VRT Rules 2014-06-26
This release adds and modifies rules in several categories.

The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-flash, file-multimedia, file-office, file-other, malware-cnc, malware-other, malware-tools, os-mobile, pua-adware, pua-toolbars and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2014-07-07 18:12:33 UTC

Sourcefire VRT Rules Update

Date: 2014-06-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2961.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection attempt (malware-cnc.rules)
 * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection attempt (malware-cnc.rules)
 * 1:31343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules)
 * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules)
 * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31331 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd command injection attempt (server-webapp.rules)
 * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules)
 * 1:31328 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31327 <-> ENABLED <-> BLACKLIST DNS request for known malware domain plus.zzinfor.cn - Win.Trojan.Rofin (blacklist.rules)
 * 1:31326 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a1.p2ptool.com - Win.Trojan.Rofin (blacklist.rules)
 * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound communication attempt (malware-cnc.rules)
 * 1:31318 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vividl.comze.com - Win.Trojan.Zediv (blacklist.rules)
 * 1:31317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection attempt (malware-cnc.rules)
 * 1:31316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection attempt (malware-cnc.rules)
 * 1:31315 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection attempt (malware-cnc.rules)
 * 1:31314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection attempt (malware-cnc.rules)
 * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules)
 * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)

Modified Rules:


 * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:20432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules)
 * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules)
 * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules)
 * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:27775 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules)
 * 1:30220 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:30937 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound PDF request (exploit-kit.rules)
 * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Win.Adware.MyWebSearch Toolbar funwebproducts variant outbound connection (pua-toolbars.rules)

2014-07-07 18:12:33 UTC

Sourcefire VRT Rules Update

Date: 2014-06-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2960.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules)
 * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules)
 * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules)
 * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection attempt (malware-cnc.rules)
 * 1:31315 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection attempt (malware-cnc.rules)
 * 1:31314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection attempt (malware-cnc.rules)
 * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection attempt (malware-cnc.rules)
 * 1:31318 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vividl.comze.com - Win.Trojan.Zediv (blacklist.rules)
 * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound communication attempt (malware-cnc.rules)
 * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31326 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a1.p2ptool.com - Win.Trojan.Rofin (blacklist.rules)
 * 1:31327 <-> ENABLED <-> BLACKLIST DNS request for known malware domain plus.zzinfor.cn - Win.Trojan.Rofin (blacklist.rules)
 * 1:31328 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd command injection attempt (server-webapp.rules)
 * 1:31331 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection attempt (malware-cnc.rules)
 * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection attempt (malware-cnc.rules)
 * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules)
 * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:20432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules)
 * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules)
 * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules)
 * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:27775 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules)
 * 1:30220 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:30937 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound PDF request (exploit-kit.rules)
 * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Win.Adware.MyWebSearch Toolbar funwebproducts variant outbound connection (pua-toolbars.rules)

2014-07-07 18:12:33 UTC

Sourcefire VRT Rules Update

Date: 2014-06-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2956.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:31352 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31349 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules)
 * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules)
 * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31329 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Zbot variant download attempt (malware-other.rules)
 * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection attempt (malware-cnc.rules)
 * 1:31315 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection attempt (malware-cnc.rules)
 * 1:31314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection attempt (malware-cnc.rules)
 * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules)
 * 1:31347 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31350 <-> ENABLED <-> FILE-FLASH Adobe AS3 simplified pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31313 <-> DISABLED <-> PUA-ADWARE Ticno Multibar installation attempt (pua-adware.rules)
 * 1:31317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection attempt (malware-cnc.rules)
 * 1:31318 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vividl.comze.com - Win.Trojan.Zediv (blacklist.rules)
 * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound communication attempt (malware-cnc.rules)
 * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:31326 <-> ENABLED <-> BLACKLIST DNS request for known malware domain a1.p2ptool.com - Win.Trojan.Rofin (blacklist.rules)
 * 1:31327 <-> ENABLED <-> BLACKLIST DNS request for known malware domain plus.zzinfor.cn - Win.Trojan.Rofin (blacklist.rules)
 * 1:31328 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31348 <-> ENABLED <-> FILE-FLASH Adobe AS3 pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31351 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection attempt (malware-cnc.rules)
 * 1:31353 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31354 <-> ENABLED <-> FILE-FLASH Adobe AS3 decompressed pcre assertion out of bounds corruption attempt (file-flash.rules)
 * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd command injection attempt (server-webapp.rules)
 * 1:31331 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules)
 * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31339 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31340 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller information disclosure attempt (server-webapp.rules)
 * 1:31341 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31342 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller password file disclosure attempt (server-webapp.rules)
 * 1:31343 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection attempt (malware-cnc.rules)
 * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:31345 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules)
 * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules)
 * 1:20432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules)
 * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules)
 * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules)
 * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:27775 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:28055 <-> DISABLED <-> OS-MOBILE Android ANDR.Trojan.FakeAV outbound communication attempt (os-mobile.rules)
 * 1:30220 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound payload request (exploit-kit.rules)
 * 1:30937 <-> ENABLED <-> EXPLOIT-KIT Nuclear exploit kit outbound PDF request (exploit-kit.rules)
 * 1:7567 <-> DISABLED <-> PUA-TOOLBARS Win.Adware.MyWebSearch Toolbar funwebproducts variant outbound connection (pua-toolbars.rules)