Talos Rules 2019-02-07
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-other, deleted, file-image, file-java, malware-cnc, pua-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2019-02-07 18:56:54 UTC

Snort Subscriber Rules Update

Date: 2019-02-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49126 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules)
 * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49121 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules)
 * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49127 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules)
 * 1:49099 <-> DISABLED <-> DELETED zB5y92bqRRwTKPbVdc4w (deleted.rules)
 * 1:49100 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server NTLM relay attack attempt (server-other.rules)
 * 1:49101 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49102 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49103 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49104 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49105 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49106 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49107 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49108 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49109 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49098 <-> DISABLED <-> SERVER-WEBAPP Joomla Easy Shop local file inclusion attempt (server-webapp.rules)
 * 1:49110 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49111 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency miner download attempt (pua-other.rules)
 * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49113 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49120 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules)
 * 1:49115 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:49118 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:49119 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)

Modified Rules:


 * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules)
 * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules)

2019-02-07 18:56:54 UTC

Snort Subscriber Rules Update

Date: 2019-02-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49121 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules)
 * 1:49126 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules)
 * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49099 <-> DISABLED <-> DELETED zB5y92bqRRwTKPbVdc4w (deleted.rules)
 * 1:49100 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server NTLM relay attack attempt (server-other.rules)
 * 1:49101 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49102 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49103 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49104 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49105 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49106 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49107 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49108 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49109 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49110 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49111 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency miner download attempt (pua-other.rules)
 * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49113 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49115 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:49098 <-> DISABLED <-> SERVER-WEBAPP Joomla Easy Shop local file inclusion attempt (server-webapp.rules)
 * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49118 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:49127 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules)
 * 1:49119 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:49120 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules)

Modified Rules:


 * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules)
 * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules)

2019-02-07 18:56:54 UTC

Snort Subscriber Rules Update

Date: 2019-02-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49121 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules)
 * 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (snort3-browser-other.rules)
 * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (snort3-file-java.rules)
 * 1:49127 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:49126 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules)
 * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules)
 * 1:49099 <-> DISABLED <-> DELETED zB5y92bqRRwTKPbVdc4w (snort3-deleted.rules)
 * 1:49101 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (snort3-malware-cnc.rules)
 * 1:49102 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (snort3-malware-cnc.rules)
 * 1:49103 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (snort3-malware-cnc.rules)
 * 1:49104 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:49105 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:49106 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:49107 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:49108 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:49109 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:49110 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (snort3-malware-cnc.rules)
 * 1:49111 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency miner download attempt (snort3-pua-other.rules)
 * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (snort3-browser-other.rules)
 * 1:49113 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (snort3-browser-other.rules)
 * 1:49118 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (snort3-browser-ie.rules)
 * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (snort3-file-java.rules)
 * 1:49119 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (snort3-browser-ie.rules)
 * 1:49120 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (snort3-server-webapp.rules)
 * 1:49115 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (snort3-browser-other.rules)
 * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (snort3-file-image.rules)
 * 1:49100 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server NTLM relay attack attempt (snort3-server-other.rules)
 * 1:49098 <-> DISABLED <-> SERVER-WEBAPP Joomla Easy Shop local file inclusion attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (snort3-browser-ie.rules)
 * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (snort3-browser-ie.rules)

2019-02-07 18:56:54 UTC

Snort Subscriber Rules Update

Date: 2019-02-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49120 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules)
 * 1:49121 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules)
 * 1:49098 <-> DISABLED <-> SERVER-WEBAPP Joomla Easy Shop local file inclusion attempt (server-webapp.rules)
 * 1:49100 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server NTLM relay attack attempt (server-other.rules)
 * 1:49101 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49102 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49103 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49104 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49105 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49106 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49107 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49108 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49109 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49110 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49111 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency miner download attempt (pua-other.rules)
 * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49113 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49115 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:49118 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:49119 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49127 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules)
 * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49126 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules)
 * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49099 <-> DISABLED <-> DELETED zB5y92bqRRwTKPbVdc4w (deleted.rules)

Modified Rules:


 * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules)
 * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules)

2019-02-07 18:56:54 UTC

Snort Subscriber Rules Update

Date: 2019-02-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49107 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49106 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49105 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49104 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49103 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49102 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49101 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qealler outbound connection attempt (malware-cnc.rules)
 * 1:49100 <-> DISABLED <-> SERVER-OTHER Microsoft Exchange Server NTLM relay attack attempt (server-other.rules)
 * 1:49099 <-> DISABLED <-> DELETED zB5y92bqRRwTKPbVdc4w (deleted.rules)
 * 1:49098 <-> DISABLED <-> SERVER-WEBAPP Joomla Easy Shop local file inclusion attempt (server-webapp.rules)
 * 1:49127 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules)
 * 1:49126 <-> DISABLED <-> SERVER-WEBAPP HP IMC perfAddorModDeviceMonitorBean Java expression language injection attempt (server-webapp.rules)
 * 1:49125 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49124 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49123 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49122 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat TIFF heap buffer overflow attempt (file-image.rules)
 * 1:49121 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules)
 * 1:49120 <-> DISABLED <-> SERVER-WEBAPP HP IMC faultEventSelectBean Java expression language injection attempt (server-webapp.rules)
 * 1:49119 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:49118 <-> DISABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules)
 * 1:49117 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:49116 <-> DISABLED <-> FILE-JAVA Oracle Java JPEGImageWriter memory corruption attempt (file-java.rules)
 * 1:49115 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49113 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer overflow attempt (browser-other.rules)
 * 1:49111 <-> ENABLED <-> PUA-OTHER XMRig cryptocurrency miner download attempt (pua-other.rules)
 * 1:49110 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49109 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)
 * 1:49108 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.DarthMiner variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:31200 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules)
 * 1:31201 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer summary node swap use after free attempt (browser-ie.rules)