VRT Rules 2015-02-17
This release adds and modifies rules in several categories.

The VRT has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-plugins, deleted, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, malware-cnc, malware-other, os-windows, policy-other, protocol-scada, pua-adware, pua-toolbars, server-mail, server-other and sql rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-02-17 21:44:42 UTC

Sourcefire VRT Rules Update

Date: 2015-02-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33546 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Decompressed File object type confusion attempt (file-flash.rules)
 * 1:33544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33543 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules)
 * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:33534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:33486 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules)
 * 1:33504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules)
 * 1:33511 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules)
 * 1:33521 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33484 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules)
 * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:33505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules)
 * 1:33510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules)
 * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:33507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules)
 * 1:33496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33512 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33480 <-> ENABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules)
 * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (server-webapp.rules)
 * 1:33519 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - ALIZER (blacklist.rules)
 * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules)
 * 1:33503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules)
 * 1:33501 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules)
 * 1:33523 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33485 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules)
 * 1:33498 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules)
 * 1:33500 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules)
 * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules)
 * 1:33490 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules)
 * 1:33487 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules)
 * 1:33509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33489 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (deleted.rules)
 * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules)
 * 1:33488 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (deleted.rules)
 * 1:33491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules)
 * 1:33520 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33522 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - DNS Changer (blacklist.rules)
 * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules)
 * 1:33482 <-> ENABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules)
 * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:33497 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules)
 * 1:33513 <-> ENABLED <-> BLACKLIST USER-AGENT known malicous user agent string - XAgent - Operation Pawn Storm (blacklist.rules)
 * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33524 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules)
 * 1:33536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Decompressed File object type confusion attempt (file-flash.rules)
 * 1:33537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules)
 * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules)
 * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules)
 * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules)
 * 1:33541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules)

Modified Rules:


