Talos Rules 2018-01-16
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, malware-cnc, os-other, policy-other, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-01-16 20:55:56 UTC

Snort Subscriber Rules Update

Date: 2018-01-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules)
 * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules)
 * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules)
 * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules)
 * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules)
 * 1:45439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules)
 * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules)
 * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules)
 * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules)
 * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules)
 * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules)
 * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules)
 * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules)
 * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules)
 * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules)
 * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules)
 * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules)
 * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules)
 * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules)
 * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules)
 * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules)
 * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules)
 * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules)
 * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules)
 * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules)
 * 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules)
 * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules)
 * 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules)
 * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules)
 * 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules)
 * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules)
 * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules)
 * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules)

2018-01-16 20:55:56 UTC

Snort Subscriber Rules Update

Date: 2018-01-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules)
 * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules)
 * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules)
 * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules)
 * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules)
 * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules)
 * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules)
 * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules)
 * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules)
 * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules)
 * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules)
 * 1:45437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules)
 * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules)
 * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules)
 * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules)
 * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules)
 * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules)
 * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules)
 * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules)
 * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules)
 * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules)
 * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules)

Modified Rules:


 * 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules)
 * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules)
 * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules)
 * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules)
 * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules)
 * 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules)
 * 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules)
 * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules)
 * 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules)
 * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules)
 * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules)
 * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules)

2018-01-16 20:55:56 UTC

Snort Subscriber Rules Update

Date: 2018-01-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules)
 * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules)
 * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules)
 * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules)
 * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules)
 * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules)
 * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules)
 * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules)
 * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules)
 * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules)
 * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules)
 * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules)
 * 1:45437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules)
 * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules)
 * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules)
 * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules)
 * 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules)
 * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules)
 * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules)
 * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules)
 * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules)
 * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules)
 * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules)

Modified Rules:


 * 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules)
 * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules)
 * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules)
 * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules)
 * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules)
 * 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules)
 * 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules)
 * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules)
 * 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules)
 * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules)
 * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules)
 * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules)

2018-01-16 20:55:56 UTC

Snort Subscriber Rules Update

Date: 2018-01-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45426 <-> DISABLED <-> PROTOCOL-SCADA MMS UnconfirmedPDU (protocol-scada.rules)
 * 1:45429 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ResponsePDU (protocol-scada.rules)
 * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules)
 * 1:45428 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-RequestPDU (protocol-scada.rules)
 * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules)
 * 1:45439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules)
 * 1:45438 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramnit outbound connection attempt (malware-cnc.rules)
 * 1:45435 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ResponsePDU (protocol-scada.rules)
 * 1:45436 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-ErrorPDU (protocol-scada.rules)
 * 1:45434 <-> DISABLED <-> PROTOCOL-SCADA MMS Conclude-RequestPDU (protocol-scada.rules)
 * 1:45431 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-RequestPDU (protocol-scada.rules)
 * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45418 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45430 <-> DISABLED <-> PROTOCOL-SCADA MMS Cancel-ErrorPDU (protocol-scada.rules)
 * 1:45420 <-> DISABLED <-> SERVER-WEBAPP Drupal HTTP Strict Transport Security module security bypass attempt (server-webapp.rules)
 * 1:45419 <-> DISABLED <-> OS-OTHER Apple macOS IOHIDeous exploit download attempt (os-other.rules)
 * 1:45424 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ResponsePDU (protocol-scada.rules)
 * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:45423 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-RequestPDU (protocol-scada.rules)
 * 1:45440 <-> DISABLED <-> SERVER-OTHER HP LoadRunner remote command execution attempt (server-other.rules)
 * 1:45433 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ErrorPDU (protocol-scada.rules)
 * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45427 <-> DISABLED <-> PROTOCOL-SCADA MMS RejectPDU (protocol-scada.rules)
 * 1:45454 <-> DISABLED <-> SERVER-WEBAPP PostfixAdmin protected alias deletion attempt (server-webapp.rules)
 * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules)
 * 1:45425 <-> DISABLED <-> PROTOCOL-SCADA MMS Confirmed-ErrorPDU (protocol-scada.rules)
 * 1:45432 <-> DISABLED <-> PROTOCOL-SCADA MMS Initiate-ResponsePDU (protocol-scada.rules)
 * 3:45441 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0511 attack attempt (server-webapp.rules)
 * 3:45422 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2018-0512 attack attempt (policy-other.rules)

Modified Rules:


 * 1:45325 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR DDNS configuration download attempt (server-webapp.rules)
 * 1:45321 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR firmware version query attempt (server-webapp.rules)
 * 1:45329 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR clear logs request attempt (server-webapp.rules)
 * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules)
 * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules)
 * 1:45320 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR serial number query attempt (server-webapp.rules)
 * 1:45328 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR admin password reset attempt (server-webapp.rules)
 * 1:45326 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user group information query attempt (server-webapp.rules)
 * 1:45327 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR NAS configuration download attempt (server-webapp.rules)
 * 1:45324 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR user password hash query attempt (server-webapp.rules)
 * 1:45322 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR channel information query attempt (server-webapp.rules)
 * 1:45323 <-> DISABLED <-> SERVER-WEBAPP Dahua DVR email configuration download attempt (server-webapp.rules)
 * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules)