Talos Rules 2015-06-04
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, exploit-kit, file-flash, file-identify, file-office, file-other, file-pdf, malware-cnc, os-windows, protocol-dns, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-06-04 16:05:56 UTC

Snort Subscriber Rules Update

Date: 2015-06-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34627 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules)
 * 1:34672 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vesnarusural.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34671 <-> ENABLED <-> BLACKLIST DNS request for known malware domain switlawert.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34670 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mehanistran.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34655 <-> ENABLED <-> BLACKLIST DNS request for known malware domain litramoloka.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34666 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rabbutdownlitt.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules)
 * 1:34636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection attempt (malware-cnc.rules)
 * 1:34628 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:34626 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34673 <-> ENABLED <-> BLACKLIST DNS request for known malware domain petronasconn.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34674 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restavratormira.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34675 <-> ENABLED <-> BLACKLIST DNS request for known malware domain serppoglandam.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34676 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wertstumbahn.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34677 <-> ENABLED <-> BLACKLIST DNS request for known malware domain queryforworld.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34678 <-> ENABLED <-> BLACKLIST DNS request for known malware domain serfilefnom.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34679 <-> ENABLED <-> BLACKLIST DNS request for known malware domain andbohemut.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34680 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bejustoftun.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34681 <-> ENABLED <-> BLACKLIST DNS request for known malware domain berigusaf.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34682 <-> ENABLED <-> BLACKLIST DNS request for known malware domain betroninsi.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34683 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dilelanang.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34684 <-> ENABLED <-> BLACKLIST DNS request for known malware domain forttapaha.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34685 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ftjuunbesto.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34686 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gantropine.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34687 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gutontredsup.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34688 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hepretfortna.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34689 <-> ENABLED <-> BLACKLIST DNS request for known malware domain juindorey.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34690 <-> ENABLED <-> BLACKLIST DNS request for known malware domain latemiishe.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34691 <-> ENABLED <-> BLACKLIST DNS request for known malware domain leladingna.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34692 <-> ENABLED <-> BLACKLIST DNS request for known malware domain letgrownast.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34693 <-> ENABLED <-> BLACKLIST DNS request for known malware domain masquarten.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34694 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nawertoby.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34695 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pavesohap.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34696 <-> ENABLED <-> BLACKLIST DNS request for known malware domain polutenign.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34697 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pomdonekw.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34698 <-> ENABLED <-> BLACKLIST DNS request for known malware domain qwertygontul.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34699 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rechedtthaten.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34700 <-> ENABLED <-> BLACKLIST DNS request for known malware domain renferolto.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34701 <-> ENABLED <-> BLACKLIST DNS request for known malware domain repherfeted.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34702 <-> ENABLED <-> BLACKLIST DNS request for known malware domain righletfoligh.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34703 <-> ENABLED <-> BLACKLIST DNS request for known malware domain saqunold.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34704 <-> ENABLED <-> BLACKLIST DNS request for known malware domain silawecxla.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34705 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sivesuhat.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34706 <-> ENABLED <-> BLACKLIST DNS request for known malware domain stenfirthsta.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34707 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wekustines.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34708 <-> ENABLED <-> BLACKLIST DNS request for known malware domain windetrusty.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules)
 * 1:34711 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a.gwas.perl.sh - Win.Trojan.Windex (blacklist.rules)
 * 1:34712 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a-gwas-01.slyip.net - Win.Trojan.Windex (blacklist.rules)
 * 1:34713 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a-gwas-01.dyndns.org - Win.Trojan.Windex (blacklist.rules)
 * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34719 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit URI structure (exploit-kit.rules)
 * 1:34667 <-> ENABLED <-> BLACKLIST DNS request for known malware domain reswahatce.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34669 <-> ENABLED <-> BLACKLIST DNS request for known malware domain servelatmiru.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34720 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit exploit download (exploit-kit.rules)
 * 1:34654 <-> ENABLED <-> BLACKLIST DNS request for known malware domain litramoloka.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34638 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34664 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lasttrainforest.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34657 <-> ENABLED <-> BLACKLIST DNS request for known malware domain apporistale.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34668 <-> ENABLED <-> BLACKLIST DNS request for known malware domain srachechno.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34663 <-> ENABLED <-> BLACKLIST DNS request for known malware domain howthatficy.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34656 <-> ENABLED <-> BLACKLIST DNS request for known malware domain molokalitra.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules)
 * 1:34650 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules)
 * 1:34665 <-> ENABLED <-> BLACKLIST DNS request for known malware domain refherssuce.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34653 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules)
 * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34658 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cawasuse.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34661 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ferepritdi.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34644 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX function call (browser-plugins.rules)
 * 1:34625 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:34643 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34639 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules)
 * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34640 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules)
 * 1:34652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules)
 * 1:34662 <-> ENABLED <-> BLACKLIST DNS request for known malware domain terethaundv.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34659 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dinghareun.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34660 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dingdownmahedt.ru - Win.Trojan.Poseidon (blacklist.rules)

Modified Rules:


