Talos Rules 2017-11-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-other, file-image, file-other, file-pdf, indicator-compromise, malware-cnc, policy-other, protocol-tftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2017-11-28 20:15:22 UTC

Snort Subscriber Rules Update

Date: 2017-11-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44993 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44998 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44996 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44999 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules)
 * 1:45000 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44992 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:44995 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44997 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:44994 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 3:45017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45019 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45022 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45025 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45026 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45047 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45048 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0492 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:43599 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:2337 <-> DISABLED <-> PROTOCOL-TFTP PUT filename overflow attempt (protocol-tftp.rules)
 * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules)
 * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:42376 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42375 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42374 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42373 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:43598 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 3:44863 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0483 attack attempt (server-webapp.rules)

2017-11-28 20:15:22 UTC

Snort Subscriber Rules Update

Date: 2017-11-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45000 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:44992 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44993 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44998 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44997 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules)
 * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44999 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:44996 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44994 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:44995 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 3:45018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45026 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45025 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45019 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45047 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0492 attack attempt (server-webapp.rules)
 * 3:45017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45022 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45048 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)

Modified Rules:


 * 1:42374 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42375 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42376 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:43599 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42373 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules)
 * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:2337 <-> DISABLED <-> PROTOCOL-TFTP PUT filename overflow attempt (protocol-tftp.rules)
 * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:43598 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 3:44863 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0483 attack attempt (server-webapp.rules)

2017-11-28 20:15:22 UTC

Snort Subscriber Rules Update

Date: 2017-11-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules)
 * 1:45043 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45042 <-> DISABLED <-> BROWSER-OTHER Adobe Acrobat Pro WebCapture information disclosure attempt (browser-other.rules)
 * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules)
 * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules)
 * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules)
 * 1:45030 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45029 <-> DISABLED <-> FILE-PDF JPEG2000 image coding style default information disclosure attempt (file-pdf.rules)
 * 1:45028 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45027 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45024 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45023 <-> DISABLED <-> FILE-PDF Adobe Acrobat out of bound read exploitation attempt (file-pdf.rules)
 * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules)
 * 1:45001 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 information leak attempt (server-webapp.rules)
 * 1:45000 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:44999 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails file inclusion attempt (server-webapp.rules)
 * 1:44998 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44997 <-> ENABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44996 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44995 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44994 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44993 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44992 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus policy bypass attempt (server-webapp.rules)
 * 1:44991 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 3:45017 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45018 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0497 attack attempt (file-image.rules)
 * 3:45019 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45020 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0490 attack attempt (file-image.rules)
 * 3:45021 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45022 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0491 attack attempt (file-image.rules)
 * 3:45025 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45026 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0489 attack attempt (file-image.rules)
 * 3:45033 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45034 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0488 attack attempt (file-image.rules)
 * 3:45047 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45048 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0499 attack attempt (file-image.rules)
 * 3:45049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0492 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:42376 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42375 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42373 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:42374 <-> DISABLED <-> POLICY-OTHER eicar file detected (policy-other.rules)
 * 1:43599 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 1:44728 <-> DISABLED <-> INDICATOR-COMPROMISE Meterpreter payload download attempt (indicator-compromise.rules)
 * 1:18077 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products CSS rendering out-of-bounds array write attempt (browser-firefox.rules)
 * 1:2337 <-> DISABLED <-> PROTOCOL-TFTP PUT filename overflow attempt (protocol-tftp.rules)
 * 1:41095 <-> DISABLED <-> SERVER-WEBAPP Netgear WNR2000 authentication bypass attempt (server-webapp.rules)
 * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules)
 * 1:43598 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object type confusion remote code execution attempt (browser-ie.rules)
 * 3:44863 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0483 attack attempt (server-webapp.rules)