Talos Rules 2018-04-12
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-pdf, malware-backdoor, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-04-12 15:32:30 UTC

Snort Subscriber Rules Update

Date: 2018-04-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:46278 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46277 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46276 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46275 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46274 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46273 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules)
 * 1:46271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46269 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46291 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor file management attempt (malware-backdoor.rules)
 * 1:46290 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 1:46288 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules)
 * 1:46286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules)
 * 1:46285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules)
 * 1:46284 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:46283 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUJobCountHistory SQL injection attempt (server-webapp.rules)
 * 1:46282 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46281 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46280 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46279 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 3:46296 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0570 attack attempt (server-webapp.rules)
 * 3:46294 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules)
 * 3:46295 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules)
 * 3:46292 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules)
 * 3:46293 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules)

Modified Rules:



2018-04-12 15:32:30 UTC

Snort Subscriber Rules Update

Date: 2018-04-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 1:46290 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46278 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46273 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46291 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor file management attempt (malware-backdoor.rules)
 * 1:46277 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46279 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46280 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46281 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46282 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46283 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUJobCountHistory SQL injection attempt (server-webapp.rules)
 * 1:46284 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:46285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules)
 * 1:46286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules)
 * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules)
 * 1:46288 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 1:46269 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules)
 * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules)
 * 1:46275 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46276 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46274 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 3:46294 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules)
 * 3:46295 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules)
 * 3:46292 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules)
 * 3:46293 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules)
 * 3:46296 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0570 attack attempt (server-webapp.rules)

Modified Rules:



2018-04-12 15:32:30 UTC

Snort Subscriber Rules Update

Date: 2018-04-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (snort3-server-webapp.rules)
 * 1:46271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (snort3-malware-cnc.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (snort3-malware-cnc.rules)
 * 1:46288 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (snort3-malware-backdoor.rules)
 * 1:46275 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (snort3-server-webapp.rules)
 * 1:46274 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (snort3-server-webapp.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (snort3-malware-cnc.rules)
 * 1:46278 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46279 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46280 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46276 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46281 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46269 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (snort3-malware-cnc.rules)
 * 1:46277 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (snort3-malware-cnc.rules)
 * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (snort3-server-webapp.rules)
 * 1:46290 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (snort3-malware-backdoor.rules)
 * 1:46291 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor file management attempt (snort3-malware-backdoor.rules)
 * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (snort3-malware-backdoor.rules)
 * 1:46273 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)
 * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (snort3-server-webapp.rules)
 * 1:46285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (snort3-malware-cnc.rules)
 * 1:46286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (snort3-malware-cnc.rules)
 * 1:46283 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUJobCountHistory SQL injection attempt (snort3-server-webapp.rules)
 * 1:46284 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (snort3-malware-cnc.rules)
 * 1:46282 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (snort3-server-samba.rules)

Modified Rules:



2018-04-12 15:32:30 UTC

Snort Subscriber Rules Update

Date: 2018-04-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:46288 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 1:46283 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUJobCountHistory SQL injection attempt (server-webapp.rules)
 * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules)
 * 1:46276 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46277 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules)
 * 1:46290 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 1:46278 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46279 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46280 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46281 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules)
 * 1:46273 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46284 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:46282 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules)
 * 1:46274 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46269 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46275 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46291 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor file management attempt (malware-backdoor.rules)
 * 1:46285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules)
 * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 3:46293 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules)
 * 3:46295 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules)
 * 3:46296 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0570 attack attempt (server-webapp.rules)
 * 3:46294 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules)
 * 3:46292 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules)

Modified Rules:



2018-04-12 15:32:30 UTC

Snort Subscriber Rules Update

Date: 2018-04-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:46271 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules)
 * 1:46274 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46273 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46278 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46270 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46291 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor file management attempt (malware-backdoor.rules)
 * 1:46297 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46298 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46299 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46269 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46290 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell backdoor detected (malware-backdoor.rules)
 * 1:46272 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sanny malware variant FTP login (malware-cnc.rules)
 * 1:46268 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Sanny URI request for known malicious URI (malware-cnc.rules)
 * 1:46279 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46280 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46300 <-> DISABLED <-> SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt (server-webapp.rules)
 * 1:46289 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 1:46281 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46282 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46283 <-> DISABLED <-> SERVER-WEBAPP Quest NetVault Backup Server NVBUJobCountHistory SQL injection attempt (server-webapp.rules)
 * 1:46284 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:46285 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules)
 * 1:46275 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bandios inbound delivery attempt (malware-cnc.rules)
 * 1:46276 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46287 <-> DISABLED <-> SERVER-WEBAPP Linksys E series denial of service attempt (server-webapp.rules)
 * 1:46277 <-> DISABLED <-> SERVER-SAMBA Samba spoolss denial of service attempt (server-samba.rules)
 * 1:46288 <-> DISABLED <-> MALWARE-BACKDOOR JSP webshell transfer attempt (malware-backdoor.rules)
 * 3:46294 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules)
 * 3:46295 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0572 attack attempt (server-webapp.rules)
 * 3:46296 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0570 attack attempt (server-webapp.rules)
 * 3:46293 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules)
 * 3:46292 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0569 attack attempt (file-pdf.rules)

Modified Rules: