Talos Rules 2017-12-14
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, exploit-kit, file-image, file-other, file-pdf, malware-cnc, os-windows, protocol-dns, protocol-telnet and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-12-14 21:19:54 UTC

Snort Subscriber Rules Update

Date: 2017-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45197 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
 * 1:45196 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
 * 1:45195 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
 * 1:45194 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules)
 * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules)
 * 1:45191 <-> DISABLED <-> PROTOCOL-TELNET TippingPoint IPS telnet login failure xss attempt (protocol-telnet.rules)
 * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules)
 * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules)
 * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules)
 * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:45186 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:45185 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules)
 * 1:45175 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules)
 * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules)
 * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)

Modified Rules:


 * 1:36604 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules)
 * 1:43778 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules)
 * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1  (file-image.rules)
 * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2  (file-image.rules)
 * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3  (file-image.rules)
 * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4  (file-image.rules)
 * 1:42883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules)
 * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules)
 * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules)
 * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules)
 * 1:42806 <-> ENABLED <-> EXPLOIT-KIT Rig Exploit Kit URL outbound communication (exploit-kit.rules)
 * 1:18559 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules)
 * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules)
 * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules)
 * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules)
 * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules)
 * 1:41452 <-> DISABLED <-> MALWARE-CNC Swf.Tool.Agent flash file in a word document uploading system capabilities (malware-cnc.rules)
 * 1:39700 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules)
 * 1:39699 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules)
 * 1:36605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35185 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)

2017-12-14 21:19:54 UTC

Snort Subscriber Rules Update

Date: 2017-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules)
 * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules)
 * 1:45191 <-> DISABLED <-> PROTOCOL-TELNET TippingPoint IPS telnet login failure xss attempt (protocol-telnet.rules)
 * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules)
 * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules)
 * 1:45186 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:45185 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45175 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules)
 * 1:45176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules)
 * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules)
 * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45194 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:45195 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
 * 1:45197 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
 * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules)
 * 1:45196 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:39699 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules)
 * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:36605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:39700 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules)
 * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules)
 * 1:41452 <-> DISABLED <-> MALWARE-CNC Swf.Tool.Agent flash file in a word document uploading system capabilities (malware-cnc.rules)
 * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules)
 * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules)
 * 1:18559 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules)
 * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules)
 * 1:42806 <-> ENABLED <-> EXPLOIT-KIT Rig Exploit Kit URL outbound communication (exploit-kit.rules)
 * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules)
 * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules)
 * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1  (file-image.rules)
 * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules)
 * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3  (file-image.rules)
 * 1:42883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4  (file-image.rules)
 * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2  (file-image.rules)
 * 1:43778 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules)
 * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules)
 * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules)
 * 1:35185 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:36604 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)

2017-12-14 21:19:54 UTC

Snort Subscriber Rules Update

Date: 2017-12-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules)
 * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules)
 * 1:45191 <-> DISABLED <-> PROTOCOL-TELNET TippingPoint IPS telnet login failure xss attempt (protocol-telnet.rules)
 * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules)
 * 1:45188 <-> DISABLED <-> SERVER-OTHER ElectraSoft 32bit FTP PASV reply stack buffer overflow attempt (server-other.rules)
 * 1:45187 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:45185 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:45186 <-> DISABLED <-> FILE-IMAGE Apple Quicktime malformed FPX file memory corruption attempt (file-image.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45175 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules)
 * 1:45176 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules)
 * 1:45173 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules)
 * 1:45174 <-> DISABLED <-> BROWSER-FIREFOX Mozilla download directory file deletion attempt (browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45196 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
 * 1:45197 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)
 * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules)
 * 1:45194 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:45195 <-> DISABLED <-> SERVER-WEBAPP Zavio IP Cameras command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:16564 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 4  (file-image.rules)
 * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules)
 * 1:18262 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript engine function arguments memory corruption attempt (browser-firefox.rules)
 * 1:41452 <-> DISABLED <-> MALWARE-CNC Swf.Tool.Agent flash file in a word document uploading system capabilities (malware-cnc.rules)
 * 1:39700 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules)
 * 1:18559 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules)
 * 1:39699 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules)
 * 1:17189 <-> DISABLED <-> FILE-OTHER Adobe Director file rcsL record exploit attempt (file-other.rules)
 * 1:16563 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 3  (file-image.rules)
 * 1:16561 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 1  (file-image.rules)
 * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules)
 * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules)
 * 1:16562 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF file exploit attempt - 2  (file-image.rules)
 * 1:29651 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:33583 <-> DISABLED <-> PROTOCOL-DNS ISC BIND recursive resolver resource consumption denial of service attempt (protocol-dns.rules)
 * 1:29650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules)
 * 1:36605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:31428 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:42416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE11 memory corruption attempt (browser-ie.rules)
 * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules)
 * 1:42417 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer IE8 mode menu tag out-of-bounds access attempt (browser-ie.rules)
 * 1:25246 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules)
 * 1:42806 <-> ENABLED <-> EXPLOIT-KIT Rig Exploit Kit URL outbound communication (exploit-kit.rules)
 * 1:42883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:17180 <-> DISABLED <-> FILE-OTHER Adobe Director file LsCM record exploit attempt (file-other.rules)
 * 1:43778 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeContentView double-free memory corruption attempt (browser-firefox.rules)
 * 1:36604 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35184 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)
 * 1:35185 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer meta tag double free attempt (browser-ie.rules)