Summary:
0 new OPEN, 0 new PRO (0 + 0)
Modified inactive rules:
- 2000031 - ET EXPLOIT CVS server heap overflow attempt (target BSD) (exploit.rules)
- 2000048 - ET EXPLOIT CVS server heap overflow attempt (target Linux) (exploit.rules)
- 2000049 - ET EXPLOIT CVS server heap overflow attempt (target Solaris) (exploit.rules)
- 2000377 - ET EXPLOIT MS-SQL heap overflow attempt (exploit.rules)
- 2001181 - ET ACTIVEX Internet Explorer Plugin.ocx Heap Overflow (activex.rules)
- 2001364 - ET EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Connectback Attempt (exploit.rules)
- 2001369 - ET EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Exploit (exploit.rules)
- 2002880 - ET SNMP Cisco Non-Trap PDU request on SNMPv1 trap port (snmp.rules)
- 2002881 - ET SNMP Cisco Non-Trap PDU request on SNMPv2 trap port (snmp.rules)
- 2002882 - ET SNMP Cisco Non-Trap PDU request on SNMPv3 trap port (snmp.rules)
- 2002903 - ET SHELLCODE x86 PexFnstenvMov/Sub Encoder (shellcode.rules)
- 2002904 - ET SHELLCODE x86 Alpha2 GetEIPs Encoder (shellcode.rules)
- 2002905 - ET SHELLCODE x86 Countdown Encoder (shellcode.rules)
- 2002906 - ET SHELLCODE x86 PexAlphaNum Encoder (shellcode.rules)
- 2002907 - ET SHELLCODE x86 PexCall Encoder (shellcode.rules)
- 2002908 - ET SHELLCODE x86 JmpCallAdditive Encoder (shellcode.rules)
- 2002926 - ET SNMP Cisco Non-Trap PDU request on SNMPv1 random port (snmp.rules)
- 2002927 - ET SNMP Cisco Non-Trap PDU request on SNMPv2 random port (snmp.rules)
- 2002928 - ET SNMP Cisco Non-Trap PDU request on SNMPv3 random port (snmp.rules)
- 2003039 - ET EXPLOIT UPnP DLink M-Search Overflow Attempt (exploit.rules)
- 2003369 - ET EXPLOIT CA BrightStor ARCserve Mobile Backup LGSERVER.EXE Heap Corruption (exploit.rules)
- 2003378 - ET EXPLOIT Computer Associates Mobile Backup Service LGSERVER.EXE Stack Overflow (exploit.rules)
- 2007876 - ET EXPLOIT ExtremeZ-IP File and Print Server Multiple Vulnerabilities - udp (exploit.rules)
- 2007933 - ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability (exploit.rules)
- 2007937 - ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow (exploit.rules)
- 2008446 - ET DNS Excessive DNS Responses with 1 or more RR’s (100+ in 10 seconds) - possible Cache Poisoning Attempt (dns.rules)
- 2008776 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-1 (exploit.rules)
- 2008777 - ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-2 (exploit.rules)
- 2009172 - ET MALWARE Psyb0t joining an IRC Channel (malware.rules)
- 2009244 - ET ATTACK_RESPONSE Cisco TclShell TFTP Read Request (attack_response.rules)
- 2009246 - ET SHELLCODE Bindshell2 Decoder Shellcode (shellcode.rules)
- 2009248 - ET SHELLCODE Lindau (linkbot) xor Decoder Shellcode (shellcode.rules)
- 2009249 - ET SHELLCODE Adenau Shellcode (shellcode.rules)
- 2009250 - ET SHELLCODE Mainz/Bielefeld Shellcode (shellcode.rules)
- 2009251 - ET SHELLCODE Wuerzburg Shellcode (shellcode.rules)
- 2009252 - ET SHELLCODE Schauenburg Shellcode (shellcode.rules)
- 2009253 - ET SHELLCODE Koeln Shellcode (shellcode.rules)
- 2009254 - ET SHELLCODE Lichtenfels Shellcode (shellcode.rules)
- 2009255 - ET SHELLCODE Mannheim Shellcode (shellcode.rules)
- 2009256 - ET SHELLCODE Berlin Shellcode (shellcode.rules)
- 2009257 - ET SHELLCODE Leimbach Shellcode (shellcode.rules)
- 2009258 - ET SHELLCODE Aachen Shellcode (shellcode.rules)
- 2009259 - ET SHELLCODE Furth Shellcode (shellcode.rules)
- 2009260 - ET SHELLCODE Langenfeld Shellcode (shellcode.rules)
- 2009261 - ET SHELLCODE Bonn Shellcode (shellcode.rules)
- 2009262 - ET SHELLCODE Siegburg Shellcode (shellcode.rules)
