Talos Rules 2017-01-19
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-flash, file-image, file-multimedia, file-other, file-pdf, indicator-compromise, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-01-19 20:09:31 UTC

Snort Subscriber Rules Update

Date: 2017-01-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41336 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules)
 * 1:41337 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules)
 * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules)
 * 1:41331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection attempt (malware-cnc.rules)
 * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41355 <-> DISABLED <-> SERVER-WEBAPP WordPress Admin API ajax-actions.php directory traversal attempt (server-webapp.rules)
 * 1:41354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules)
 * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41332 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules)
 * 1:41335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules)
 * 1:41333 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules)
 * 1:41334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules)
 * 1:41330 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules)
 * 1:41329 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules)
 * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules)
 * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules)
 * 3:41351 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules)
 * 3:41344 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41345 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41352 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0232 attack attempt (server-webapp.rules)
 * 3:41350 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules)

Modified Rules:


 * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules)
 * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules)
 * 1:40431 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules)
 * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules)
 * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules)
 * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules)
 * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules)
 * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules)
 * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules)
 * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules)
 * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)

2017-01-19 20:09:31 UTC

Snort Subscriber Rules Update

Date: 2017-01-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41329 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules)
 * 1:41330 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules)
 * 1:41331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection attempt (malware-cnc.rules)
 * 1:41332 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules)
 * 1:41333 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules)
 * 1:41334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules)
 * 1:41335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules)
 * 1:41336 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules)
 * 1:41337 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules)
 * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules)
 * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules)
 * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41355 <-> DISABLED <-> SERVER-WEBAPP WordPress Admin API ajax-actions.php directory traversal attempt (server-webapp.rules)
 * 1:41353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules)
 * 1:41354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules)
 * 3:41344 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41345 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41350 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules)
 * 3:41351 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules)
 * 3:41352 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0232 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules)
 * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules)
 * 1:40431 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules)
 * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules)
 * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules)
 * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules)
 * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules)
 * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules)
 * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules)
 * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules)
 * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)

2017-01-19 20:09:31 UTC

Snort Subscriber Rules Update

Date: 2017-01-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41355 <-> DISABLED <-> SERVER-WEBAPP WordPress Admin API ajax-actions.php directory traversal attempt (server-webapp.rules)
 * 1:41354 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules)
 * 1:41353 <-> ENABLED <-> FILE-FLASH Adobe Flash Player StyleSheets use after free attempt (file-flash.rules)
 * 1:41349 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41348 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41347 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41346 <-> DISABLED <-> SERVER-WEBAPP Western Digital MyCloud command injection attempt (server-webapp.rules)
 * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules)
 * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules)
 * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules)
 * 1:41337 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules)
 * 1:41336 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection attempt (malware-cnc.rules)
 * 1:41335 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules)
 * 1:41334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection attempt (malware-cnc.rules)
 * 1:41333 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules)
 * 1:41332 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReferenceList.browse type confusion attempt (file-flash.rules)
 * 1:41331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection attempt (malware-cnc.rules)
 * 1:41330 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules)
 * 1:41329 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader APP13 heap overflow attempt (file-pdf.rules)
 * 3:41344 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41345 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0261 attack attempt (file-other.rules)
 * 3:41350 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules)
 * 3:41351 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2016-0262 attack attempt (file-other.rules)
 * 3:41352 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0232 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:30712 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules)
 * 1:41205 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules)
 * 1:41204 <-> DISABLED <-> FILE-PDF Adobe Reader XSL type confusion attempt (file-pdf.rules)
 * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules)
 * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules)
 * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules)
 * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules)
 * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules)
 * 1:40431 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA app.setTimeOut memory corruption attempt (file-pdf.rules)
 * 1:36874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules)
 * 1:36873 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 valueOf function assignment with removeTextField use after free attempt (file-flash.rules)
 * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules)
 * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules)
 * 1:30726 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30725 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30724 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30514 <-> ENABLED <-> SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30515 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30516 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30517 <-> ENABLED <-> SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30711 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 heartbeat read overrun attempt (server-other.rules)
 * 1:30723 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30713 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30714 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 heartbeat read overrun attempt (server-other.rules)
 * 1:30715 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)
 * 1:30722 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30720 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30721 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30719 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt (server-other.rules)
 * 1:30718 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30717 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.2 heartbeat read overrun attempt (server-other.rules)
 * 1:30716 <-> ENABLED <-> SERVER-OTHER OpenVPN OpenSSL TLSv1.1 heartbeat read overrun attempt (server-other.rules)