 * 1:23880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules)
 * 1:23881 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23884 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules)
 * 1:23891 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23892 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23964 <-> ENABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules)
 * 1:23965 <-> ENABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules)
 * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24149 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules)
 * 1:24153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules)
 * 1:24155 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules)
 * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:24364 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24367 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24570 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24573 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24581 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24584 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24585 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24650 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24672 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules)
 * 1:24762 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24809 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24811 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24882 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24896 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24915 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules)
 * 1:24981 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24990 <-> ENABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24992 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24993 <-> ENABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules)
 * 1:25228 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules)
 * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules)
 * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules)
 * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25460 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader incomplete JP2K image geometry exploit attempt (file-pdf.rules)
 * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25475 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules)
 * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25834 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flashplayer sortOn heap overflow attempt (file-flash.rules)
 * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules)
 * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules)
 * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules)
 * 1:26496 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:26899 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager fakedriver exploit attempt (browser-plugins.rules)
 * 1:26900 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager exploit attempt (browser-plugins.rules)
 * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules)
 * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules)
 * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules)
 * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules)
 * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules)
 * 1:33392 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33388 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33390 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33386 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33384 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33380 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33269 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33092 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FlashUtil memory corruption attempt (file-flash.rules)
 * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules)
 * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32897 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)
 * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)
 * 1:32896 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32822 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules)
 * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules)
 * 1:32785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules)
 * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules)
 * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules)
 * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (server-webapp.rules)
 * 1:32721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules)
 * 1:32701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32697 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32698 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32696 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32695 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules)
 * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32459 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer clipboardData unauthorized JavaScript read and write attempt (browser-ie.rules)
 * 1:32461 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPtsTextParaclient out of bounds error remote code execution attempt (browser-ie.rules)
 * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules)
 * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Word fcPlfguidUim out-of-bounds attempt (file-office.rules)
 * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules)
 * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Word fcPlfguidUim out-of-bounds attempt (file-office.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:32431 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHeaderElement object use-after-free remote code execution attempt (browser-ie.rules)
 * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules)
 * 1:32245 <-> ENABLED <-> SERVER-OTHER Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (server-other.rules)
 * 1:32246 <-> ENABLED <-> SERVER-OTHER Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (server-other.rules)
 * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules)
 * 1:32158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules)
 * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules)
 * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules)
 * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules)
 * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules)
 * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules)
 * 1:28689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:28690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:28712 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28713 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28714 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28715 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules)
 * 1:28903 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28908 <-> ENABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules)
 * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:28962 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules)
 * 1:29000 <-> DISABLED <-> SERVER-WEBAPP Cisco EPC3925 cross site request forgery attempt (server-webapp.rules)
 * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules)
 * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules)
 * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules)
 * 1:29097 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:29098 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (browser-plugins.rules)
 * 1:29099 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:29100 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:29101 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:29102 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (browser-plugins.rules)
 * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29410 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules)
 * 1:29527 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29574 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29575 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29576 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29577 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:29617 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules)
 * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules)
 * 1:29668 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos deleted object access attempt (browser-ie.rules)
 * 1:29681 <-> ENABLED <-> BROWSER-PLUGINS Microsoft XML Core Services same origin policy bypass attempt (browser-plugins.rules)
 * 1:29710 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer fontFamily attribute deleted object access memory corruption attempt (browser-ie.rules)
 * 1:29742 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules)
 * 1:29933 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules)
 * 1:29934 <-> ENABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules)
 * 1:29955 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting (server-webapp.rules)
 * 1:29956 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget POST request cross-site scripting (server-webapp.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:30145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ruby text tag heap-based buffer overflow attempt (browser-ie.rules)
 * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules)
 * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules)
 * 1:30320 <-> ENABLED <-> BLACKLIST Connection to malware sinkhole (blacklist.rules)
 * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules)
 * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules)
 * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt (browser-ie.rules)
 * 1:31285 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31389 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer improper object cast memory corruption attempt (browser-ie.rules)
 * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules)
 * 1:31582 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules)
 * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules)
 * 1:31583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules)
 * 1:31585 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt (browser-ie.rules)
 * 1:31610 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:31611 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules)
 * 1:31630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup insertMarquee use after free attempt (browser-ie.rules)
 * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules)
 * 1:31671 <-> ENABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules)
 * 1:31685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules)
 * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31707 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules)
 * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules)
 * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules)
 * 1:31750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules)
 * 1:31800 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell Use After Free exploit attempt (browser-ie.rules)
 * 1:31810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer integer overflow exploit attempt (browser-ie.rules)
 * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules)
 * 1:23867 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules)
 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:33463 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:33462 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:33461 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules)
 * 1:33402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33400 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:23865 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules)
 * 1:33396 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:23871 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:15481 <-> ENABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:19257 <-> ENABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules)
 * 1:14037 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:14038 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:13679 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules)
 * 1:18768 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:16289 <-> ENABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:23611 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:33394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:23869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23875 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules)
 * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TrueType font corrupt header attempt (file-pdf.rules)
 * 1:24365 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24511 <-> ENABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules)
 * 1:24582 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24703 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24986 <-> ENABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:25298 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules)
 * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules)
 * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25833 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules)
 * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:26665 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules)
 * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules)
 * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules)
 * 1:27742 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules)
 * 1:27743 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules)
 * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:27754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:28126 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX clsid access (browser-plugins.rules)
 * 1:28127 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX function call access (browser-plugins.rules)
 * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules)
 * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules)
 * 1:28495 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand CTreePos memory corruption attempt (browser-ie.rules)
 * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)