- 2009263 - ET SHELLCODE Plain1 Shellcode (shellcode.rules)
- 2009264 - ET SHELLCODE Plain2 Shellcode (shellcode.rules)
- 2009265 - ET SHELLCODE Bindshell1 Decoder Shellcode (shellcode.rules)
- 2009266 - ET SHELLCODE Bindshell1 Decoder Shellcode (UDP) (shellcode.rules)
- 2009267 - ET SHELLCODE Plain2 Shellcode (UDP) (shellcode.rules)
- 2009268 - ET SHELLCODE Plain1 Shellcode (UDP) (shellcode.rules)
- 2009269 - ET SHELLCODE Siegburg Shellcode (UDP) (shellcode.rules)
- 2009270 - ET SHELLCODE Bonn Shellcode (UDP) (shellcode.rules)
- 2009271 - ET SHELLCODE Langenfeld Shellcode (UDP) (shellcode.rules)
- 2009272 - ET SHELLCODE Furth Shellcode (UDP) (shellcode.rules)
- 2009273 - ET SHELLCODE Aachen Shellcode (UDP) (shellcode.rules)
- 2009274 - ET SHELLCODE Leimbach Shellcode (UDP) (shellcode.rules)
- 2009275 - ET SHELLCODE Berlin Shellcode (UDP) (shellcode.rules)
- 2009276 - ET SHELLCODE Mannheim Shellcode (UDP) (shellcode.rules)
- 2009277 - ET SHELLCODE Lichtenfels Shellcode (UDP) (shellcode.rules)
- 2009278 - ET SHELLCODE Koeln Shellcode (UDP) (shellcode.rules)
- 2009279 - ET SHELLCODE Schauenburg Shellcode (UDP) (shellcode.rules)
- 2009280 - ET SHELLCODE Wuerzburg Shellcode (UDP) (shellcode.rules)
- 2009281 - ET SHELLCODE Mainz/Bielefeld Shellcode (UDP) (shellcode.rules)
- 2009282 - ET SHELLCODE Adenau Shellcode (UDP) (shellcode.rules)
- 2009283 - ET SHELLCODE Lindau (linkbot) xor Decoder Shellcode (UDP) (shellcode.rules)
- 2009284 - ET SHELLCODE Rothenburg Shellcode (UDP) (shellcode.rules)
- 2009701 - ET DOS DNS BIND 9 Dynamic Update DoS attempt (dos.rules)
- 2009907 - ET ACTIVEX Remote Desktop Connection ActiveX Control Heap Overflow clsid access (activex.rules)
- 2010383 - ET SHELLCODE METASPLOIT BSD Bind shell (shellcode.rules)
- 2010385 - ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 2) (shellcode.rules)
- 2010386 - ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 3) (shellcode.rules)
- 2010387 - ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 4) (shellcode.rules)
- 2010388 - ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 5) (shellcode.rules)
- 2010389 - ET SHELLCODE METASPLOIT BSD Bind shell (Pex Encoded 1) (shellcode.rules)
- 2010390 - ET SHELLCODE METASPLOIT BSD Bind shell (Pex Encoded 2) (shellcode.rules)
- 2010391 - ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 1) (shellcode.rules)
- 2010392 - ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 2) (shellcode.rules)
- 2010393 - ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 3) (shellcode.rules)
- 2010394 - ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 4) (shellcode.rules)
- 2010395 - ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 5) (shellcode.rules)
- 2010396 - ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 1) (shellcode.rules)
- 2010397 - ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 2) (shellcode.rules)
- 2010398 - ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 3) (shellcode.rules)
- 2010399 - ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 4) (shellcode.rules)
- 2010400 - ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 5) (shellcode.rules)
- 2010401 - ET SHELLCODE METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 1) (shellcode.rules)
- 2010402 - ET SHELLCODE METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 2) (shellcode.rules)
- 2010403 - ET SHELLCODE METASPLOIT BSD Bind shell (JmpCallAdditive Encoded) (shellcode.rules)
- 2010404 - ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 1) (shellcode.rules)
- 2010405 - ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 2) (shellcode.rules)
