Talos Rules 2020-06-11
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-pdf, indicator-shellcode, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-06-11 13:32:35 UTC

Snort Subscriber Rules Update

Date: 2020-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (malware-cnc.rules)
 * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules)
 * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)
 * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)

2020-06-11 13:32:35 UTC

Snort Subscriber Rules Update

Date: 2020-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (malware-cnc.rules)
 * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules)
 * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)
 * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)

2020-06-11 13:32:35 UTC

Snort Subscriber Rules Update

Date: 2020-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (malware-cnc.rules)
 * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)
 * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)

2020-06-11 13:32:35 UTC

Snort Subscriber Rules Update

Date: 2020-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (malware-cnc.rules)
 * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules)
 * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)
 * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)

2020-06-11 13:32:35 UTC

Snort Subscriber Rules Update

Date: 2020-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (malware-cnc.rules)
 * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)
 * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)

2020-06-11 13:32:35 UTC

Snort Subscriber Rules Update

Date: 2020-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (malware-cnc.rules)
 * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules)
 * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)
 * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)

2020-06-11 13:32:35 UTC

Snort Subscriber Rules Update

Date: 2020-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (snort3-malware-other.rules)
 * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (snort3-malware-other.rules)
 * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (snort3-malware-other.rules)
 * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (snort3-malware-other.rules)
 * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (snort3-malware-other.rules)
 * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (snort3-malware-cnc.rules)
 * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (snort3-malware-cnc.rules)
 * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (snort3-malware-other.rules)
 * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (snort3-malware-cnc.rules)
 * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (snort3-malware-other.rules)
 * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (snort3-malware-cnc.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (snort3-indicator-shellcode.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (snort3-policy-other.rules)
 * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (snort3-server-webapp.rules)

2020-06-11 13:32:35 UTC

Snort Subscriber Rules Update

Date: 2020-06-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:54286 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54288 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54289 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014473-0 download attempt (malware-other.rules)
 * 1:54284 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 1:54293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neutrino variant payload download (malware-cnc.rules)
 * 1:54291 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54294 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54292 <-> DISABLED <-> MALWARE-OTHER Doc.Trojan.AZORult phishing document download attempt (malware-other.rules)
 * 1:54295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AZORult variant payload download attempt (malware-cnc.rules)
 * 1:54287 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-8014472-0 download attempt (malware-other.rules)
 * 1:54285 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.NetWire-8014470-0 download attempt (malware-other.rules)
 * 3:54283 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54282 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1092 attack attempt (file-pdf.rules)
 * 3:54290 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1091 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 1:51418 <-> ENABLED <-> SERVER-WEBAPP Telerik UI cryptographic keys disclosure attempt (server-webapp.rules)
 * 1:51417 <-> DISABLED <-> POLICY-OTHER Telerik UI cryptographic keys disclosure attempt (policy-other.rules)
 * 1:46937 <-> ENABLED <-> INDICATOR-SHELLCODE ysoserial Java object deserialization exploit attempt (indicator-shellcode.rules)
 * 3:53486 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)
 * 3:53485 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1028 attack attempt (file-pdf.rules)