 * 1:2176 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder access (os-windows.rules)
 * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed SupBook record attempt (file-office.rules)
 * 1:18502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules)
 * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:5721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5725 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:16403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16402 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules)
 * 1:16401 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules)
 * 1:16400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules)
 * 1:16399 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16398 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules)
 * 1:16397 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules)
 * 1:16395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB COPY command oversized pathname attempt (os-windows.rules)
 * 1:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules)
 * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules)
 * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:16228 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:16150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:5719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5723 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:5724 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5729 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5732 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules)
 * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules)
 * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules)
 * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules)
 * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules)
 * 1:8449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8450 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8451 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules)
 * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:16404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules)
 * 1:16417 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol Response overflow attempt (os-windows.rules)
 * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules)
 * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules)
 * 1:16505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer HTML parsing memory corruption attempt (browser-ie.rules)
 * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules)
 * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules)
 * 1:16540 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules)
 * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules)
 * 1:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules)
 * 1:17034 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17036 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules)
 * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules)
 * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet  (os-windows.rules)
 * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules)
 * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules)
 * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules)
 * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules)
 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:17746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules)
 * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules)
 * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules)
 * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:18213 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules)
 * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules)
 * 1:5718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:18400 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules)
 * 1:18409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules)
 * 1:18412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules)
 * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules)
 * 1:18501 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules)
 * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules)
 * 1:18504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules)
 * 1:18505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules)
 * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules)
 * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules)
 * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules)
 * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules)
 * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-ie.rules)
 * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (file-flash.rules)
 * 1:19189 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules)
 * 1:19221 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19972 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response paramcount overflow attempt (os-windows.rules)
 * 1:2101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:2177 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder unicode access (os-windows.rules)
 * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:2252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt (os-windows.rules)
 * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules)
 * 1:2258 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Messenger Service buffer overflow attempt (os-windows.rules)
 * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP client negative Content-Length attempt (server-webapp.rules)
 * 1:23314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid character argument injection attempt (os-windows.rules)
 * 1:33421 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeDataPos use-after-free remote code execution attempt (browser-ie.rules)
 * 1:23237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:16158 <-> ENABLED <-> OS-WINDOWS malformed ASF codec memory corruption attempt (os-windows.rules)
 * 1:2382 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules)
 * 1:2383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules)
 * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules)
 * 1:23837 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules)
 * 1:8459 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:8454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type attempt (os-windows.rules)
 * 1:24007 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:8457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8455 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:24359 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:8453 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules)
 * 1:8460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:26851 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 5 compatibility mode use after free attempt (browser-ie.rules)
 * 1:33723 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules)
 * 1:27149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer beforeeditfocus use after free exploit attempt (browser-ie.rules)
 * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:3145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules)
 * 1:3000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:3002 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:3003 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:3004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules)
 * 1:3005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31371 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:3143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:3144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules)
 * 1:3001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:3146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:31694 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:5722 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules)
 * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:18180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules)
 * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:8452 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:33191 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33192 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33194 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:33412 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style type confusion remote code execution attempt (browser-ie.rules)
 * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules)
 * 1:33193 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33722 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules)
 * 1:8458 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:8456 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:23838 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NetServerEnum response host format string exploit attempt (os-windows.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:34428 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules)
 * 1:5720 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:34429 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:5716 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)

