29 new signatures:
CRITICAL | SHELLCODE:X64:LINUX-FIND-PORT | SHELLCODE: Linux x64 Find Port Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:LINUX-FIND-PORT | SHELLCODE: Linux x86 Find Port Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:LINUX-SHELL-REV | SHELLCODE: Linux Shell Reverse TCP Metasploit Stager Payload |
CRITICAL | TROJAN:W32-PARITE-CNC | TROJAN: W32/Parite Command and Control Activity |
MEDIUM | TROJAN:UNKNOWN-BACKDOOR-KNOCK | TROJAN: Unidentified Backdoor Knock Request |
HIGH | APP:SUN-JAVA-SYSCAL-TZID-DOS | APP: Sun Java System Calendar Server tzid Parameter Parsing Denial of Service |
MEDIUM | HTTP:STC:MOZILLA:INNER-HTML-DOS | HTTP: Mozilla innerHTML Denial of Service |
HIGH | SSL:OPENSSL-DTLSCLIENTHELLO-DOS | SSL: OpenSSL dtls1 Client Hello Denial of Service |
HIGH | APP:HP-SYS-MANGMNT-CMD-INJ | APP: HP System Management Homepage Command Injection |
MEDIUM | APP:MISC:SAMSUNG-TV-BD-DOS | APP: Samsung TV and BD Products Multiple Denial Of Service |
MEDIUM | APP:MISC:SAMSUNG-NET-I-WARE-DOS | APP: Samsung NET-i ware Multiple Remote Denial of Service |
HIGH | HTTP:STC:ADOBE:MEMLK-2014-0543 | HTTP: Adobe Flash Player CVE-2014-0543 Memory Leak |
HIGH | HTTP:STC:ADOBE:MEMLK-2014-0542 | HTTP: Adobe Flash Player Memory Leak |
MEDIUM | APP:MISC:SAMSUNG-ALLSHARE-DOS | APP: Samsung AllShare Remote Denial of Service |
CRITICAL | SHELLCODE:X86:WIN-SHELL-XPFW | SHELLCODE: Windows Disable Windows ICF Bind TCP Shell Metasploit Payload |
CRITICAL | SHELLCODE:X86:WIN-REV-ORD-TCP | SHELLCODE: Windows Reverse Ordered TCP Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:WIN-FIND-TAG | SHELLCODE: Windows Find Tag Metasploit Stager Payload |
CRITICAL | SHELLCODE:X64:WIN-STAGER | SHELLCODE: Windows x64 Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:WIN-NONX-TCP | SHELLCODE: Windows Nonx TCP Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:WIN-BIND-IPV6-TCP | SHELLCODE: Windows Bind IPv6 TCP Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:WIN-STAGER | SHELLCODE: Windows x86 Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:WIN-SPEAK-PWNED | SHELLCODE: Windows Speech API - Say You Got Pwned! |
HIGH | SMB:SAMBA:NMBD-BO | SMB: Samba nmbd Buffer Overflow |
CRITICAL | SHELLCODE:X64:LINUX-SHELL-BIND | SHELLCODE: Linux Shell Bind TCP Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:LINUX-BIND-NONX | SHELLCODE: Linux Bind Nonx TCP Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:LINUX-FIND-TAG | SHELLCODE: Linux Find Tag Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:LINUX-REV-IPV6 | SHELLCODE: Linux Reverse IPv6 TCP Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:LINUX-REV-NONX | SHELLCODE: Linux Reverse Nonx TCP Metasploit Stager Payload |
CRITICAL | SHELLCODE:X86:LINUX-REVERSE-TCP | SHELLCODE: Linux Reverse TCP Metasploit Stager Payload |
1 updated signature:
MEDIUM | APP:MISC:SAMSUNG-TV-SERVER-DOS | APP: Samsung PS50C7700 TV GET Request Handling DOS |
2 updated application signatures:
Web:Social-Networking:Facebook:FACEBOOK-TIMELINE | Facebook Timeline |
Web:Social-Networking:Facebook:FACEBOOK-STATUS-UPDATE | Facebook Status Update |
This signature detects malicious find port metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious find port metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious shell reverse tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects status updates to a users timeline on Facebook.