- 2010406 - ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 3) (shellcode.rules)
- 2010407 - ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 1) (shellcode.rules)
- 2010409 - ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 1) (shellcode.rules)
- 2010410 - ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 2) (shellcode.rules)
- 2010411 - ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 3) (shellcode.rules)
- 2010412 - ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 4) (shellcode.rules)
- 2010413 - ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Encoded 1) (shellcode.rules)
- 2010414 - ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Encoded 2) (shellcode.rules)
- 2010415 - ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 1) (shellcode.rules)
- 2010416 - ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 2) (shellcode.rules)
- 2010417 - ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 3) (shellcode.rules)
- 2010418 - ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 1) (shellcode.rules)
- 2010419 - ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 2) (shellcode.rules)
- 2010420 - ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 3) (shellcode.rules)
- 2010421 - ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 1) (shellcode.rules)
- 2010423 - ET SHELLCODE METASPLOIT BSD Reverse shell (JmpCallAdditive Encoded 1) (shellcode.rules)
- 2010424 - ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 1) (shellcode.rules)
- 2010425 - ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 2) (shellcode.rules)
- 2010426 - ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 3) (shellcode.rules)
- 2010427 - ET SHELLCODE METASPLOIT BSD SPARC Bind shell (SPARC Encoded 1) (shellcode.rules)
- 2010428 - ET SHELLCODE METASPLOIT BSD SPARC Bind shell (SPARC Encoded 2) (shellcode.rules)
- 2010429 - ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 1) (shellcode.rules)
- 2010430 - ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 2) (shellcode.rules)
- 2010431 - ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 3) (shellcode.rules)
- 2010432 - ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 4) (shellcode.rules)
- 2010433 - ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 1) (shellcode.rules)
- 2010434 - ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 2) (shellcode.rules)
- 2010435 - ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 1) (shellcode.rules)
- 2010436 - ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 2) (shellcode.rules)
- 2010437 - ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 3) (shellcode.rules)
- 2010454 - ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host (attack_response.rules)
- 2010486 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) (dos.rules)
- 2010487 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) (dos.rules)
- 2010732 - ET FTP FTP SITE command attempt without login (ftp.rules)
- 2010733 - ET FTP FTP RMDIR command attempt without login (ftp.rules)
- 2010734 - ET FTP FTP MKDIR command attempt without login (ftp.rules)
- 2010735 - ET FTP FTP PWD command attempt without login (ftp.rules)
- 2010736 - ET FTP FTP RETR command attempt without login (ftp.rules)
- 2010737 - ET FTP FTP NLST command attempt without login (ftp.rules)
- 2010738 - ET FTP FTP RNTO command attempt without login (ftp.rules)
- 2010739 - ET FTP FTP RNFR command attempt without login (ftp.rules)
- 2010740 - ET FTP FTP STOR command attempt without login (ftp.rules)
- 2010834 - ET ACTIVEX Windows Defender ActiveX DeleteValue/WriteValue method Heap Overflow Attempt (activex.rules)
