 2rR4CIpZQ1oZBLU01E4M (deleted.rules) * 1:41587 <-> DISABLED <-> DELETED v6YNZkcOtoUt4lazjOZg (deleted.rules) * 1:41642 <-> DISABLED <-> SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (server-webapp.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41639 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN gallery directory traversal attempt (server-webapp.rules) * 1:41589 <-> DISABLED <-> DELETED BKyoksClYkHqRyMDLret (deleted.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41638 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN gallery directory traversal attempt (server-webapp.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:41636 <-> ENABLED <-> FILE-OTHER Adobe AcrobatDC EMF buffer underflow attempt (file-other.rules) * 1:41585 <-> DISABLED <-> DELETED xePvFEaRV1KmQNOzRGXH (deleted.rules) * 1:41634 <-> DISABLED <-> DELETED JZUG1wVRPVZOLCvEyoHz (deleted.rules) * 1:41635 <-> ENABLED <-> FILE-OTHER Adobe AcrobatDC EMF buffer underflow attempt (file-other.rules)
* 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 1:24285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nomno variant outbound connection (malware-cnc.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:27057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalbot variant outbound connection (malware-cnc.rules) * 1:27601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant connection (malware-cnc.rules) * 1:27804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:28305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecifg variant outbound connection (malware-cnc.rules) * 1:28315 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28509 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28510 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28511 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28515 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28516 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28517 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28879 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Tavdig variant outbound connection (malware-cnc.rules) * 1:28985 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules) * 1:29863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:31682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules) * 1:31896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magnetor vairant outbound connection (malware-cnc.rules) * 1:31944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules) * 1:32555 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit outbound Oracle Java jar request (exploit-kit.rules) * 1:32622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32753 <-> ENABLED <-> SERVER-WEBAPP FreePBX Framework Asterisk recording interface PHP unserialize code execution attempt (server-webapp.rules) * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:33756 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33757 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33812 <-> ENABLED <-> SERVER-WEBAPP Seagate NAS remote code execution attempt (server-webapp.rules) * 1:33880 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules) * 1:34842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:35035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Taleretzbj outbound connection (malware-cnc.rules) * 1:35783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jiripbot variant outbound connection (malware-cnc.rules) * 1:37071 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37073 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37076 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37088 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37089 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37090 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37679 <-> ENABLED <-> FILE-FLASH Adobe Flash player ASNative textField use after free attempt (file-flash.rules) * 1:37680 <-> ENABLED <-> FILE-FLASH Adobe Flash player ASNative textField use after free attempt (file-flash.rules) * 1:38259 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:38260 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:38261 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:38607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules) * 1:38610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla downloader successful base64 binary download (malware-cnc.rules) * 1:38681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka POST attempt (malware-cnc.rules) * 1:38729 <-> ENABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:39219 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:39220 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:41122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain editprod.waterfilter.in.ua (blacklist.rules) * 3:41221 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0234 attack attempt (server-webapp.rules) * 3:41467 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0276 TALOS-2017-0277 attack attempt (server-other.rules) * 3:36227 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:36228 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:36225 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:36226 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41642 <-> DISABLED <-> SERVER-WEBAPP TP-LINK AC750 ping diagnostic command injection attempt (server-webapp.rules) * 1:41641 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41640 <-> DISABLED <-> FILE-EXECUTABLE QuickHeal Internet Security malformed Mach-O file buffer overflow attempt (file-executable.rules) * 1:41639 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN gallery directory traversal attempt (server-webapp.rules) * 1:41638 <-> DISABLED <-> SERVER-WEBAPP Wordpress NextGEN gallery directory traversal attempt (server-webapp.rules) * 1:41637 <-> DISABLED <-> INDICATOR-COMPROMISE Writable SQL directories discovery attempt (indicator-compromise.rules) * 1:41636 <-> ENABLED <-> FILE-OTHER Adobe AcrobatDC EMF buffer underflow attempt (file-other.rules) * 1:41635 <-> ENABLED <-> FILE-OTHER Adobe AcrobatDC EMF buffer underflow attempt (file-other.rules) * 1:41634 <-> DISABLED <-> DELETED JZUG1wVRPVZOLCvEyoHz (deleted.rules) * 1:41633 <-> DISABLED <-> DELETED sxNxlO0jW0maiNpR7aM4 (deleted.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41626 <-> DISABLED <-> DELETED A8bNNfsFmpiJzXVSVbt6 (deleted.rules) * 1:41625 <-> DISABLED <-> DELETED 1Yn0o2sUhWRHdpZIYQCe (deleted.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41610 <-> DISABLED <-> DELETED kOVvZrK2dixrCRdcdldP (deleted.rules) * 1:41609 <-> DISABLED <-> DELETED Vehj0FCBGiPlqED8fNo1 (deleted.rules) * 1:41608 <-> DISABLED <-> DELETED DlljTt5vFr4wpoNJnBJD (deleted.rules) * 1:41607 <-> DISABLED <-> DELETED rAZFmWHsPbKcUty7MgrA (deleted.rules) * 1:41606 <-> DISABLED <-> DELETED DyPtd537A4oTXII67lLY (deleted.rules) * 1:41605 <-> DISABLED <-> DELETED ILkVCsobqFaujNaEjEQV (deleted.rules) * 1:41604 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41603 <-> DISABLED <-> FILE-FLASH Adobe Flash player BitmapData class use after free attempt (file-flash.rules) * 1:41602 <-> DISABLED <-> DELETED aw5zsD18HZVNLa9fNWB7 (deleted.rules) * 1:41601 <-> DISABLED <-> DELETED QFHU2S6OJHLagIz6pOvI (deleted.rules) * 1:41600 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPeerHolder use after free attempt (browser-ie.rules) * 1:41599 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPeerHolder use after free attempt (browser-ie.rules) * 1:41598 <-> DISABLED <-> DELETED tlGo6aXOokNuyU1LDLf2 (deleted.rules) * 1:41597 <-> DISABLED <-> DELETED bpYVBffSltC9snfZm375 (deleted.rules) * 1:41596 <-> DISABLED <-> DELETED 92rMZYmep1qp65DS5D1V (deleted.rules) * 1:41595 <-> DISABLED <-> DELETED YCkW8nqU9F5eK8z8YSbn (deleted.rules) * 1:41594 <-> DISABLED <-> DELETED QB7rs3Z2BDil1quuJNKT (deleted.rules) * 1:41593 <-> DISABLED <-> DELETED 7ZUEraI3djmWkEg1YJQz (deleted.rules) * 1:41592 <-> DISABLED <-> DELETED 0POZmpuYEnQ8DWiFvIqZ (deleted.rules) * 1:41591 <-> DISABLED <-> DELETED SZEKQhOGrioANnhLEW71 (deleted.rules) * 1:41590 <-> DISABLED <-> DELETED tB8in5OHkHx3L0ni1p1I (deleted.rules) * 1:41589 <-> DISABLED <-> DELETED BKyoksClYkHqRyMDLret (deleted.rules) * 1:41588 <-> DISABLED <-> DELETED 2rR4CIpZQ1oZBLU01E4M (deleted.rules) * 1:41587 <-> DISABLED <-> DELETED v6YNZkcOtoUt4lazjOZg (deleted.rules) * 1:41586 <-> DISABLED <-> DELETED GXtNgBGUZsao7PElnBoI (deleted.rules) * 1:41585 <-> DISABLED <-> DELETED xePvFEaRV1KmQNOzRGXH (deleted.rules) * 1:41584 <-> DISABLED <-> DELETED xQLvvhaNbAQnF8Jikc0m (deleted.rules) * 1:41583 <-> DISABLED <-> DELETED 2104Je8NeYdUapqjyLKN (deleted.rules) * 1:41582 <-> DISABLED <-> DELETED A9MKNbvdALHvn3CdLpqv (deleted.rules) * 1:41581 <-> DISABLED <-> DELETED lm06mVLIekQJco8ymvCj (deleted.rules) * 1:41580 <-> DISABLED <-> DELETED xozrA27GE3bw8z1WGapk (deleted.rules) * 1:41579 <-> DISABLED <-> DELETED tYwrGluX5dObfE6sY3GA (deleted.rules) * 1:41578 <-> DISABLED <-> DELETED JnY2cb8F710UF6d9lQSp (deleted.rules) * 1:41577 <-> DISABLED <-> DELETED 9G9ad7eS9ApSYjQCeMop (deleted.rules) * 1:41576 <-> DISABLED <-> DELETED l77NiJB8YylQIdXeb6CM (deleted.rules) * 1:41575 <-> DISABLED <-> DELETED iXbkLX1dAAlk183HBDqc (deleted.rules) * 1:41574 <-> DISABLED <-> DELETED 0GQx9qNGzD5JvIgsNsLU (deleted.rules) * 1:41573 <-> DISABLED <-> DELETED AaEnRMGjoABYzg5s2InU (deleted.rules) * 1:41572 <-> DISABLED <-> DELETED Jo29KjldkTlEL6ev8eBR (deleted.rules) * 1:41571 <-> DISABLED <-> DELETED HIFsM6I1zeAoJJ5Yf5li (deleted.rules) * 1:41570 <-> DISABLED <-> DELETED j9s3YbYVyYWsbrtQ3uIs (deleted.rules) * 1:41569 <-> DISABLED <-> DELETED SvuhTNxfofLNh6BDRK33 (deleted.rules) * 1:41568 <-> DISABLED <-> DELETED kF3nigJ4JNVVk6rUu4Y3 (deleted.rules) * 1:41567 <-> DISABLED <-> DELETED pTXs7KUhQRGhaWTgKbb7 (deleted.rules) * 1:41566 <-> DISABLED <-> DELETED eh2wYUkuI278GyheZZwI (deleted.rules) * 1:41565 <-> DISABLED <-> DELETED j1CGK1PYbr0q4ETiGl8i (deleted.rules) * 1:41564 <-> DISABLED <-> DELETED gTgCA88UF8renb5O9NNQ (deleted.rules) * 1:41563 <-> DISABLED <-> DELETED fK4NDvjETaezKM19vsBD (deleted.rules) * 1:41562 <-> DISABLED <-> DELETED OAFbssmWYTUcAmr92XiO (deleted.rules) * 1:41561 <-> DISABLED <-> DELETED WEJm6bj4v3duVaDCRGYl (deleted.rules) * 1:41560 <-> DISABLED <-> DELETED 2xy4LeeaJZxrNUR2Zrjn (deleted.rules) * 1:41559 <-> DISABLED <-> DELETED vLuzJQZoy0uX2rfCGyX7 (deleted.rules) * 1:41558 <-> DISABLED <-> DELETED 0dSWPnm7dz6Fcf70zGIL (deleted.rules) * 1:41557 <-> DISABLED <-> DELETED nsW9dVJiXbmLiVxuruv3 (deleted.rules) * 1:41556 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use asm memory corruption attempt (browser-ie.rules) * 1:41555 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use asm memory corruption attempt (browser-ie.rules) * 1:41554 <-> DISABLED <-> DELETED oeXHcWOaoDqO97LWE3im (deleted.rules) * 1:41553 <-> DISABLED <-> DELETED n0AKi5Jy0HRovEdANpIJ (deleted.rules) * 1:41552 <-> DISABLED <-> DELETED j0lVhTQQnlFPNV8WbXjw (deleted.rules) * 1:41551 <-> DISABLED <-> DELETED qS9HxX8E8ZuwjJmc2QYy (deleted.rules) * 1:41550 <-> DISABLED <-> DELETED 9PiGK20daqQ4NG2yUmHJ (deleted.rules) * 1:41549 <-> DISABLED <-> DELETED 3KS9XNn1eqWy808Nag8X (deleted.rules)
