Talos Rules 2015-06-10
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-flash, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, os-linux, policy-other, server-mssql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-06-10 19:02:19 UTC

Snort Subscriber Rules Update

Date: 2015-06-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34859 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34834 <-> ENABLED <-> BLACKLIST USER-AGENT Win.Trojan.Darkcpn outbound connection (blacklist.rules)
 * 1:34829 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sanjosemaristas.com - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules)
 * 1:34809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules)
 * 1:34866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection attempt (malware-cnc.rules)
 * 1:34870 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection  (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection  (malware-cnc.rules)
 * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34799 <-> DISABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules)
 * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules)
 * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules)
 * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound communication attempt (malware-cnc.rules)
 * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34824 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34825 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34826 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cifss.org - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34827 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getiton.hants.org.uk - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34828 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvt.relance.fr - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34830 <-> ENABLED <-> BLACKLIST DNS request for known malware domain seccionpolitica.com.ar - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34831 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34840 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34843 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (blacklist.rules)
 * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules)
 * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules)
 * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34852 <-> ENABLED <-> BLACKLIST DNS request for known malware domain homerlindo2.gotdns.org - Win.Trojan.Banker (blacklist.rules)
 * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)
 * 1:34855 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules)
 * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules)
 * 1:34860 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules)
 * 1:34865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules)
 * 1:34862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection  (malware-cnc.rules)
 * 1:34863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection  (malware-cnc.rules)
 * 1:34858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules)
 * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)

Modified Rules:


 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules)
 * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules)
 * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules)
 * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules)

2015-06-10 19:02:19 UTC

Snort Subscriber Rules Update

Date: 2015-06-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection  (malware-cnc.rules)
 * 1:34825 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules)
 * 1:34815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules)
 * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules)
 * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules)
 * 1:34799 <-> DISABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules)
 * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection  (malware-cnc.rules)
 * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection attempt (malware-cnc.rules)
 * 1:34870 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection  (malware-cnc.rules)
 * 1:34867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules)
 * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound communication attempt (malware-cnc.rules)
 * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34824 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34826 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cifss.org - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34827 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getiton.hants.org.uk - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34828 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvt.relance.fr - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34830 <-> ENABLED <-> BLACKLIST DNS request for known malware domain seccionpolitica.com.ar - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34829 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sanjosemaristas.com - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34831 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34834 <-> ENABLED <-> BLACKLIST USER-AGENT Win.Trojan.Darkcpn outbound connection (blacklist.rules)
 * 1:34835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34840 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34843 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (blacklist.rules)
 * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules)
 * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules)
 * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34852 <-> ENABLED <-> BLACKLIST DNS request for known malware domain homerlindo2.gotdns.org - Win.Trojan.Banker (blacklist.rules)
 * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)
 * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)
 * 1:34855 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules)
 * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules)
 * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules)
 * 1:34859 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection  (malware-cnc.rules)
 * 1:34860 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules)

Modified Rules:


 * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules)
 * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules)
 * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules)

2015-06-10 19:02:19 UTC

Snort Subscriber Rules Update

Date: 2015-06-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules)
 * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules)
 * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules)
 * 1:34799 <-> DISABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules)
 * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules)
 * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules)
 * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound communication attempt (malware-cnc.rules)
 * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34824 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34825 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34826 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cifss.org - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34827 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getiton.hants.org.uk - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34828 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvt.relance.fr - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34829 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sanjosemaristas.com - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34830 <-> ENABLED <-> BLACKLIST DNS request for known malware domain seccionpolitica.com.ar - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34831 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34834 <-> ENABLED <-> BLACKLIST USER-AGENT Win.Trojan.Darkcpn outbound connection (blacklist.rules)
 * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34840 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34843 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (blacklist.rules)
 * 1:34844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules)
 * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules)
 * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34852 <-> ENABLED <-> BLACKLIST DNS request for known malware domain homerlindo2.gotdns.org - Win.Trojan.Banker (blacklist.rules)
 * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)
 * 1:34855 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules)
 * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)
 * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules)
 * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules)
 * 1:34858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34859 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection  (malware-cnc.rules)
 * 1:34870 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection  (malware-cnc.rules)
 * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection attempt (malware-cnc.rules)
 * 1:34868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection  (malware-cnc.rules)
 * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules)
 * 1:34862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection  (malware-cnc.rules)
 * 1:34861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34860 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)

Modified Rules:


 * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules)
 * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules)
 * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules)

2015-06-10 19:02:18 UTC

Snort Subscriber Rules Update

Date: 2015-06-10

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection  (malware-cnc.rules)
 * 1:34870 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection  (malware-cnc.rules)
 * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection attempt (malware-cnc.rules)
 * 1:34868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules)
 * 1:34863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection  (malware-cnc.rules)
 * 1:34862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection  (malware-cnc.rules)
 * 1:34861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34860 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34859 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
 * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules)
 * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules)
 * 1:34855 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules)
 * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)
 * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)
 * 1:34852 <-> ENABLED <-> BLACKLIST DNS request for known malware domain homerlindo2.gotdns.org - Win.Trojan.Banker (blacklist.rules)
 * 1:34851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules)
 * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules)
 * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules)
 * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules)
 * 1:34844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34843 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (blacklist.rules)
 * 1:34842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34840 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules)
 * 1:34835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34834 <-> ENABLED <-> BLACKLIST USER-AGENT Win.Trojan.Darkcpn outbound connection (blacklist.rules)
 * 1:34833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34831 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34830 <-> ENABLED <-> BLACKLIST DNS request for known malware domain seccionpolitica.com.ar - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34829 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sanjosemaristas.com - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34828 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvt.relance.fr - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34827 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getiton.hants.org.uk - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34826 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cifss.org - Win.Trojan.Cozybear (blacklist.rules)
 * 1:34825 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34824 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules)
 * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules)
 * 1:34822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules)
 * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound communication attempt (malware-cnc.rules)
 * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules)
 * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules)
 * 1:34815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules)
 * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules)
 * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules)
 * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules)
 * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules)
 * 1:34799 <-> DISABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules)
 * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules)
 * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
 * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)

Modified Rules:


 * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules)
 * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules)
 * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules)
 * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules)
 * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules)
 * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules)
 * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules)
 * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules)
 * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules)