Talos Rules 2018-10-04
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the deleted, file-image, file-multimedia, file-other, file-pdf, malware-cnc, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2018-10-04 18:11:57 UTC

Snort Subscriber Rules Update

Date: 2018-10-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules)
 * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules)
 * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (deleted.rules)
 * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules)
 * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules)
 * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules)
 * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules)
 * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (deleted.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules)
 * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules)
 * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules)
 * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
 * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
 * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules)
 * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules)
 * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules)
 * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules)

Modified Rules:


 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)

2018-10-04 18:11:57 UTC

Snort Subscriber Rules Update

Date: 2018-10-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (deleted.rules)
 * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules)
 * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules)
 * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules)
 * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules)
 * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
 * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
 * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules)
 * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules)
 * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules)
 * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (deleted.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules)
 * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules)
 * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules)
 * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules)

Modified Rules:


 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)

2018-10-04 18:11:57 UTC

Snort Subscriber Rules Update

Date: 2018-10-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (snort3-file-image.rules)
 * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
 * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (snort3-malware-cnc.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (snort3-server-mail.rules)
 * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
 * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (snort3-deleted.rules)
 * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (snort3-server-webapp.rules)
 * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (snort3-malware-cnc.rules)
 * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
 * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (snort3-server-webapp.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (snort3-file-image.rules)
 * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (snort3-file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (snort3-file-image.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-image.rules)
 * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-pdf.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (snort3-file-image.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (snort3-file-other.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (snort3-file-image.rules)
 * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (snort3-server-webapp.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (snort3-file-image.rules)
 * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (snort3-server-webapp.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (snort3-file-other.rules)
 * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (snort3-server-webapp.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-image.rules)
 * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (snort3-malware-cnc.rules)
 * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (snort3-file-pdf.rules)
 * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (snort3-file-image.rules)
 * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (snort3-malware-cnc.rules)
 * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (snort3-file-pdf.rules)
 * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (snort3-file-pdf.rules)
 * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (snort3-deleted.rules)
 * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (snort3-malware-cnc.rules)
 * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (snort3-file-pdf.rules)
 * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (snort3-file-pdf.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (snort3-file-image.rules)
 * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (snort3-malware-cnc.rules)
 * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (snort3-malware-cnc.rules)
 * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (snort3-malware-cnc.rules)
 * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (snort3-server-other.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (snort3-file-image.rules)
 * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (snort3-file-pdf.rules)

Modified Rules:


 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (snort3-file-pdf.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (snort3-file-multimedia.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (snort3-file-multimedia.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (snort3-file-multimedia.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (snort3-file-other.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (snort3-file-pdf.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (snort3-file-other.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (snort3-file-multimedia.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (snort3-file-image.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (snort3-file-image.rules)

2018-10-04 18:11:57 UTC

Snort Subscriber Rules Update

Date: 2018-10-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules)
 * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (deleted.rules)
 * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules)
 * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
 * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules)
 * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
 * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules)
 * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules)
 * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules)
 * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (deleted.rules)
 * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules)
 * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules)
 * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules)
 * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules)
 * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules)
 * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules)

Modified Rules:


 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)

2018-10-04 18:11:57 UTC

Snort Subscriber Rules Update

Date: 2018-10-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:48021 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48030 <-> DISABLED <-> DELETED GgEcFJAJt6lmvQ3tf9DO (deleted.rules)
 * 1:48011 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48022 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Viro variant outbound connection (malware-cnc.rules)
 * 1:48043 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
 * 1:48029 <-> DISABLED <-> SERVER-MAIL PHPMailer information disclosure attempt (server-mail.rules)
 * 1:48026 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules)
 * 1:48027 <-> ENABLED <-> MALWARE-CNC BabaYaga outbound connection (malware-cnc.rules)
 * 1:48020 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48014 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48032 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48010 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:47999 <-> DISABLED <-> DELETED sJ5m7E0Blq0B2WLeJAUj (deleted.rules)
 * 1:48000 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules)
 * 1:48016 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48001 <-> DISABLED <-> FILE-PDF Adobe Reader JavaScript pointer offset out-of-bounds read attempt (file-pdf.rules)
 * 1:48024 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PyLocky outbound connection attempt (malware-cnc.rules)
 * 1:48017 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed JavaScript input out of bounds read attempt (file-image.rules)
 * 1:48002 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48042 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules)
 * 1:48031 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds read attempt (file-image.rules)
 * 1:48012 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48041 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XLST parsing engine use after free attempt (file-pdf.rules)
 * 1:48003 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro Universal 3D engine untrusted pointer dereference attempt (file-image.rules)
 * 1:48044 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 marker memory corruption attempt (file-image.rules)
 * 1:48004 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS login.php SQL injection attempt (server-webapp.rules)
 * 1:48018 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48019 <-> DISABLED <-> FILE-PDF Adobe Reader malformed JavaScript input out of bounds read attempt (file-pdf.rules)
 * 1:48028 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:48033 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48040 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48013 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro U3D TIFF XResolution out of bounds read attempt (file-image.rules)
 * 1:48005 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:48034 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF file use-after-free attempt (file-other.rules)
 * 1:48006 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48007 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules)
 * 1:48008 <-> DISABLED <-> SERVER-WEBAPP Navigate CMS navigate_upload.php directory traversal attempt (server-webapp.rules)
 * 1:48036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AcridRain outbound connection (malware-cnc.rules)
 * 1:48009 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro integer overflow attempt (file-image.rules)
 * 1:48038 <-> DISABLED <-> SERVER-OTHER Western Digital My Cloud authentication bypass attempt (server-other.rules)
 * 1:48039 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed BMP out of bounds read attempt (file-image.rules)
 * 1:48025 <-> ENABLED <-> MALWARE-CNC BabaYaga inbound connection (malware-cnc.rules)
 * 3:48037 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning hardcoded LDAP password authentication attempt (server-other.rules)
 * 3:48023 <-> ENABLED <-> SERVER-WEBAPP Cisco DNA Center unauthenticated user creation attempt (server-webapp.rules)
 * 3:48015 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Infrastructure arbitrary JSP file upload attempt (server-webapp.rules)

Modified Rules:


 * 1:47131 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:46673 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:43888 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)
 * 1:47331 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:44055 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:44056 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_COMMENT record out of bounds access attempt (file-multimedia.rules)
 * 1:46671 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:43889 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Professional EMF malformed EMR_BITBLT record out of bounds access attempt (file-multimedia.rules)
 * 1:47688 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:46669 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D SGI RGB information leak attempt (file-pdf.rules)
 * 1:46667 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46668 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47686 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47329 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:46670 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47328 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)
 * 1:46674 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:46672 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF file EMR_STRETCHDIBITS heap overflow attempt (file-image.rules)
 * 1:47132 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF Alphablend memory corruption attempt (file-other.rules)
 * 1:47685 <-> DISABLED <-> FILE-PDF Adobe Acrobat Pro U3D IFF out of bounds read attempt (file-pdf.rules)
 * 1:47330 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF out of bounds read attempt (file-image.rules)