Talos has added and modified multiple rules in the browser-chrome, browser-ie, browser-plugins, exploit-kit, file-executable, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, os-linux, os-windows, policy-other, pua-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules)
* 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules)
* 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules)
* 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules)
* 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules)
* 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules)
* 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules)
* 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (snort3-malware-other.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (snort3-malware-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (snort3-malware-other.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (snort3-file-office.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (snort3-file-office.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (snort3-server-webapp.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (snort3-malware-other.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (snort3-malware-other.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (snort3-malware-other.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (snort3-server-other.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (snort3-server-webapp.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (snort3-malware-other.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (snort3-malware-other.rules) * 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (snort3-server-other.rules) * 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (snort3-server-webapp.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (snort3-malware-other.rules)
* 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (snort3-file-flash.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (snort3-file-office.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (snort3-file-other.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (snort3-file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (snort3-file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (snort3-file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (snort3-file-flash.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (snort3-malware-cnc.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (snort3-file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (snort3-file-other.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (snort3-file-flash.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (snort3-file-office.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (snort3-browser-ie.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (snort3-file-other.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (snort3-file-flash.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (snort3-file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (snort3-file-flash.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (snort3-browser-ie.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (snort3-file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (snort3-file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (snort3-file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (snort3-file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (snort3-file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (snort3-file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (snort3-file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (snort3-file-flash.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (snort3-file-pdf.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (snort3-file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (snort3-file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (snort3-file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (snort3-file-flash.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (snort3-file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (snort3-file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (snort3-file-pdf.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (snort3-server-webapp.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (snort3-file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (snort3-file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (snort3-file-flash.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (snort3-file-flash.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (snort3-server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (snort3-server-webapp.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (snort3-file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (snort3-file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (snort3-file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (snort3-file-flash.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (snort3-malware-backdoor.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (snort3-file-flash.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (snort3-file-other.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (snort3-file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (snort3-file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (snort3-file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (snort3-exploit-kit.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (snort3-file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (snort3-file-office.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (snort3-file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (snort3-file-flash.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (snort3-file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (snort3-file-flash.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (snort3-file-flash.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (snort3-file-office.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (snort3-server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (snort3-browser-ie.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (snort3-file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (snort3-browser-ie.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (snort3-file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (snort3-file-flash.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (snort3-file-office.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (snort3-file-flash.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (snort3-file-flash.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (snort3-file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (snort3-file-flash.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (snort3-file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (snort3-file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (snort3-file-pdf.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (snort3-file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (snort3-file-pdf.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (snort3-file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (snort3-file-flash.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (snort3-file-pdf.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (snort3-file-flash.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (snort3-file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (snort3-file-pdf.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (snort3-file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (snort3-file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (snort3-file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (snort3-file-flash.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (snort3-file-flash.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (snort3-file-other.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (snort3-file-flash.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (snort3-file-pdf.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (snort3-file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (snort3-file-flash.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (snort3-file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (snort3-file-flash.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (snort3-file-pdf.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (snort3-file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (snort3-file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (snort3-file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (snort3-file-flash.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (snort3-file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (snort3-server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (snort3-file-other.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (snort3-file-flash.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (snort3-file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (snort3-browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (snort3-file-office.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (snort3-file-flash.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (snort3-file-pdf.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (snort3-file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (snort3-file-flash.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (snort3-file-office.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (snort3-os-windows.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (snort3-file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (snort3-file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (snort3-malware-cnc.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (snort3-os-linux.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (snort3-os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (snort3-indicator-compromise.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (snort3-file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (snort3-file-office.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (snort3-os-linux.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (snort3-file-flash.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (snort3-browser-plugins.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (snort3-os-windows.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (snort3-file-office.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (snort3-malware-cnc.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (snort3-server-webapp.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (snort3-malware-cnc.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (snort3-browser-ie.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (snort3-malware-other.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (snort3-malware-cnc.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (snort3-file-java.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (snort3-file-pdf.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (snort3-malware-cnc.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (snort3-pua-other.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (snort3-browser-chrome.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (snort3-browser-chrome.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (snort3-browser-chrome.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (snort3-server-webapp.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (snort3-file-image.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (snort3-malware-cnc.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (snort3-exploit-kit.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (snort3-browser-ie.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (snort3-file-flash.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (snort3-malware-cnc.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (snort3-file-office.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (snort3-file-pdf.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (snort3-malware-cnc.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (snort3-malware-cnc.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (snort3-exploit-kit.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (snort3-os-windows.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (snort3-file-pdf.rules) * 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (snort3-malware-cnc.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (snort3-malware-cnc.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (snort3-file-pdf.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (snort3-file-flash.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (snort3-file-office.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (snort3-malware-cnc.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (snort3-file-office.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (snort3-browser-ie.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (snort3-malware-backdoor.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (snort3-malware-cnc.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (snort3-server-webapp.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (snort3-malware-cnc.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (snort3-malware-cnc.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (snort3-malware-cnc.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (snort3-malware-cnc.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (snort3-file-flash.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (snort3-malware-cnc.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (snort3-file-flash.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (snort3-pua-other.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (snort3-malware-cnc.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (snort3-file-office.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (snort3-pua-other.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (snort3-os-windows.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (snort3-malware-cnc.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (snort3-malware-cnc.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (snort3-browser-ie.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (snort3-malware-cnc.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-image.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (snort3-file-office.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (snort3-malware-cnc.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (snort3-file-office.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (snort3-malware-cnc.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (snort3-malware-cnc.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (snort3-file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (snort3-file-flash.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (snort3-malware-cnc.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (snort3-browser-plugins.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (snort3-file-office.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (snort3-file-office.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (snort3-malware-cnc.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (snort3-file-flash.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (snort3-malware-cnc.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (snort3-server-webapp.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (snort3-file-pdf.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (snort3-malware-other.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (snort3-file-other.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (snort3-browser-ie.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (snort3-file-office.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (snort3-malware-cnc.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (snort3-file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (snort3-file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (snort3-os-windows.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (snort3-server-apache.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (snort3-file-flash.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (snort3-file-flash.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (snort3-file-flash.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (snort3-file-office.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (snort3-file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (snort3-file-flash.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (snort3-file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (snort3-file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (snort3-file-flash.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (snort3-file-office.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (snort3-file-flash.