Talos Rules 2017-06-27
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, malware-cnc, os-windows, policy-other, protocol-scada, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-06-27 17:34:51 UTC

Snort Subscriber Rules Update

Date: 2017-06-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43358 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules)
 * 1:43357 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43356 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43355 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43354 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43353 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43352 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43351 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules)
 * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:43345 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43344 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43343 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43342 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43341 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules)
 * 1:43340 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules)
 * 1:43339 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules)
 * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:43336 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules)
 * 1:43335 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules)
 * 1:43334 <-> DISABLED <-> SERVER-WEBAPP OpenFiler NetworkCard command execution attempt (server-webapp.rules)
 * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:43332 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Landing Page Request Attempt (exploit-kit.rules)
 * 1:43331 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules)
 * 1:43330 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules)
 * 1:43329 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules)
 * 1:43328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules)
 * 1:43327 <-> DISABLED <-> SERVER-WEBAPP HP Laserjet Pro Webadmin password reset attempt (server-webapp.rules)
 * 1:43326 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:43325 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:43306 <-> DISABLED <-> SERVER-WEBAPP csNewsRemote setup attempt (server-webapp.rules)
 * 1:43305 <-> DISABLED <-> SERVER-WEBAPP csLiveSupport setup attempt (server-webapp.rules)
 * 1:43304 <-> DISABLED <-> SERVER-WEBAPP csChatRBox setup attempt (server-webapp.rules)
 * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43299 <-> DISABLED <-> SERVER-WEBAPP Belkin N150 abitrary file read attempt (server-webapp.rules)
 * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules)
 * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules)
 * 1:43296 <-> DISABLED <-> SERVER-WEBAPP IP3 Networks NetAccess directory traversal attempt (server-webapp.rules)
 * 1:43295 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules)
 * 1:43294 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules)
 * 1:43293 <-> ENABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43292 <-> ENABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:43290 <-> DISABLED <-> SERVER-WEBAPP /ws_ftp.log file access attempt (server-webapp.rules)
 * 1:43289 <-> DISABLED <-> SERVER-WEBAPP /etc/shadow file access attempt (server-webapp.rules)
 * 1:43288 <-> DISABLED <-> SERVER-WEBAPP /etc/motd file access attempt (server-webapp.rules)
 * 1:43287 <-> DISABLED <-> SERVER-WEBAPP /etc/inetd.conf file access attempt (server-webapp.rules)
 * 1:43286 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/sh file access attempt (server-webapp.rules)
 * 1:43285 <-> DISABLED <-> SERVER-WEBAPP /.svn/entries file access attempt (server-webapp.rules)
 * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules)
 * 1:43283 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules)
 * 1:43282 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules)
 * 1:43281 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules)

Modified Rules:


 * 1:43238 <-> DISABLED <-> SERVER-WEBAPP Imatix Xitami web server head processing denial of service attempt (server-webapp.rules)
 * 1:5715 <-> DISABLED <-> SERVER-APACHE Apache malformed ipv6 uri overflow attempt (server-apache.rules)
 * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules)
 * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules)
 * 1:41942 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules)
 * 1:41943 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules)
 * 1:41808 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules)
 * 1:41809 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules)
 * 1:40662 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules)
 * 1:35731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:40661 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules)
 * 1:23555 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:24090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:21021 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules)
 * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules)
 * 1:21020 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules)
 * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection (malware-cnc.rules)
 * 1:21019 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules)
 * 1:12255 <-> DISABLED <-> SERVER-WEBAPP CSGuestbook setup attempt (server-webapp.rules)
 * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules)

