Summary: This rule does not have documentation
Or if you're lucky some link to a virus total page with no other explanation.
Well I thought it might be interesting to try to collect some brief links or documentation around some documentation-less snort rules. I did not write the rules, I have no insight into who did or why they did. I did not write the documentation either, I simply collected the information and put it in a spot where maybe if you're lucky and google searching why a snort rule fired and what it means, then I was just hoping this documentation would be helpful for you. Enjoy.
Sample initial documentation I put together for the documentation-less:
- SERVER-WEBAPP Nagios XI Incident Manager SQL command injection attempt 41018 41019
- MALWARE-CNC Linux.DDoS.D93 outbound connection 40991
- SERVER-WEBAPP Oracle Weblogic default credentials login attempt 40905 40905
- MALWARE-CNC Win.Malware.Disttrack variant outbound connection 40906
- MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt 40910
- MALWARE-CNC Win.Rootkit.Sednit variant outbound connection attempt 40911
- MALWARE-OTHER Win.Trojan.Flokibot variant download attempt 40912 40913
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.