Talos Rules 2019-12-12
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, exploit-kit, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, os-windows and server-other rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-12-12 12:56:56 UTC

Snort Subscriber Rules Update

Date: 2019-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (server-mysql.rules)
 * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (os-windows.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52449 <-> DISABLED <-> INDICATOR-COMPROMISE Potential phishing domain ddns.net outbound connection detected (indicator-compromise.rules)
 * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (malware-other.rules)
 * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)

Modified Rules:


 * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (malware-cnc.rules)
 * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)

2019-12-12 12:56:56 UTC

Snort Subscriber Rules Update

Date: 2019-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (server-mysql.rules)
 * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (os-windows.rules)
 * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (malware-other.rules)
 * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52449 <-> DISABLED <-> INDICATOR-COMPROMISE Potential phishing domain ddns.net outbound connection detected (indicator-compromise.rules)
 * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)
 * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)

Modified Rules:


 * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (malware-cnc.rules)
 * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)

2019-12-12 12:56:56 UTC

Snort Subscriber Rules Update

Date: 2019-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52449 <-> DISABLED <-> INDICATOR-COMPROMISE Potential phishing domain ddns.net outbound connection detected (indicator-compromise.rules)
 * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (malware-other.rules)
 * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (server-mysql.rules)
 * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (os-windows.rules)
 * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)

Modified Rules:


 * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (malware-cnc.rules)
 * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)

2019-12-12 12:56:56 UTC

Snort Subscriber Rules Update

Date: 2019-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (malware-other.rules)
 * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (server-mysql.rules)
 * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (os-windows.rules)
 * 1:52449 <-> DISABLED <-> INDICATOR-COMPROMISE Potential phishing domain ddns.net outbound connection detected (indicator-compromise.rules)
 * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)
 * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)

Modified Rules:


 * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (malware-cnc.rules)
 * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)

2019-12-12 12:56:56 UTC

Snort Subscriber Rules Update

Date: 2019-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (os-windows.rules)
 * 1:52449 <-> DISABLED <-> INDICATOR-COMPROMISE Potential phishing domain ddns.net outbound connection detected (indicator-compromise.rules)
 * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (server-mysql.rules)
 * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (malware-other.rules)
 * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)
 * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)

Modified Rules:


 * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (malware-cnc.rules)
 * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)

2019-12-12 12:56:56 UTC

Snort Subscriber Rules Update

Date: 2019-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (snort3-malware-other.rules)
 * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (snort3-server-mysql.rules)
 * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (snort3-browser-firefox.rules)
 * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (snort3-browser-firefox.rules)
 * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (snort3-browser-firefox.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (snort3-server-other.rules)
 * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (snort3-os-windows.rules)
 * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (snort3-malware-other.rules)
 * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (snort3-malware-cnc.rules)
 * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (snort3-file-office.rules)
 * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (snort3-malware-other.rules)
 * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (snort3-file-office.rules)
 * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (snort3-malware-other.rules)
 * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (snort3-malware-other.rules)
 * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (snort3-malware-other.rules)
 * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (snort3-browser-firefox.rules)
 * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (snort3-malware-other.rules)
 * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (snort3-malware-other.rules)
 * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (snort3-malware-other.rules)
 * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (snort3-malware-other.rules)
 * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (snort3-malware-other.rules)
 * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (snort3-malware-other.rules)
 * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (snort3-malware-other.rules)
 * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (snort3-malware-other.rules)
 * 1:52449 <-> DISABLED <-> INDICATOR-COMPROMISE Potential phishing domain ddns.net outbound connection detected (snort3-indicator-compromise.rules)
 * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (snort3-malware-other.rules)
 * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (snort3-malware-other.rules)
 * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (snort3-malware-other.rules)

Modified Rules:


 * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (snort3-browser-ie.rules)
 * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (snort3-malware-cnc.rules)
 * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (snort3-exploit-kit.rules)
 * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (snort3-file-pdf.rules)
 * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (snort3-browser-ie.rules)
 * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (snort3-browser-firefox.rules)
 * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (snort3-file-pdf.rules)
 * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (snort3-browser-firefox.rules)

2019-12-12 12:56:56 UTC

Snort Subscriber Rules Update

Date: 2019-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (os-windows.rules)
 * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (server-mysql.rules)
 * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (malware-other.rules)
 * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52449 <-> DISABLED <-> INDICATOR-COMPROMISE Potential phishing domain ddns.net outbound connection detected (indicator-compromise.rules)
 * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (malware-cnc.rules)
 * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)
 * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)

Modified Rules:


 * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (malware-cnc.rules)
 * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)

2019-12-12 12:56:56 UTC

Snort Subscriber Rules Update

Date: 2019-12-12

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:52430 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52445 <-> ENABLED <-> MALWARE-CNC Doc.Malware.Gamaredon variant outbound connection (malware-cnc.rules)
 * 1:52443 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52447 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52437 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52426 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52435 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52425 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52449 <-> DISABLED <-> INDICATOR-COMPROMISE Potential phishing domain ddns.net outbound connection detected (indicator-compromise.rules)
 * 1:52427 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52448 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant third stage download detected (malware-other.rules)
 * 1:52446 <-> ENABLED <-> MALWARE-OTHER Doc.Malware.Gamaredon variant second stage download detected (malware-other.rules)
 * 1:52438 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52431 <-> DISABLED <-> BROWSER-FIREFOX IonMonkey MArraySlice buffer overflow attempt (browser-firefox.rules)
 * 1:52441 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:51649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop Services license negotiation denial of service attempt (os-windows.rules)
 * 1:52422 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52421 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Wordpad Converter sprmT record heap overflow attempt (file-office.rules)
 * 1:52439 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.PowershellAgent variant download attempt (malware-other.rules)
 * 1:52436 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Powerkatz variant download attempt (malware-other.rules)
 * 1:52440 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.LazyCat variant download attempt (malware-other.rules)
 * 1:52434 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.WebShellAccessDB variant download attempt (malware-other.rules)
 * 1:52423 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query envelope object integer overflow attempt (server-mysql.rules)
 * 1:52429 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52442 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz variant download attempt (malware-other.rules)
 * 1:52424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:52428 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.DoppelPaymer variant download attempt (malware-other.rules)
 * 3:52432 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)
 * 3:52444 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)
 * 3:52433 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-2019-0970 attack attempt (os-windows.rules)

Modified Rules:


 * 1:50696 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:29446 <-> ENABLED <-> EXPLOIT-KIT Styx exploit kit jar outbound connection (exploit-kit.rules)
 * 1:50697 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox RemotePrompt sandbox escape attempt (browser-firefox.rules)
 * 1:48293 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:48294 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RegExp out of bounds read attempt (file-pdf.rules)
 * 1:48052 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:48051 <-> DISABLED <-> BROWSER-IE Multiple browsers memory corruption attempt (browser-ie.rules)
 * 1:51636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Amadey botnet outbound connection (malware-cnc.rules)
 * 3:15433 <-> ENABLED <-> FILE-OTHER Winamp MAKI parsing integer overflow attempt (file-other.rules)