2015-06-04 16:05:56 UTC

Snort Subscriber Rules Update

Date: 2015-06-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34669 <-> ENABLED <-> BLACKLIST DNS request for known malware domain servelatmiru.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34671 <-> ENABLED <-> BLACKLIST DNS request for known malware domain switlawert.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34672 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vesnarusural.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34670 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mehanistran.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34654 <-> ENABLED <-> BLACKLIST DNS request for known malware domain litramoloka.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules)
 * 1:34673 <-> ENABLED <-> BLACKLIST DNS request for known malware domain petronasconn.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34674 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restavratormira.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34675 <-> ENABLED <-> BLACKLIST DNS request for known malware domain serppoglandam.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34676 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wertstumbahn.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34677 <-> ENABLED <-> BLACKLIST DNS request for known malware domain queryforworld.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34678 <-> ENABLED <-> BLACKLIST DNS request for known malware domain serfilefnom.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34679 <-> ENABLED <-> BLACKLIST DNS request for known malware domain andbohemut.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34680 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bejustoftun.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34681 <-> ENABLED <-> BLACKLIST DNS request for known malware domain berigusaf.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34682 <-> ENABLED <-> BLACKLIST DNS request for known malware domain betroninsi.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34683 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dilelanang.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34684 <-> ENABLED <-> BLACKLIST DNS request for known malware domain forttapaha.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34685 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ftjuunbesto.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34686 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gantropine.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34687 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gutontredsup.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34688 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hepretfortna.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34689 <-> ENABLED <-> BLACKLIST DNS request for known malware domain juindorey.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34690 <-> ENABLED <-> BLACKLIST DNS request for known malware domain latemiishe.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34691 <-> ENABLED <-> BLACKLIST DNS request for known malware domain leladingna.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34692 <-> ENABLED <-> BLACKLIST DNS request for known malware domain letgrownast.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34693 <-> ENABLED <-> BLACKLIST DNS request for known malware domain masquarten.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34694 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nawertoby.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34695 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pavesohap.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34696 <-> ENABLED <-> BLACKLIST DNS request for known malware domain polutenign.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34697 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pomdonekw.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34698 <-> ENABLED <-> BLACKLIST DNS request for known malware domain qwertygontul.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34699 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rechedtthaten.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34700 <-> ENABLED <-> BLACKLIST DNS request for known malware domain renferolto.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34701 <-> ENABLED <-> BLACKLIST DNS request for known malware domain repherfeted.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34702 <-> ENABLED <-> BLACKLIST DNS request for known malware domain righletfoligh.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34703 <-> ENABLED <-> BLACKLIST DNS request for known malware domain saqunold.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34704 <-> ENABLED <-> BLACKLIST DNS request for known malware domain silawecxla.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34705 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sivesuhat.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34706 <-> ENABLED <-> BLACKLIST DNS request for known malware domain stenfirthsta.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34707 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wekustines.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34708 <-> ENABLED <-> BLACKLIST DNS request for known malware domain windetrusty.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules)
 * 1:34711 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a.gwas.perl.sh - Win.Trojan.Windex (blacklist.rules)
 * 1:34712 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a-gwas-01.slyip.net - Win.Trojan.Windex (blacklist.rules)
 * 1:34713 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a-gwas-01.dyndns.org - Win.Trojan.Windex (blacklist.rules)
 * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34719 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit URI structure (exploit-kit.rules)
 * 1:34720 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit exploit download (exploit-kit.rules)
 * 1:34667 <-> ENABLED <-> BLACKLIST DNS request for known malware domain reswahatce.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34662 <-> ENABLED <-> BLACKLIST DNS request for known malware domain terethaundv.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:34626 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules)
 * 1:34638 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34628 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection attempt (malware-cnc.rules)
 * 1:34636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34627 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34661 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ferepritdi.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34658 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cawasuse.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34653 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules)
 * 1:34665 <-> ENABLED <-> BLACKLIST DNS request for known malware domain refherssuce.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34650 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules)
 * 1:34651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules)
 * 1:34656 <-> ENABLED <-> BLACKLIST DNS request for known malware domain molokalitra.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34663 <-> ENABLED <-> BLACKLIST DNS request for known malware domain howthatficy.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34668 <-> ENABLED <-> BLACKLIST DNS request for known malware domain srachechno.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34657 <-> ENABLED <-> BLACKLIST DNS request for known malware domain apporistale.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34664 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lasttrainforest.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34666 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rabbutdownlitt.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34655 <-> ENABLED <-> BLACKLIST DNS request for known malware domain litramoloka.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34625 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34643 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34640 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules)
 * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:34639 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules)
 * 1:34644 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX function call (browser-plugins.rules)
 * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules)
 * 1:34659 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dinghareun.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34660 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dingdownmahedt.ru - Win.Trojan.Poseidon (blacklist.rules)

Modified Rules:


 * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed SupBook record attempt (file-office.rules)
 * 1:8455 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8453 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type attempt (os-windows.rules)
 * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:8452 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:16403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16402 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules)
 * 1:16401 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules)
 * 1:16400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules)
 * 1:16399 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16398 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules)
 * 1:16397 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules)
 * 1:16395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB COPY command oversized pathname attempt (os-windows.rules)
 * 1:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules)
 * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules)
 * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:16228 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules)
 * 1:5724 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5722 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:5726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5729 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:5725 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5732 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules)
 * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules)
 * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules)
 * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules)
 * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules)
 * 1:8449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8450 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8451 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules)
 * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:16404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules)
 * 1:16417 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol Response overflow attempt (os-windows.rules)
 * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules)
 * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules)
 * 1:16505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer HTML parsing memory corruption attempt (browser-ie.rules)
 * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules)
 * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules)
 * 1:16540 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules)
 * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules)
 * 1:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules)
 * 1:17034 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17036 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules)
 * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules)
 * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet  (os-windows.rules)
 * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules)
 * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules)
 * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules)
 * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules)
 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:17746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules)
 * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules)
 * 1:18180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules)
 * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules)
 * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:18213 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules)
 * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules)
 * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules)
 * 1:18400 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules)
 * 1:18409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules)
 * 1:18412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules)
 * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules)
 * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules)
 * 1:18502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules)
 * 1:18501 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules)
 * 1:18504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules)
 * 1:18505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules)
 * 1:5719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5723 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules)
 * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules)
 * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules)
 * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules)
 * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-ie.rules)
 * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (file-flash.rules)
 * 1:19189 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19221 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19972 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response paramcount overflow attempt (os-windows.rules)
 * 1:2101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:2177 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder unicode access (os-windows.rules)
 * 1:2252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt (os-windows.rules)
 * 1:2258 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Messenger Service buffer overflow attempt (os-windows.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP client negative Content-Length attempt (server-webapp.rules)
 * 1:23314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid character argument injection attempt (os-windows.rules)
 * 1:2382 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules)
 * 1:23237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:2383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:23838 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NetServerEnum response host format string exploit attempt (os-windows.rules)
 * 1:23837 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:24007 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules)
 * 1:24359 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:5718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:26851 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 5 compatibility mode use after free attempt (browser-ie.rules)
 * 1:27149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer beforeeditfocus use after free exploit attempt (browser-ie.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules)
 * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules)
 * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:3000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:3001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules)
 * 1:3002 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:3003 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:3004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules)
 * 1:8458 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:8459 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:3005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:8457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31371 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:3143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules)
 * 1:33193 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules)
 * 1:3144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:33723 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules)
 * 1:3146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:31694 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules)
 * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:33191 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33192 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33194 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33421 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeDataPos use-after-free remote code execution attempt (browser-ie.rules)
 * 1:3145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules)
 * 1:33412 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style type confusion remote code execution attempt (browser-ie.rules)
 * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules)
 * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules)
 * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33722 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules)
 * 1:16158 <-> ENABLED <-> OS-WINDOWS malformed ASF codec memory corruption attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules)
 * 1:34428 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules)
 * 1:34429 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:16150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:2176 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder access (os-windows.rules)
 * 1:5716 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5720 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:8456 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules)