srx-branch-11.4, srx-branch-12.1, srx-10.0, srx-branch-10.0, mx-11.4, mx-9.4, srx-11.4, vsrx-12.1, idp-5.1.0, idp-5.1.110140603, idp-5.1.110140626, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1
This signature detects Facebook timeline elements. Facebook timeline is a users feed of friends updates, uploads, and shares.
srx-branch-11.4, srx-branch-12.1, srx-10.0, srx-branch-10.0, mx-11.4, mx-9.4, srx-11.4, vsrx-12.1, idp-5.1.0, idp-5.1.110140603, idp-5.1.110140626, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1
This signature detects behavior of the W32/Parite Trojan as it attempts to perform Command and Control (C&C) activity. The source IP address is infected and should be removed from the network for investigation.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects unusual HTTP requests that might be related to a Trojan "Knock" request. This may be a special command to enable additional functionality/access to the Trojan. A response other than a 404 might mean your server is compromised.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects attempts to exploit a known vulnerability against Sun Java System Calendar server. A successful attack can result in a denial-of-service condition.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects attempts to exploit a known vulnerability against Mozilla-based web browsers. A successful attack can result in a denial-of-service condition.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects unusual fragmenting on the DTLS Client Hello handshake messages.Successful exploitation could lead to a denial of service condition.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects attempts to exploit a known vulnerability against HP System Management. A successful attack can lead to arbitrary code execution.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects attempts to exploit a known vulnerability against Samsung TV and BD Products. A successful attack can result in a denial-of-service condition.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects attempts to exploit a known vulnerability against Samsung NET-i ware Multiple products. A successful attack can result in a denial-of-service condition.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects an attempt to exploit a known vulnerability in Adobe Flash Player. Successful exploitation could allow an attacker to read arbitrary memory contents and launch further attacks into the context of the application.
srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626, srx-11.4
This signature detects attempts to exploit a known vulnerability against DMCRUIS/0.1 web server on the Samsung PS50C7700 TV. A successful attack can result in a denial-of-service condition.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects an attempt to exploit a known vulnerability in Adobe Flash Player. Successful exploitation could allow an attacker to read arbitrary memory contents and launch further attacks into the context of the application.
srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626, srx-11.4
This signature detects attempts to exploit a known vulnerability against Samsung AllShare. A successful attack can result in a denial-of-service condition.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects shellcode designed to disable windows ICF and spawn a command shell on connect with a configurable port. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious reverse ordered tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious find tag metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious x64 metasploit stager shellcodes. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious nonx tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious bind ipv6 tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious x86 metasploit stager shellcodes. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects shellcode which up on execution causes the target to say "You Got Pwned" via the Windows Speech API. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects attempts to exploit a known vulnerability in Samba. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
srx-branch-11.4, idp-4.1.110110719, mx-11.4, idp-5.1.110140603, mx-9.4, idp-5.0.110130325, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, isg-3.4.140032, srx-10.0, srx-branch-10.0, vsrx-12.1, isg-3.5.140733, idp-5.0.110121210, isg-3.5.140773, idp-5.1.110140626, isg-3.4.139899, idp-4.1.110110609, srx-11.4
This signature detects malicious shell bind tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious bind nonx tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious find tag metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious reverse ipv6 tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious reverse nonx tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626
This signature detects malicious reverse tcp metasploit stager shellcode. A stager shellcode establishes a communication channel between the attacker and the victim and reads in a subsequent payload to execute on the remote host. Attempts to execute such shellcode indicate malicious activity.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140733, idp-5.1.110140603, isg-3.5.140773, idp-5.1.110140626