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (snort3-file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (snort3-file-flash.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (snort3-file-office.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (snort3-file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (snort3-file-flash.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (snort3-file-flash.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (snort3-file-flash.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (snort3-os-windows.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (snort3-file-flash.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (snort3-file-flash.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (snort3-file-office.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (snort3-file-flash.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (snort3-malware-cnc.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (snort3-file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (snort3-file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (snort3-file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (snort3-file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (snort3-file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (snort3-file-flash.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (snort3-file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (snort3-file-flash.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (snort3-file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (snort3-file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (snort3-file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (snort3-file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (snort3-file-flash.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (snort3-exploit-kit.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (snort3-file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (snort3-file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (snort3-file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (snort3-file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (snort3-file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (snort3-server-webapp.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (snort3-malware-cnc.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (snort3-file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (snort3-file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (snort3-file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (snort3-file-flash.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (snort3-server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (snort3-file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (snort3-file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (snort3-file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (snort3-file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (snort3-file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (snort3-file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (snort3-file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (snort3-file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (snort3-file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (snort3-file-flash.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (snort3-file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (snort3-file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (snort3-file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (snort3-file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (snort3-file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (snort3-file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (snort3-file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (snort3-file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (snort3-file-flash.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (snort3-file-office.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (snort3-file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (snort3-file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (snort3-file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (snort3-file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (snort3-file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (snort3-file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (snort3-file-flash.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (snort3-file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (snort3-file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (snort3-file-office.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (snort3-file-flash.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (snort3-file-flash.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (snort3-file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (snort3-file-other.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (snort3-file-office.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (snort3-file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (snort3-file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (snort3-file-flash.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (snort3-malware-cnc.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (snort3-file-office.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (snort3-file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (snort3-file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (snort3-file-pdf.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (snort3-file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (snort3-file-flash.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (snort3-os-windows.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (snort3-file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (snort3-browser-ie.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (snort3-file-flash.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (snort3-file-office.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (snort3-file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (snort3-file-other.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (snort3-os-windows.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (snort3-browser-plugins.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (snort3-file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (snort3-file-flash.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (snort3-file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (snort3-file-office.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (snort3-browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (snort3-file-executable.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (snort3-exploit-kit.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (snort3-file-flash.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (snort3-file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (snort3-file-office.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (snort3-file-office.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (snort3-file-other.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (snort3-file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (snort3-server-webapp.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (snort3-file-other.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (snort3-server-webapp.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (snort3-file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (snort3-policy-other.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (snort3-file-image.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (snort3-file-pdf.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (snort3-file-office.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (snort3-server-webapp.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (snort3-server-webapp.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (snort3-file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (snort3-file-flash.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (snort3-file-pdf.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (snort3-file-office.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (snort3-exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (snort3-server-apache.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (snort3-file-flash.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (snort3-malware-cnc.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (snort3-file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (snort3-file-office.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (snort3-server-apache.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (snort3-file-office.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (snort3-file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (snort3-file-other.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (snort3-file-office.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (snort3-policy-other.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (snort3-file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (snort3-server-webapp.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (snort3-file-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (snort3-file-flash.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (snort3-policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (snort3-policy-other.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (snort3-policy-other.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (snort3-file-flash.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (snort3-browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (snort3-browser-ie.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (snort3-policy-other.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (snort3-file-pdf.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (snort3-file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (snort3-file-office.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (snort3-file-flash.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (snort3-file-office.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (snort3-file-pdf.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (snort3-file-flash.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (snort3-file-pdf.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (snort3-file-flash.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (snort3-malware-other.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (snort3-file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (snort3-browser-ie.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (snort3-file-image.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (snort3-server-webapp.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (snort3-file-flash.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (snort3-file-other.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (snort3-file-other.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (snort3-server-other.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (snort3-browser-plugins.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (snort3-server-webapp.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (snort3-os-windows.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (snort3-malware-cnc.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (snort3-file-image.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (snort3-malware-cnc.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (snort3-malware-cnc.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (snort3-file-flash.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (snort3-malware-cnc.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (snort3-server-webapp.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (snort3-malware-cnc.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (snort3-server-webapp.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (snort3-malware-cnc.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (snort3-os-windows.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (snort3-server-other.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (snort3-file-pdf.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (snort3-malware-cnc.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (snort3-server-webapp.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (snort3-malware-cnc.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (snort3-file-image.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (snort3-pua-other.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (snort3-server-other.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (snort3-malware-cnc.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (snort3-file-pdf.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (snort3-file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (snort3-file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (snort3-file-flash.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (snort3-browser-chrome.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (snort3-file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (snort3-file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (snort3-file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (snort3-file-flash.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (snort3-file-office.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (snort3-file-flash.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (snort3-malware-cnc.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (snort3-file-flash.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (snort3-file-flash.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (snort3-file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (snort3-file-office.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (snort3-malware-cnc.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (snort3-file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56162 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:56150 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion DataServicesCFProxy insecure Java deserialization attempt (server-other.rules) * 1:56167 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56165 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56155 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56166 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil outbound communication attempt (malware-other.rules) * 1:56163 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56141 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56156 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56142 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zusy-9784403-0 download attempt (malware-other.rules) * 1:56157 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook email parsing remote code execution attempt (file-office.rules) * 1:56164 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.PyVil download attempt (malware-other.rules) * 1:56154 <-> DISABLED <-> SERVER-WEBAPP MobileIron Core & Connector remote code execution attempt (server-webapp.rules) * 1:56140 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56139 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Czxz-9784395-0 download attempt (malware-other.rules) * 1:56151 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion vulnerable DataServicesCFProxy class reference attempt (server-other.rules) * 3:56149 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56146 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56161 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56147 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56152 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules) * 3:56159 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56148 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1179 attack attempt (server-webapp.rules) * 3:56144 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56160 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56145 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56158 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2020-1176 attack attempt (file-image.rules) * 3:56143 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1177 attack attempt (server-webapp.rules) * 3:56153 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1178 attack attempt (server-webapp.rules)
* 1:46782 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:45564 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant outbound connection attempt (malware-cnc.rules) * 1:45148 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:44564 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44016 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:47557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:44052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word EPS filter PostScript object use after free attempt (file-office.rules) * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules) * 1:36707 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36708 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed odttf integer overflow attempt (file-office.rules) * 1:36713 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ClickOnce information disclosure attempt (os-windows.rules) * 1:36714 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36715 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel slicer style use-after-free attempt (file-office.rules) * 1:36751 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36752 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MdCallBack out of bounds read attempt (file-office.rules) * 1:36812 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:36819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36821 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36822 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:36829 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:45977 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:43865 <-> DISABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:44892 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:46586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46793 <-> DISABLED <-> OS-WINDOWS Malicious zip download attempt (os-windows.rules) * 1:43900 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound upload attempt (malware-cnc.rules) * 1:44361 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:47056 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:45371 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:46137 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection attempt (malware-cnc.rules) * 1:45117 <-> DISABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:46583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:36830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:44619 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:46371 <-> DISABLED <-> PUA-OTHER Moonify TLS server hello attempt (pua-other.rules) * 1:46129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant outbound connection (malware-cnc.rules) * 1:45976 <-> DISABLED <-> SERVER-WEBAPP Pivotal Spring Data REST PATCH request remote code execution attempt (server-webapp.rules) * 1:46580 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46584 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:36831 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:36832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 actionExtends use-after-free attempt (file-flash.rules) * 1:45169 <-> DISABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:46582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:46783 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Vpnfilter variant SSL connection attempt (malware-cnc.rules) * 1:44880 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:45642 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound connection (malware-cnc.rules) * 1:44620 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:44657 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:46249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:44964 <-> DISABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45922 <-> DISABLED <-> EXPLOIT-KIT Terror EK exe download attempt (exploit-kit.rules) * 1:36846 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 TextField gridFitType use after free attempt (file-flash.rules) * 1:36859 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:45949 <-> DISABLED <-> PUA-OTHER Coinhive TLS server hello attempt (pua-other.rules) * 1:49789 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:36860 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:36863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:56130 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:45646 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent outbound system information disclosure (malware-cnc.rules) * 1:43383 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:36864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachsound use-after-free attempt (file-flash.rules) * 1:36883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules) * 1:47358 <-> DISABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:56138 <-> ENABLED <-> SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (server-webapp.rules) * 1:36960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:45336 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:43396 <-> DISABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43179 <-> DISABLED <-> FILE-OFFICE Powerpoint mouseover powershell malware download attempt (file-office.rules) * 1:56131 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:36961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XML parsing use after free attempt (file-office.rules) * 1:36998 <-> DISABLED <-> OS-WINDOWS Microsoft .NET Silverlight manifest resource file information disclosure attempt (os-windows.rules) * 1:56132 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:47236 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Prowli variant outbound connection (malware-cnc.rules) * 1:37071 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37072 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37074 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37075 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter integer overflow attempt (file-flash.rules) * 1:37081 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:37082 <-> DISABLED <-> FILE-FLASH Adobe Flash Player String length heap buffer overflow attempt (file-flash.rules) * 1:47242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:37085 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:37086 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byte array memory corruption attempt (file-flash.rules) * 1:47678 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Torpplar variant outbound connection (malware-cnc.rules) * 1:37090 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37091 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PrintJob object use-after-free attempt (file-flash.rules) * 1:37092 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37094 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SoundURLStream memory corruption attempt (file-flash.rules) * 1:37105 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:37106 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip object use-after-free attempt (file-flash.rules) * 1:46252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:37109 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37110 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:37118 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:37119 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField filters use-after-free attempt (file-flash.rules) * 1:47241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mylobot additional payload download (malware-cnc.rules) * 1:37121 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:47006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SocketPlayer outbound connection (malware-cnc.rules) * 1:37123 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MP3 ID3 data parsing heap buffer overflow attempt (file-flash.rules) * 1:37128 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37129 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS2 setTransform use-after-free attempt (file-flash.rules) * 1:37135 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37136 <-> DISABLED <-> SERVER-WEBAPP Fireeye Java decompiler reflection remote code execution attempt (server-webapp.rules) * 1:37144 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SetSlot type confusion attempt (file-flash.rules) * 1:37157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37159 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SharedObject send stack buffer overflow attempt (file-flash.rules) * 1:37160 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37161 <-> DISABLED <-> FILE-FLASH Adobe Flash Player oversize source bitmap memory corruption attempt (file-flash.rules) * 1:37167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37168 <-> DISABLED <-> FILE-FLASH Adobe Flash Player URLStream use after free attempt (file-flash.rules) * 1:37169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37171 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37172 <-> DISABLED <-> FILE-FLASH Adobe Flash Player heap memory disclosure via custom valueOf handler attempt (file-flash.rules) * 1:37178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:37180 <-> DISABLED <-> FILE-FLASH Adobe Flash Player M3U8 parser logic memory corruption attempt (file-flash.rules) * 1:42915 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:37183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextFormat.tabStops use after free attempt (file-flash.rules) * 1:37205 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:47175 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:37206 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules) * 1:37208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37210 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules) * 1:37216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37218 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules) * 1:37237 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules) * 1:37247 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37248 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37249 <-> DISABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules) * 1:37259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel mso20win32client use after free attempt (file-office.rules) * 1:37265 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37266 <-> DISABLED <-> FILE-OFFICE Microsoft Office metafile conversion out of bounds read attempt (file-office.rules) * 1:37267 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:46989 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.MBRLock file download (malware-other.rules) * 1:44622 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:46372 <-> DISABLED <-> PUA-OTHER Moonify TLS client hello attempt (pua-other.rules) * 1:44338 <-> DISABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44430 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:46585 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:44621 <-> DISABLED <-> MALWARE-CNC Android Red Alert Trojan outbound connection (malware-cnc.rules) * 1:46490 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:46744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper malicious executable download attempt (malware-cnc.rules) * 1:45950 <-> DISABLED <-> PUA-OTHER Coinhive TLS client hello attempt (pua-other.rules) * 1:44431 <-> DISABLED <-> FILE-OFFICE Fin7 Maldoc campaign exploitation attempt (file-office.rules) * 1:45973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:45131 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:44969 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:45978 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB kernel heap memory leak attempt (os-windows.rules) * 1:46491 <-> DISABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:45682 <-> DISABLED <-> SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (server-other.rules) * 1:43901 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:47701 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Iniduoh variant outbound connection (malware-cnc.rules) * 1:37268 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:44885 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:37345 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:37347 <-> DISABLED <-> FILE-FLASH Adobe Flash Player improper display list handling memory corruption attempt (file-flash.rules) * 1:44360 <-> DISABLED <-> SERVER-WEBAPP Trend Micro proxy_controller.php command injection attempt (server-webapp.rules) * 1:37399 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader custom string length function memory corruption attempt (file-pdf.rules) * 1:37525 <-> DISABLED <-> SERVER-OTHER NTP arbitrary pidfile and driftfile overwrite attempt (server-other.rules) * 1:46135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krodown variant connection attempt (malware-cnc.rules) * 1:45904 <-> DISABLED <-> MALWARE-BACKDOOR CobaltStrike inbound beacon download (malware-backdoor.rules) * 1:37550 <-> DISABLED <-> EXPLOIT-KIT Nuclear landing page detected (exploit-kit.rules) * 1:45130 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:43912 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:45972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chafer malicious communication attempt (malware-cnc.rules) * 1:43406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:45772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT outbound reporting attempt (malware-cnc.rules) * 1:44903 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:37592 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:43455 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:43913 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Professional XPS2PDF memory corruption attempt (file-other.rules) * 1:44688 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules) * 1:43967 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Acrobat Professional EMF malformed EMR_POLYBEZIERTO16 out of bounds access attempt (file-multimedia.rules) * 1:45132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:44646 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.BadRabbit propagation via SVCCTL remote service attempt (malware-other.rules) * 1:37593 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel formula length heap corruption attempt (file-office.rules) * 1:45370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word docx subDocument file include attempt (file-office.rules) * 1:43625 <-> DISABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:44404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot malicious communication attempt (malware-cnc.rules) * 1:44017 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:43977 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:45162 <-> DISABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:46581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload malicious file download (malware-cnc.rules) * 1:45643 <-> DISABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules) * 1:43978 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:43993 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:45771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CannibalRAT initial outbound connection (malware-cnc.rules) * 1:44929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:45909 <-> DISABLED <-> MALWARE-CNC CobaltStrike trial version inbound beacon response (malware-cnc.rules) * 1:37600 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:46250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix outbound connection attempt (malware-cnc.rules) * 1:43790 <-> DISABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43994 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics engine memory corruption attempt (file-pdf.rules) * 1:45923 <-> DISABLED <-> EXPLOIT-KIT Terror EK dll download attempt (exploit-kit.rules) * 1:37601 <-> DISABLED <-> FILE-OFFICE Microsoft Powerpoint shape objects null pointer dereference memory corruption attempt (file-office.rules) * 1:37664 <-> DISABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37670 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37671 <-> DISABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules) * 1:37700 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37702 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37703 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37704 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37705 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37706 <-> DISABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules) * 1:37711 <-> DISABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules) * 1:37726 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37727 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37734 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37736 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37740 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37741 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules) * 1:37744 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37745 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextLine memory corruption attempt (file-flash.rules) * 1:37754 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37755 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules) * 1:37757 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37758 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid sourceRect copyPixels heap corruption attempt (file-flash.rules) * 1:37761 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle auxiliary method integer overflow attempt (file-flash.rules) * 1:37764 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData method memory corruption attempt (file-flash.rules) * 1:37770 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37771 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative custom getter use after free attempt (file-flash.rules) * 1:37774 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript constructor use after free attempt (file-flash.rules) * 1:37776 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player LoadVars use-after-free attempt (file-flash.rules) * 1:37783 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed Adobe Texture Format heap overflow attempt (file-flash.rules) * 1:37790 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative use after free attempt (file-flash.rules) * 1:37797 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37798 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle memory access violation attempt (file-flash.rules) * 1:37801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:37808 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:37824 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37825 <-> DISABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules) * 1:37938 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:38074 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38076 <-> DISABLED <-> BROWSER-IE Microsoft Edge CAsyncTpWorker Windows.Data.Pdf.dll object use after free attempt (browser-ie.rules) * 1:38101 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word wwlib.dll invalid pointer read attempt (file-office.rules) * 1:38165 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38169 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38170 <-> DISABLED <-> FILE-FLASH Adobe Flash Player hitTest BitmapData object integer overflow attempt (file-flash.rules) * 1:38175 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player texfield getter use after free attempt (file-flash.rules) * 1:38179 <-> DISABLED <-> FILE-FLASH Adobe Standalone Flash Player ASnative object use after free attempt (file-flash.rules) * 1:38182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AS3 multiple axis attributes integer overflow attempt (file-flash.rules) * 1:38191 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38197 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38198 <-> DISABLED <-> FILE-FLASH Adobe Flash Player recursion calls stack overflow attempt (file-flash.rules) * 1:38207 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38208 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MPD use-after-free attempt (file-flash.rules) * 1:38211 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38212 <-> DISABLED <-> FILE-PDF Adobe Reader JPEG 2000 chrominance subsampling memory corruption attempt (file-pdf.rules) * 1:38215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38216 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData.paletteMap size mismatch integer overflow attempt (file-flash.rules) * 1:38219 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free attempt (file-flash.rules) * 1:38220 <-> DISABLED <-> FILE-FLASH Adobe Flash Player use after free (file-flash.rules) * 1:38223 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader annotation oversized array memory corruption attempt (file-pdf.rules) * 1:38239 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38241 <-> DISABLED <-> FILE-FLASH Adobe Flash Player rectangle width integer overflow attempt (file-flash.rules) * 1:38286 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager actserver stack buffer overflow attempt (server-webapp.rules) * 1:38287 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager akey stack buffer overflow attempt (server-webapp.rules) * 1:38288 <-> DISABLED <-> SERVER-WEBAPP Reprise License Manager licfile stack buffer overflow attempt (server-webapp.rules) * 1:38327 <-> DISABLED <-> MALWARE-BACKDOOR ReGeorg proxy read attempt (malware-backdoor.rules) * 1:38405 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38406 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Transform Class Matrix AS2 use after free attempt (file-flash.rules) * 1:38409 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38410 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG-XR decode buffer overflow attempt (file-flash.rules) * 1:38413 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:38415 <-> DISABLED <-> FILE-FLASH Adobe Flash Player NetConnection to ColorMatrixFilter object type confusion attempt (file-flash.rules) * 1:43048 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:38425 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ExportAssets count memory corruption attempt (file-flash.rules) * 1:38430 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38433 <-> DISABLED <-> FILE-FLASH Adobe Flash Player toString type confusion memory corruption attempt (file-flash.rules) * 1:38481 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38482 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel msxml6 ParseElementN use after free attempt (file-office.rules) * 1:38577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules) * 1:38593 <-> DISABLED <-> EXPLOIT-KIT Nuclear Exploit Kit back end communications attempt (exploit-kit.rules) * 1:38631 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38632 <-> DISABLED <-> FILE-FLASH Angler exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38635 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38636 <-> DISABLED <-> FILE-FLASH Nuclear exploit kit Adobe Flash SWF exploit download (file-flash.rules) * 1:38729 <-> DISABLED <-> SERVER-OTHER Mediabridge Medialink MWN-WAPR300N and Tenda N3 Wireless N150 inbound admin attempt (server-other.rules) * 1:38772 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMF file integer overflow attempt (browser-ie.rules) * 1:38782 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38830 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38832 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ContentFactory memory corruption attempt (file-flash.rules) * 1:38841 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VBScript toString redim array use after free attempt (browser-ie.rules) * 1:38881 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:43169 <-> DISABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43221 <-> DISABLED <-> MALWARE-OTHER Win.Trojan-Downloader.Jadtree GET request of RAR file to server (malware-other.rules) * 1:49788 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zacinlo outbound connection (malware-cnc.rules) * 1:49255 <-> DISABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules) * 1:49311 <-> DISABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules) * 1:49376 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:38883 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38972 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38973 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38974 <-> DISABLED <-> FILE-FLASH Adobe Flash Player OpportunityGenerator.update memory corruption attempt (file-flash.rules) * 1:38980 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38981 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode stream use after free attempt (file-pdf.rules) * 1:38996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:38998 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addProperty use after free attempt (file-flash.rules) * 1:39009 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39010 <-> DISABLED <-> FILE-FLASH Adobe Flash Player setMetadata memory corruption attempt (file-flash.rules) * 1:39013 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39014 <-> DISABLED <-> FILE-PDF Adobe Reader CTJPEGDecoderReadNextTile out of bounds read attempt (file-pdf.rules) * 1:39015 <-> DISABLED <-> FILE-PDF Adobe Reader AcroForm dictionary object use after free attempt (file-pdf.rules) * 1:39019 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39020 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39022 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK use-after-free attempt (file-flash.rules) * 1:39024 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39025 <-> DISABLED <-> FILE-FLASH Adobe Flash Player selection.setFocus use after free attempt (file-flash.rules) * 1:39032 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39033 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASSetNative use-after-free attempt (file-flash.rules) * 1:39102 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39103 <-> DISABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39261 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:39272 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentFactory uninitialized pointer use attempt (file-flash.rules) * 1:39280 <-> DISABLED <-> FILE-FLASH Adobe Primetime SDK object type confusion overflow attempt (file-flash.rules) * 1:39285 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadSound use after free attempt (file-flash.rules) * 1:39288 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39290 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39298 <-> DISABLED <-> FILE-FLASH Adobe Flash player retrieveResolvers memory corruption attempt (file-flash.rules) * 1:39305 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:39319 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimOpportunityGenerator out of bounds memory access attempt (file-flash.rules) * 1:39398 <-> DISABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39402 <-> DISABLED <-> FILE-OTHER Symantec Antivirus ALPkOldFormatDecompressor out of bounds read attempt (file-other.rules) * 1:39441 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer overflow attempt (file-flash.rules) * 1:39457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:39505 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Edge text node table-cell use after free attempt (browser-ie.rules) * 1:39524 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39540 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39543 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39564 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TimedEvent memory corruption attempt (file-flash.rules) * 1:39685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tinba variant outbound connection (malware-cnc.rules) * 1:39687 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed embeded TTF file memory corruption attempt (file-pdf.rules) * 1:39690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ABRControlParameters access memory corruption attempt (file-flash.rules) * 1:39702 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MediaPlayerItemLoader out of bounds memory access attempt (file-flash.rules) * 1:39799 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:39824 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI emf file integer overflow attempt (os-windows.rules) * 1:39843 <-> DISABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39851 <-> DISABLED <-> INDICATOR-COMPROMISE Connection to malware sinkhole - CERT.PL (indicator-compromise.rules) * 1:39893 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:39894 <-> DISABLED <-> OS-LINUX Linux Kernel USBIP out of bounds write attempt (os-linux.rules) * 1:40075 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper out of bounds write attempt (file-office.rules) * 1:40102 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40103 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40104 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40105 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40116 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40117 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:40152 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DRMManager memory corruption attempt (file-flash.rules) * 1:40167 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:40178 <-> DISABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem sandbox escape attempt (file-flash.rules) * 1:40236 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40237 <-> DISABLED <-> FILE-PDF Adobe Reader embedded font out of bounds memory access attempt (file-pdf.rules) * 1:40312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules) * 1:40375 <-> DISABLED <-> OS-WINDOWS Microsoft Windows insecure BoundaryDescriptor privilege escalation attempt (os-windows.rules) * 1:40425 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI+ EMF buffer overread attempt (os-windows.rules) * 1:40503 <-> DISABLED <-> FILE-FLASH Adobe Flash Player QOSProvider use-after-free attempt (file-flash.rules) * 1:40706 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF cmap table parsing integer overflow attempt (file-other.rules) * 1:40717 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40718 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel LPenHelper use after free attempt (file-office.rules) * 1:40737 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK AdvertisingMetadata type confustion attempt (file-flash.rules) * 1:40743 <-> DISABLED <-> FILE-FLASH Adobe Flash Player AVSegmentedSource use after free attempt (file-flash.rules) * 1:40753 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit outbound communication (exploit-kit.rules) * 1:40813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40814 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Silverlight GetChar out of bounds read attempt (browser-plugins.rules) * 1:40934 <-> DISABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules) * 1:40957 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40958 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel security descriptor out of bounds read attempt (file-office.rules) * 1:40959 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40983 <-> DISABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:41003 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK out of bounds read attempt (file-flash.rules) * 1:41015 <-> DISABLED <-> FILE-FLASH Acrobat Flash WorkerDomain memory corruption attempt (file-flash.rules) * 1:41026 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard remote code execution attempt (server-webapp.rules) * 1:41310 <-> DISABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules) * 1:41344 <-> DISABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41358 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK ShimContentResolver memory corruption attempt (file-flash.rules) * 1:41515 <-> DISABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:41516 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux file existence test attempt (server-webapp.rules) * 1:41521 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41565 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41601 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:47148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif malicious file download (malware-cnc.rules) * 1:41602 <-> DISABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41624 <-> DISABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41630 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41681 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules) * 1:41783 <-> ENABLED <-> EXPLOIT-KIT Rig exploit kit URL outbound communication (exploit-kit.rules) * 1:41818 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41819 <-> DISABLED <-> SERVER-APACHE Apache Struts remote code execution attempt (server-apache.rules) * 1:41976 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:47556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PLEAD downloader outbound connection (malware-cnc.rules) * 1:42097 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42150 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42161 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42222 <-> DISABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42372 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42373 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42374 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42375 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42376 <-> ENABLED <-> POLICY-OTHER eicar file detected (policy-other.rules) * 1:42810 <-> DISABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:56133 <-> ENABLED <-> BROWSER-CHROME Google Chrome PNG in TTF parsing heap overflow attempt (browser-chrome.rules) * 1:42811 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42816 <-> DISABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:42902 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42904 <-> DISABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42911 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> DISABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