2015-06-04 16:05:56 UTC

Snort Subscriber Rules Update

Date: 2015-06-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34661 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ferepritdi.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34655 <-> ENABLED <-> BLACKLIST DNS request for known malware domain litramoloka.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34669 <-> ENABLED <-> BLACKLIST DNS request for known malware domain servelatmiru.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34668 <-> ENABLED <-> BLACKLIST DNS request for known malware domain srachechno.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34650 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules)
 * 1:34651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules)
 * 1:34658 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cawasuse.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules)
 * 1:34667 <-> ENABLED <-> BLACKLIST DNS request for known malware domain reswahatce.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34670 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mehanistran.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34671 <-> ENABLED <-> BLACKLIST DNS request for known malware domain switlawert.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34672 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vesnarusural.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34673 <-> ENABLED <-> BLACKLIST DNS request for known malware domain petronasconn.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34674 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restavratormira.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34676 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wertstumbahn.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34675 <-> ENABLED <-> BLACKLIST DNS request for known malware domain serppoglandam.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34677 <-> ENABLED <-> BLACKLIST DNS request for known malware domain queryforworld.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34678 <-> ENABLED <-> BLACKLIST DNS request for known malware domain serfilefnom.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34679 <-> ENABLED <-> BLACKLIST DNS request for known malware domain andbohemut.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34680 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bejustoftun.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34682 <-> ENABLED <-> BLACKLIST DNS request for known malware domain betroninsi.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34681 <-> ENABLED <-> BLACKLIST DNS request for known malware domain berigusaf.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34683 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dilelanang.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34684 <-> ENABLED <-> BLACKLIST DNS request for known malware domain forttapaha.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34686 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gantropine.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34685 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ftjuunbesto.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34687 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gutontredsup.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34688 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hepretfortna.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34689 <-> ENABLED <-> BLACKLIST DNS request for known malware domain juindorey.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34690 <-> ENABLED <-> BLACKLIST DNS request for known malware domain latemiishe.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34692 <-> ENABLED <-> BLACKLIST DNS request for known malware domain letgrownast.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34691 <-> ENABLED <-> BLACKLIST DNS request for known malware domain leladingna.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34693 <-> ENABLED <-> BLACKLIST DNS request for known malware domain masquarten.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34694 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nawertoby.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34696 <-> ENABLED <-> BLACKLIST DNS request for known malware domain polutenign.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34695 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pavesohap.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34697 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pomdonekw.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34698 <-> ENABLED <-> BLACKLIST DNS request for known malware domain qwertygontul.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34699 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rechedtthaten.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34700 <-> ENABLED <-> BLACKLIST DNS request for known malware domain renferolto.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34702 <-> ENABLED <-> BLACKLIST DNS request for known malware domain righletfoligh.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34701 <-> ENABLED <-> BLACKLIST DNS request for known malware domain repherfeted.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34703 <-> ENABLED <-> BLACKLIST DNS request for known malware domain saqunold.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34704 <-> ENABLED <-> BLACKLIST DNS request for known malware domain silawecxla.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34707 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wekustines.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34705 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sivesuhat.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34706 <-> ENABLED <-> BLACKLIST DNS request for known malware domain stenfirthsta.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34708 <-> ENABLED <-> BLACKLIST DNS request for known malware domain windetrusty.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules)
 * 1:34711 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a.gwas.perl.sh - Win.Trojan.Windex (blacklist.rules)
 * 1:34712 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a-gwas-01.slyip.net - Win.Trojan.Windex (blacklist.rules)
 * 1:34713 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a-gwas-01.dyndns.org - Win.Trojan.Windex (blacklist.rules)
 * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34719 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit URI structure (exploit-kit.rules)
 * 1:34720 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit exploit download (exploit-kit.rules)
 * 1:34654 <-> ENABLED <-> BLACKLIST DNS request for known malware domain litramoloka.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34665 <-> ENABLED <-> BLACKLIST DNS request for known malware domain refherssuce.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34666 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rabbutdownlitt.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34663 <-> ENABLED <-> BLACKLIST DNS request for known malware domain howthatficy.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34664 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lasttrainforest.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34660 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dingdownmahedt.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34644 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX function call (browser-plugins.rules)
 * 1:34639 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34640 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules)
 * 1:34643 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34625 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34627 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection attempt (malware-cnc.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules)
 * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34628 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34638 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules)
 * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34626 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:34659 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dinghareun.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34653 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules)
 * 1:34656 <-> ENABLED <-> BLACKLIST DNS request for known malware domain molokalitra.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules)
 * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34662 <-> ENABLED <-> BLACKLIST DNS request for known malware domain terethaundv.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34657 <-> ENABLED <-> BLACKLIST DNS request for known malware domain apporistale.com - Win.Trojan.Poseidon (blacklist.rules)