- 2010929 - ET ACTIVEX Foxit Reader ActiveX control OpenFile method Heap Overflow Attempt (activex.rules)
- 2010977 - ET ACTIVEX AOL 9.5 ActiveX control Import method Heap Overflow Attempt (activex.rules)
- 2011050 - ET ACTIVEX Liquid XML Studio 2010 OpenFile Method Remote Heap Overflow Attempt (activex.rules)
- 2011674 - ET DOS SolarWinds TFTP Server Long Write Request Denial Of Service Attempt (dos.rules)
- 2012253 - ET SHELLCODE Common %0a%0a%0a%0a Heap Spray String (shellcode.rules)
- 2012256 - ET SHELLCODE Common 0c0c0c0c Heap Spray String (shellcode.rules)
- 2012510 - ET SHELLCODE UTF-8/16 Encoded Shellcode (shellcode.rules)
- 2012534 - ET SHELLCODE Unescape Variable %u Shellcode (shellcode.rules)
- 2013148 - ET SHELLCODE JavaScript Redefinition of a HeapLib Object - Likely Malicious Heap Spray Attempt (shellcode.rules)
- 2013273 - ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 41414141 (shellcode.rules)
- 2013319 - ET SHELLCODE Unicode UTF-8 Heap Spray Attempt (shellcode.rules)
- 2013320 - ET SHELLCODE Unicode UTF-16 Heap Spray Attempt (shellcode.rules)
- 2033733 - ET EXPLOIT Microsoft Windows VBScript Engine VbsErase Memory Corruption (CVE-2019-0667) (exploit.rules)
- 2034499 - ET ATTACK_RESPONSE Obfuscated VBS Inbound - Underscore Var/Chr/math (attack_response.rules)
- 2800002 - ETPRO EXPLOIT CVS Entry Line Flag Remote Heap Overflow (exploit.rules)
- 2800003 - ETPRO EXPLOIT CVS Entry Line Flag Remote Heap Overflow (exploit.rules)
- 2800115 - ETPRO WEB_CLIENT Microsoft OLE Automation String Manipulation Heap Overflow (web_client.rules)
- 2800116 - ETPRO WEB_CLIENT Microsoft OLE Automation String Manipulation Heap Overflow (web_client.rules)
- 2800141 - ETPRO EXPLOIT RealNetworks Helix DNA Server RTSP Service Heap Overflow (exploit.rules)
- 2800152 - ETPRO ACTIVEX Microsoft Windows MFC Library FileFind Class Heap Overflow (activex.rules)
- 2800198 - ETPRO WEB_CLIENT Apple QuickTime STSD Atoms Handling Heap Overflow (web_client.rules)
- 2800280 - ETPRO EXPLOIT Cisco Unified Communications Manager CTL Provider Heap Overflow (exploit.rules)
- 2800369 - ETPRO EXPLOIT Novell eDirectory SOAP Handling Accept Language Header Heap Overflow 1 (exploit.rules)
- 2800370 - ETPRO EXPLOIT Novell eDirectory SOAP Handling Accept Language Header Heap Overflow 2 (exploit.rules)
- 2800703 - ETPRO WEB_CLIENT RealNetworks RealPlayer Invalid Chunk Size Heap Overflow (web_client.rules)
- 2800704 - ETPRO WEB_CLIENT RealNetworks RealPlayer Invalid Chunk Size Heap Overflow (web_client.rules)
- 2801726 - ETPRO SCADA ClearSCADA Heap Overflow Attempt (scada.rules)
- 2801734 - ETPRO SCADA WellinTech KingView Remote Heap Overflow Attempt (scada.rules)
- 2803983 - ETPRO ACTIVEX Oracle Hyperion Strategic Finance 12.x Tidestone Formula One WorkBook OLE Control TTF16.ocx Remote Heap Overflow (activex.rules)
- 2824939 - ETPRO EXPLOIT Flash Player Heap Overflow (CVE-2017-2992) (exploit.rules)
- 2825398 - ETPRO EXPLOIT Flash Player Heap Overflow (CVE-2017-2992) (exploit.rules)
- 2829187 - ETPRO MALWARE MSIL.NepaCollector CnC M1 (buildInfo) (malware.rules)
- 2829188 - ETPRO MALWARE MSIL.NepaCollector CnC M2 (isMaster) (malware.rules)
- 2829189 - ETPRO MALWARE MSIL.NepaCollector CnC M3 (getLastError) (malware.rules)
- 2830100 - ETPRO MALWARE Java/QRAT Reporting System Info to CnC (malware.rules)
- 2830130 - ETPRO MALWARE Win32/APosT.cxt CnC Beacon (malware.rules)
- 2835851 - ETPRO WEB_CLIENT VBScript Heap Overflow CVE-2019-0666 (web_client.rules)
- 2845427 - ETPRO EXPLOIT Windows Server Heap Overflow Inbound (CVE-2020-17051) (exploit.rules)