* 1:39220 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:41122 <-> ENABLED <-> BLACKLIST DNS request for known malware domain editprod.waterfilter.in.ua (blacklist.rules) * 1:38729 <-> ENABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:39219 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:38610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla downloader successful base64 binary download (malware-cnc.rules) * 1:38681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka POST attempt (malware-cnc.rules) * 1:38261 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:38607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules) * 1:38259 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:38260 <-> ENABLED <-> MALWARE-CNC PowerShell Empire outbound request (malware-cnc.rules) * 1:37679 <-> ENABLED <-> FILE-FLASH Adobe Flash player ASNative textField use after free attempt (file-flash.rules) * 1:37680 <-> ENABLED <-> FILE-FLASH Adobe Flash player ASNative textField use after free attempt (file-flash.rules) * 1:37090 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37088 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37089 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37075 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37076 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37073 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37071 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:35035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Taleretzbj outbound connection (malware-cnc.rules) * 1:35783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jiripbot variant outbound connection (malware-cnc.rules) * 1:33880 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules) * 1:34842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:33757 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33812 <-> ENABLED <-> SERVER-WEBAPP Seagate NAS remote code execution attempt (server-webapp.rules) * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:33756 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules) * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:32753 <-> ENABLED <-> SERVER-WEBAPP FreePBX Framework Asterisk recording interface PHP unserialize code execution attempt (server-webapp.rules) * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules) * 1:32622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:32623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules) * 1:31944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules) * 1:32555 <-> ENABLED <-> EXPLOIT-KIT Hellspawn exploit kit outbound Oracle Java jar request (exploit-kit.rules) * 1:31682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules) * 1:31896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Magnetor vairant outbound connection (malware-cnc.rules) * 1:28985 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules) * 1:29863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbound connection (malware-cnc.rules) * 1:28517 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28879 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Tavdig variant outbound connection (malware-cnc.rules) * 1:28515 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28516 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28510 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28511 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28509 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules) * 1:28305 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecifg variant outbound connection (malware-cnc.rules) * 1:28315 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:27601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant connection (malware-cnc.rules) * 1:27804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PRISM variant outbound connection (malware-cnc.rules) * 1:26777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:27057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalbot variant outbound connection (malware-cnc.rules) * 1:26529 <-> DISABLED <-> MALWARE-BACKDOOR Unix.Backdoor.Cdorked backdoor command attempt (malware-backdoor.rules) * 1:21555 <-> DISABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules) * 1:24285 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nomno variant outbound connection (malware-cnc.rules) * 1:21074 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 3:36228 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:41467 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2017-0276 TALOS-2017-0277 attack attempt (server-other.rules) * 3:41221 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0234 attack attempt (server-webapp.rules) * 3:36226 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:36227 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules) * 3:36225 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0060 attack attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