Modified Rules:


 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:8459 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:8457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8458 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8455 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8456 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:8454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type attempt (os-windows.rules)
 * 1:8453 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:8452 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules)
 * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:5718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:16158 <-> ENABLED <-> OS-WINDOWS malformed ASF codec memory corruption attempt (os-windows.rules)
 * 1:16228 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules)
 * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules)
 * 1:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules)
 * 1:16395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB COPY command oversized pathname attempt (os-windows.rules)
 * 1:16397 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules)
 * 1:16398 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules)
 * 1:16399 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules)
 * 1:16401 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules)
 * 1:16402 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules)
 * 1:16403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules)
 * 1:16417 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol Response overflow attempt (os-windows.rules)
 * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules)
 * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules)
 * 1:16505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer HTML parsing memory corruption attempt (browser-ie.rules)
 * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules)
 * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules)
 * 1:16540 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules)
 * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules)
 * 1:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules)
 * 1:17034 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17036 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules)
 * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet  (os-windows.rules)
 * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules)
 * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules)
 * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules)
 * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules)
 * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules)
 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:17746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules)
 * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules)
 * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules)
 * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:18180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules)
 * 1:18213 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules)
 * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules)
 * 1:18400 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules)
 * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules)
 * 1:18409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules)
 * 1:18421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules)
 * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules)
 * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules)
 * 1:18501 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules)
 * 1:18502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules)
 * 1:18504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules)
 * 1:18505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules)
 * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed SupBook record attempt (file-office.rules)
 * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules)
 * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules)
 * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules)
 * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules)
 * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-ie.rules)
 * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (file-flash.rules)
 * 1:19221 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules)
 * 1:19189 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19972 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response paramcount overflow attempt (os-windows.rules)
 * 1:2101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:2176 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder access (os-windows.rules)
 * 1:2177 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder unicode access (os-windows.rules)
 * 1:2252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt (os-windows.rules)
 * 1:2258 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Messenger Service buffer overflow attempt (os-windows.rules)
 * 1:23237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP client negative Content-Length attempt (server-webapp.rules)
 * 1:23314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid character argument injection attempt (os-windows.rules)
 * 1:2382 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules)
 * 1:2383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules)
 * 1:23837 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules)
 * 1:23838 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NetServerEnum response host format string exploit attempt (os-windows.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:24007 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules)
 * 1:24359 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:26851 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 5 compatibility mode use after free attempt (browser-ie.rules)
 * 1:27149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer beforeeditfocus use after free exploit attempt (browser-ie.rules)
 * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:5717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:5719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5720 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5722 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules)
 * 1:5724 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5723 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5725 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules)
 * 1:5727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5729 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5732 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:5734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:5735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules)
 * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules)
 * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules)
 * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules)
 * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:8449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8450 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8451 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:3001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules)
 * 1:3000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:3002 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:3003 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:3004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules)
 * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules)
 * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:3005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31371 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:3143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules)
 * 1:3145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules)
 * 1:3144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:3146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:31694 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules)
 * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules)
 * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33191 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33193 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33192 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33194 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33421 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeDataPos use-after-free remote code execution attempt (browser-ie.rules)
 * 1:33412 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style type confusion remote code execution attempt (browser-ie.rules)
 * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules)
 * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33722 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules)
 * 1:33723 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:34428 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34429 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules)
 * 1:5716 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:16150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules)
 * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules)
 * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)

2015-06-04 16:05:56 UTC

Snort Subscriber Rules Update

Date: 2015-06-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34720 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit exploit download (exploit-kit.rules)
 * 1:34719 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit URI structure (exploit-kit.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34715 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:34713 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a-gwas-01.dyndns.org - Win.Trojan.Windex (blacklist.rules)
 * 1:34712 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a-gwas-01.slyip.net - Win.Trojan.Windex (blacklist.rules)
 * 1:34711 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a.gwas.perl.sh - Win.Trojan.Windex (blacklist.rules)
 * 1:34710 <-> DISABLED <-> SERVER-OTHER PHP unserialize datetimezone object code execution attempt (server-other.rules)
 * 1:34709 <-> DISABLED <-> SERVER-OTHER MIT Kerberos MIT Kerberos 5 krb5_read_message denial of service attempt (server-other.rules)
 * 1:34708 <-> ENABLED <-> BLACKLIST DNS request for known malware domain windetrusty.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34707 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wekustines.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34706 <-> ENABLED <-> BLACKLIST DNS request for known malware domain stenfirthsta.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34705 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sivesuhat.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34704 <-> ENABLED <-> BLACKLIST DNS request for known malware domain silawecxla.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34703 <-> ENABLED <-> BLACKLIST DNS request for known malware domain saqunold.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34702 <-> ENABLED <-> BLACKLIST DNS request for known malware domain righletfoligh.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34701 <-> ENABLED <-> BLACKLIST DNS request for known malware domain repherfeted.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34700 <-> ENABLED <-> BLACKLIST DNS request for known malware domain renferolto.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34699 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rechedtthaten.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34698 <-> ENABLED <-> BLACKLIST DNS request for known malware domain qwertygontul.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34697 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pomdonekw.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34696 <-> ENABLED <-> BLACKLIST DNS request for known malware domain polutenign.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34695 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pavesohap.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34694 <-> ENABLED <-> BLACKLIST DNS request for known malware domain nawertoby.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34693 <-> ENABLED <-> BLACKLIST DNS request for known malware domain masquarten.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34692 <-> ENABLED <-> BLACKLIST DNS request for known malware domain letgrownast.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34691 <-> ENABLED <-> BLACKLIST DNS request for known malware domain leladingna.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34690 <-> ENABLED <-> BLACKLIST DNS request for known malware domain latemiishe.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34689 <-> ENABLED <-> BLACKLIST DNS request for known malware domain juindorey.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34688 <-> ENABLED <-> BLACKLIST DNS request for known malware domain hepretfortna.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34687 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gutontredsup.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34686 <-> ENABLED <-> BLACKLIST DNS request for known malware domain gantropine.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34685 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ftjuunbesto.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34684 <-> ENABLED <-> BLACKLIST DNS request for known malware domain forttapaha.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34683 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dilelanang.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34682 <-> ENABLED <-> BLACKLIST DNS request for known malware domain betroninsi.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34681 <-> ENABLED <-> BLACKLIST DNS request for known malware domain berigusaf.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34680 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bejustoftun.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34679 <-> ENABLED <-> BLACKLIST DNS request for known malware domain andbohemut.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34678 <-> ENABLED <-> BLACKLIST DNS request for known malware domain serfilefnom.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34677 <-> ENABLED <-> BLACKLIST DNS request for known malware domain queryforworld.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34676 <-> ENABLED <-> BLACKLIST DNS request for known malware domain wertstumbahn.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34675 <-> ENABLED <-> BLACKLIST DNS request for known malware domain serppoglandam.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34674 <-> ENABLED <-> BLACKLIST DNS request for known malware domain restavratormira.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34673 <-> ENABLED <-> BLACKLIST DNS request for known malware domain petronasconn.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34672 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vesnarusural.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34671 <-> ENABLED <-> BLACKLIST DNS request for known malware domain switlawert.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34670 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mehanistran.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34669 <-> ENABLED <-> BLACKLIST DNS request for known malware domain servelatmiru.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34668 <-> ENABLED <-> BLACKLIST DNS request for known malware domain srachechno.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34667 <-> ENABLED <-> BLACKLIST DNS request for known malware domain reswahatce.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34666 <-> ENABLED <-> BLACKLIST DNS request for known malware domain rabbutdownlitt.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34665 <-> ENABLED <-> BLACKLIST DNS request for known malware domain refherssuce.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34664 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lasttrainforest.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34663 <-> ENABLED <-> BLACKLIST DNS request for known malware domain howthatficy.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34662 <-> ENABLED <-> BLACKLIST DNS request for known malware domain terethaundv.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34661 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ferepritdi.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34660 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dingdownmahedt.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34659 <-> ENABLED <-> BLACKLIST DNS request for known malware domain dinghareun.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34658 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cawasuse.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34657 <-> ENABLED <-> BLACKLIST DNS request for known malware domain apporistale.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34656 <-> ENABLED <-> BLACKLIST DNS request for known malware domain molokalitra.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34655 <-> ENABLED <-> BLACKLIST DNS request for known malware domain litramoloka.ru - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34654 <-> ENABLED <-> BLACKLIST DNS request for known malware domain litramoloka.com - Win.Trojan.Poseidon (blacklist.rules)
 * 1:34653 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules)
 * 1:34652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JS notification object double free attempt (file-pdf.rules)
 * 1:34651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules)
 * 1:34650 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader heap buffer overflow attempt (file-pdf.rules)
 * 1:34649 <-> DISABLED <-> SERVER-OTHER OpenSSL zero-length ClientKeyExchange message denial of service attempt (server-other.rules)
 * 1:34648 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34647 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34646 <-> DISABLED <-> SERVER-WEBAPP ZOHO ManageEngine OpManager SQL injection attempt (server-webapp.rules)
 * 1:34645 <-> DISABLED <-> SERVER-MAIL Exim buffer overflow attempt (server-mail.rules)
 * 1:34644 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX function call (browser-plugins.rules)
 * 1:34643 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric Pelco Rvctl.RVControl.1 ActiveX clsid access attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules)
 * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34640 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules)
 * 1:34639 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX function call access attempt (browser-plugins.rules)
 * 1:34638 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric ProClima ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules)
 * 1:34632 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules)
 * 1:34631 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file download request (file-identify.rules)
 * 1:34630 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34629 <-> ENABLED <-> FILE-IDENTIFY WordPerfect file attachment detected (file-identify.rules)
 * 1:34628 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34627 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34626 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34625 <-> DISABLED <-> FILE-PDF Adobe Reader bypass JavaScript API restrictions attempt (file-pdf.rules)
 * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection attempt (malware-cnc.rules)

