Talos Rules 2015-12-21
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-flash, file-identify, file-office, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-12-21 23:56:14 UTC

Snort Subscriber Rules Update

Date: 2015-12-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37119 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37121 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37118 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37127 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37123 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules)
 * 1:37128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)

Modified Rules:


 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules)
 * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)

2015-12-21 23:56:14 UTC

Snort Subscriber Rules Update

Date: 2015-12-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37118 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37121 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37119 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37123 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37127 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules)
 * 1:37128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)

Modified Rules:


 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules)
 * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)

2015-12-21 23:56:14 UTC

Snort Subscriber Rules Update

Date: 2015-12-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37127 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37118 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37119 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37121 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37123 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules)
 * 1:37145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)

Modified Rules:


 * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)

2015-12-21 23:56:14 UTC

Snort Subscriber Rules Update

Date: 2015-12-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37146 <-> ENABLED <-> SERVER-OTHER Juniper ScreenOS unauthorized backdoor access attempt (server-other.rules)
 * 1:37145 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37144 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37143 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules)
 * 1:37141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37140 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37139 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37138 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk FileDownload.jsp fName directory traversal attempt (server-webapp.rules)
 * 1:37137 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37136 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37135 <-> ENABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules)
 * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules)
 * 1:37132 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37131 <-> ENABLED <-> FILE-IDENTIFY .wsf attachment file type blocked by Outlook detected (file-identify.rules)
 * 1:37130 <-> ENABLED <-> FILE-IDENTIFY Obfuscated .wsf download attempt (file-identify.rules)
 * 1:37129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules)
 * 1:37127 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37125 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37123 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37122 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37121 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules)
 * 1:37120 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook embedded OLE object sandbox bypass attempt (file-office.rules)
 * 1:37119 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37118 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:37117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:19601 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspotrc file load exploit attempt (server-other.rules)
 * 1:19602 <-> DISABLED <-> SERVER-OTHER Oracle Java Runtime Environment .hotspot_compiler file load exploit attempt (server-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules)
 * 1:35651 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:35653 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules)
 * 1:36826 <-> ENABLED <-> SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt (server-other.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 ActionCallMethod use-after-free attempt (file-flash.rules)
 * 1:37111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)
 * 1:37113 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt (file-flash.rules)