2017-06-27 17:34:51 UTC

Snort Subscriber Rules Update

Date: 2017-06-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43339 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules)
 * 1:43337 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:43338 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:43283 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules)
 * 1:43288 <-> DISABLED <-> SERVER-WEBAPP /etc/motd file access attempt (server-webapp.rules)
 * 1:43290 <-> DISABLED <-> SERVER-WEBAPP /ws_ftp.log file access attempt (server-webapp.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:43292 <-> ENABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43293 <-> ENABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43294 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules)
 * 1:43295 <-> DISABLED <-> SERVER-WEBAPP Cybozu Office directory traversal attempt (server-webapp.rules)
 * 1:43296 <-> DISABLED <-> SERVER-WEBAPP IP3 Networks NetAccess directory traversal attempt (server-webapp.rules)
 * 1:43297 <-> DISABLED <-> SERVER-OTHER Cisco ASA 5500 series denial of service attempt (server-other.rules)
 * 1:43298 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit WebCore CSSSelector denial of service attempt (browser-webkit.rules)
 * 1:43299 <-> DISABLED <-> SERVER-WEBAPP Belkin N150 abitrary file read attempt (server-webapp.rules)
 * 1:43300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43301 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43302 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43303 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative null pointer dereference attempt (file-flash.rules)
 * 1:43304 <-> DISABLED <-> SERVER-WEBAPP csChatRBox setup attempt (server-webapp.rules)
 * 1:43305 <-> DISABLED <-> SERVER-WEBAPP csLiveSupport setup attempt (server-webapp.rules)
 * 1:43306 <-> DISABLED <-> SERVER-WEBAPP csNewsRemote setup attempt (server-webapp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:43308 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43309 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43310 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43311 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43312 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43313 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43314 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43315 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43316 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43317 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft DNS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43318 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43319 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft ICMP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43320 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43321 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft NetworkResources ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43322 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43323 <-> DISABLED <-> BROWSER-PLUGINS MagnetoSoft SNTP ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43324 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:43325 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:43326 <-> DISABLED <-> SERVER-WEBAPP Trihedral VTScada directory traversal attempt (server-webapp.rules)
 * 1:43327 <-> DISABLED <-> SERVER-WEBAPP HP Laserjet Pro Webadmin password reset attempt (server-webapp.rules)
 * 1:43328 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules)
 * 1:43329 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules)
 * 1:43330 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules)
 * 1:43331 <-> DISABLED <-> SERVER-WEBAPP AssetMan download_pdf.php directory traversal attempt (server-webapp.rules)
 * 1:43332 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit Landing Page Request Attempt (exploit-kit.rules)
 * 1:43333 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:43334 <-> DISABLED <-> SERVER-WEBAPP OpenFiler NetworkCard command execution attempt (server-webapp.rules)
 * 1:43335 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules)
 * 1:43336 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules)
 * 1:43282 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules)
 * 1:43281 <-> DISABLED <-> SERVER-WEBAPP .NET AjaxControlToolkit directory traversal remote code execution attempt (server-webapp.rules)
 * 1:43285 <-> DISABLED <-> SERVER-WEBAPP /.svn/entries file access attempt (server-webapp.rules)
 * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules)
 * 1:43289 <-> DISABLED <-> SERVER-WEBAPP /etc/shadow file access attempt (server-webapp.rules)
 * 1:43358 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules)
 * 1:43287 <-> DISABLED <-> SERVER-WEBAPP /etc/inetd.conf file access attempt (server-webapp.rules)
 * 1:43357 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43356 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43355 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43354 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43353 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43352 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated dms access attempt (server-webapp.rules)
 * 1:43351 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43350 <-> DISABLED <-> POLICY-OTHER TOR Project domain request (policy-other.rules)
 * 1:43349 <-> DISABLED <-> SERVER-OTHER Karjasoft Sami HTTP Server denial of service attempt (server-other.rules)
 * 1:43348 <-> DISABLED <-> PROTOCOL-SCADA Advantech Studio DOS attempt (protocol-scada.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:43345 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43344 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43343 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43341 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules)
 * 1:43342 <-> DISABLED <-> BROWSER-PLUGINS Data Dynamics ActiveBar remote file write attempt ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43340 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules)
 * 1:43286 <-> DISABLED <-> SERVER-WEBAPP /cgi-bin/sh file access attempt (server-webapp.rules)

Modified Rules:


 * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules)
 * 1:16730 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules)
 * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection (malware-cnc.rules)
 * 1:21019 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules)
 * 1:21020 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules)
 * 1:21021 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules)
 * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules)
 * 1:23555 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules)
 * 1:24090 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:35731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:40661 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules)
 * 1:40662 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules)
 * 1:41808 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules)
 * 1:41809 <-> DISABLED <-> FILE-IMAGE ImageMagick mvg processing command server side request forgery attempt (file-image.rules)
 * 1:41942 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules)
 * 1:41943 <-> ENABLED <-> BROWSER-IE Microsoft Edge EntrySimpleSlotGetter use after free attempt (browser-ie.rules)
 * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules)
 * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules)
 * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules)
 * 1:43238 <-> DISABLED <-> SERVER-WEBAPP Imatix Xitami web server head processing denial of service attempt (server-webapp.rules)
 * 1:5715 <-> DISABLED <-> SERVER-APACHE Apache malformed ipv6 uri overflow attempt (server-apache.rules)
 * 1:12255 <-> DISABLED <-> SERVER-WEBAPP CSGuestbook setup attempt (server-webapp.rules)