Modified Rules:


 * 1:8460 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:8459 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8458 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8457 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8456 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:8455 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type attempt (os-windows.rules)
 * 1:8453 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:8452 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15141 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15142 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:15139 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:15140 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15138 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:15137 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15135 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:15136 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:15133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx attempt (os-windows.rules)
 * 1:15134 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt (os-windows.rules)
 * 1:15131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt (os-windows.rules)
 * 1:15132 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt (os-windows.rules)
 * 1:15130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode attempt (os-windows.rules)
 * 1:15129 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt (os-windows.rules)
 * 1:15128 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt (os-windows.rules)
 * 1:14896 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB v4 srvsvc NetrpPathCononicalize unicode path cononicalization stack overflow attempt (os-windows.rules)
 * 1:15127 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:13471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher invalid pathname overwrite attempt (file-office.rules)
 * 1:13979 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Event System Subscription VBScript access (os-windows.rules)
 * 1:12947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:12946 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt (os-windows.rules)
 * 1:8451 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type unicode andx attempt (os-windows.rules)
 * 1:8450 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type attempt (os-windows.rules)
 * 1:8449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Rename invalid buffer type andx attempt (os-windows.rules)
 * 1:7042 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7041 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7040 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7039 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx mailslot heap overflow attempt (os-windows.rules)
 * 1:7038 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules)
 * 1:7037 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules)
 * 1:7036 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode mailslot heap overflow attempt (os-windows.rules)
 * 1:7035 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans mailslot heap overflow attempt (os-windows.rules)
 * 1:5738 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5737 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5736 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5735 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5734 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5733 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5732 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5730 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5729 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5728 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5727 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param OS-WINDOWS attempt (os-windows.rules)
 * 1:5726 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5725 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5724 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5723 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5722 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans andx Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5720 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5719 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5718 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5717 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:5716 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans unicode Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:34499 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34498 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt (os-windows.rules)
 * 1:34429 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules)
 * 1:34428 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incorrect ptCount element denial of service attempt (file-office.rules)
 * 1:34328 <-> DISABLED <-> SERVER-WEBAPP Wordpress comment field stored XSS attempt (server-webapp.rules)
 * 1:33825 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:33722 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules)
 * 1:33723 <-> ENABLED <-> FILE-OTHER Type 1 font memory out-of-bounds read attempt (file-other.rules)
 * 1:33714 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows atlmfd.dll out-of-bounds memory write attempt (os-windows.rules)
 * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules)
 * 1:33421 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeDataPos use-after-free remote code execution attempt (browser-ie.rules)
 * 1:33412 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style type confusion remote code execution attempt (browser-ie.rules)
 * 1:33196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33194 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33192 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33193 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33191 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules)
 * 1:33116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:33115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 VBScript redim preserve denial-of-service attempt (browser-ie.rules)
 * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules)
 * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules)
 * 1:31695 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31694 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:3146 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:3144 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules)
 * 1:3145 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules)
 * 1:3143 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules)
 * 1:31371 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31331 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:3005 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:31130 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:3004 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules)
 * 1:3003 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:3002 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode andx asn1 overflow attempt (os-windows.rules)
 * 1:3001 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP andx asn1 overflow attempt (os-windows.rules)
 * 1:3000 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP unicode asn1 overflow attempt (os-windows.rules)
 * 1:29943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:29514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29413 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:29414 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:29411 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page (exploit-kit.rules)
 * 1:29066 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit XORed payload download attempt (exploit-kit.rules)
 * 1:28613 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:28425 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules)
 * 1:27755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:27149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer beforeeditfocus use after free exploit attempt (browser-ie.rules)
 * 1:26851 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 5 compatibility mode use after free attempt (browser-ie.rules)
 * 1:24894 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24891 <-> DISABLED <-> FILE-FLASH Adobe Flash Player action InitArray stack overflow attempt (file-flash.rules)
 * 1:24890 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24889 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24360 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Kerberos NULL session denial of service attempt (os-windows.rules)
 * 1:24359 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt (os-windows.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24007 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules)
 * 1:23837 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB host announcement format string exploit attempt (os-windows.rules)
 * 1:23838 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB NetServerEnum response host format string exploit attempt (os-windows.rules)
 * 1:2383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules)
 * 1:2382 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Session Setup NTLMSSP asn1 overflow attempt (os-windows.rules)
 * 1:23314 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid character argument injection attempt (os-windows.rules)
 * 1:23237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP client negative Content-Length attempt (server-webapp.rules)
 * 1:2258 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Messenger Service buffer overflow attempt (os-windows.rules)
 * 1:2252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB-DS DCERPC Remote Activation bind attempt (os-windows.rules)
 * 1:2177 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder unicode access (os-windows.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:2176 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB startup folder access (os-windows.rules)
 * 1:2101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans Max Param/Count OS-WINDOWS attempt (os-windows.rules)
 * 1:19972 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response paramcount overflow attempt (os-windows.rules)
 * 1:19221 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19191 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 zero length write attempt (os-windows.rules)
 * 1:19189 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules)
 * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (file-flash.rules)
 * 1:18672 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-ie.rules)
 * 1:18669 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain object manipulation attempt (browser-ie.rules)
 * 1:18667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18666 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18664 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18663 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18662 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18661 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k.sys escalation of privilege attempt (os-windows.rules)
 * 1:18660 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 write packet buffer overflow attempt (os-windows.rules)
 * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules)
 * 1:18641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt (file-office.rules)
 * 1:18640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed SupBook record attempt (file-office.rules)
 * 1:18631 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:18630 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtToolbarDef record integer overflow attempt (file-office.rules)
 * 1:18505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush overflow attempt (file-flash.rules)
 * 1:18504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionConstantPool overflow attempt (file-flash.rules)
 * 1:18501 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine elevation of privilege attempt (os-windows.rules)
 * 1:18502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript Actionlf out of range negative offset attempt (file-flash.rules)
 * 1:18449 <-> DISABLED <-> FILE-OTHER Adobe Acrobat font definition memory corruption attempt (file-other.rules)
 * 1:18444 <-> DISABLED <-> FILE-FLASH Adobe Flash Player forged atom type attempt (file-flash.rules)
 * 1:18421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript beginGradientFill memory corruption attempt (file-flash.rules)
 * 1:18412 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos auth downgrade to DES MITM attempt (os-windows.rules)
 * 1:18411 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k!xxxTrackPopupMenuEx privilege escalation attempt (os-windows.rules)
 * 1:18410 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18409 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys write message to dead thread code execution attempt (os-windows.rules)
 * 1:18400 <-> ENABLED <-> OS-WINDOWS Microsoft Windows CRSS local process allowed to persist through logon or logoff attempt (os-windows.rules)
 * 1:18405 <-> ENABLED <-> OS-WINDOWS Microsoft Windows LSASS domain name buffer overflow attempt (os-windows.rules)
 * 1:18220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malformed character glyph remote code execution attempt (os-windows.rules)
 * 1:18213 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher column and row remote code execution attempt (file-office.rules)
 * 1:18195 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:18180 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript remote code execution attempt (file-flash.rules)
 * 1:18070 <-> DISABLED <-> FILE-OFFICE Microsoft Office pptimpconv.dll dll-load exploit attempt (file-office.rules)
 * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow attempt (server-mail.rules)
 * 1:17746 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules)
 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:17667 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Pragmatic General Multicast Protocol memory consumption denial of service attempt (os-windows.rules)
 * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules)
 * 1:17201 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file LsCM overflow attempt (file-other.rules)
 * 1:17199 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director file lRTX overflow attempt (file-other.rules)
 * 1:17126 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB large session length with small packet  (os-windows.rules)
 * 1:17125 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 MaxDataCount overflow attempt (os-windows.rules)
 * 1:17115 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules)
 * 1:17036 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:17034 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:16658 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 cross-site scripting attempt (browser-ie.rules)
 * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules)
 * 1:16577 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv2 compound request DoS attempt (os-windows.rules)
 * 1:16540 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules)
 * 1:16539 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 BytesNeeded ring0 buffer overflow attempt (os-windows.rules)
 * 1:16509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer designMode-enabled information disclosure attempt (browser-ie.rules)
 * 1:16505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer HTML parsing memory corruption attempt (browser-ie.rules)
 * 1:16504 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 encoded content handling exploit attempt (browser-ie.rules)
 * 1:16454 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt - empty SMB 2 (os-windows.rules)
 * 1:16417 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol Response overflow attempt (os-windows.rules)
 * 1:16404 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules)
 * 1:16403 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16402 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules)
 * 1:16401 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules)
 * 1:16400 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode invalid server name share access (os-windows.rules)
 * 1:16399 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB unicode andx invalid server name share access (os-windows.rules)
 * 1:16398 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB invalid server name share access (os-windows.rules)
 * 1:16397 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB andx invalid server name share access (os-windows.rules)
 * 1:16395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB COPY command oversized pathname attempt (os-windows.rules)
 * 1:16337 <-> ENABLED <-> FILE-FLASH Adobe Flash Player directory traversal attempt (file-flash.rules)
 * 1:16315 <-> DISABLED <-> FILE-FLASH Adobe Flash PlugIn check if file exists attempt (file-flash.rules)
 * 1:16287 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Negotiate Protocol response DoS attempt (os-windows.rules)
 * 1:16228 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed StartObject record arbitrary code execution attempt (file-office.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:16158 <-> ENABLED <-> OS-WINDOWS malformed ASF codec memory corruption attempt (os-windows.rules)
 * 1:16150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer variant argument validation remote code execution attempt (browser-ie.rules)
 * 1:15528 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt (os-windows.rules)
 * 1:15503 <-> ENABLED <-> FILE-OFFICE Download of PowerPoint 95 file (file-office.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)