2015-02-17 21:44:42 UTC

Sourcefire VRT Rules Update

Date: 2015-02-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33546 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33545 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33544 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33543 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Equation outbound connection (malware-cnc.rules)
 * 1:33542 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules)
 * 1:33541 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Compressed File object type confusion attempt (file-flash.rules)
 * 1:33540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Decompressed File object type confusion attempt (file-flash.rules)
 * 1:33539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Decompressed File object type confusion attempt (file-flash.rules)
 * 1:33538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:33537 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules)
 * 1:33536 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:33535 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE control character - possible denial of service attempt (file-flash.rules)
 * 1:33534 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:33533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE control character denial of service attempt (file-flash.rules)
 * 1:33532 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules)
 * 1:33531 <-> DISABLED <-> PUA-ADWARE MediaBuzz malvertising browser redirect attempt (pua-adware.rules)
 * 1:33530 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33529 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33528 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33527 <-> DISABLED <-> FILE-FLASH Adobe Flash Player PCRE library out of bounds memory access attempt (file-flash.rules)
 * 1:33526 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules)
 * 1:33525 <-> DISABLED <-> FILE-OTHER Apple OSX Safari format string validation corruption attempt (file-other.rules)
 * 1:33524 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33523 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSChanger variant outbound connection (malware-cnc.rules)
 * 1:33522 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - DNS Changer (blacklist.rules)
 * 1:33521 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:33520 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy inbound CNC response (malware-cnc.rules)
 * 1:33519 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - ALIZER (blacklist.rules)
 * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (server-webapp.rules)
 * 1:33513 <-> ENABLED <-> BLACKLIST USER-AGENT known malicous user agent string - XAgent - Operation Pawn Storm (blacklist.rules)
 * 1:33512 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33511 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SWF buffer overflow attempt (file-flash.rules)
 * 1:33508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules)
 * 1:33507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules)
 * 1:33506 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules)
 * 1:33505 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of scope newclass memory corruption attempt (file-flash.rules)
 * 1:33504 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules)
 * 1:33503 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules)
 * 1:33502 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules)
 * 1:33501 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel use after free attempt (file-flash.rules)
 * 1:33500 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules)
 * 1:33499 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules)
 * 1:33498 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules)
 * 1:33497 <-> ENABLED <-> FILE-FLASH Adobe Flash Player extended BitmapFilter class denial of service attempt (file-flash.rules)
 * 1:33496 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda variant outbound connection (malware-cnc.rules)
 * 1:33495 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:33494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:33493 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:33492 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules)
 * 1:33491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules)
 * 1:33490 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (file-flash.rules)
 * 1:33489 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (deleted.rules)
 * 1:33488 <-> DISABLED <-> DELETED FILE-FLASH Adobe Flash Player Ovector out of bounds stack corruption attempt (deleted.rules)
 * 1:33487 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules)
 * 1:33486 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules)
 * 1:33485 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules)
 * 1:33484 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLRequestHeaders null pointer dereference denial of service attempt (file-flash.rules)
 * 1:33483 <-> ENABLED <-> PUA-ADWARE Win.Adware.InstallMonster variant outbound connection (pua-adware.rules)
 * 1:33482 <-> ENABLED <-> MALWARE-CNC Win.Worm.Enosch variant outbound connection (malware-cnc.rules)
 * 1:33481 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Xnote outbound connection (malware-cnc.rules)
 * 1:33480 <-> ENABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules)
 * 1:33479 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules)

Modified Rules:


 * 1:7070 <-> DISABLED <-> POLICY-OTHER script tag in URI - likely cross-site scripting attempt (policy-other.rules)
 * 1:33463 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:33462 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:33461 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:33452 <-> ENABLED <-> PUA-TOOLBARS Win.Toolbar.Crossrider variant outbound connection (pua-toolbars.rules)
 * 1:33429 <-> DISABLED <-> POLICY-OTHER Microsoft Windows SMB potential group policy fallback exploit attempt (policy-other.rules)
 * 1:33410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33408 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33402 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33400 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33398 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33396 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33392 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33390 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33388 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33386 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33384 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33380 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33374 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33372 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33370 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33368 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules)
 * 1:33270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33269 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33268 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array uncompress information disclosure attempt (file-flash.rules)
 * 1:33177 <-> ENABLED <-> FILE-FLASH Adobe Flash AWM2 out of bounds corruption attempt (file-flash.rules)
 * 1:33092 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FlashUtil memory corruption attempt (file-flash.rules)
 * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32897 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)
 * 1:32896 <-> ENABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)
 * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32822 <-> ENABLED <-> FILE-PDF Cross Domain potentially malicious redirection attempt (file-pdf.rules)
 * 1:32785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules)
 * 1:32784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player parseFloat stack overflow remote code execution attempt (file-flash.rules)
 * 1:32752 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules)
 * 1:32751 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed pushcode type confusion remote code execution attempt (file-flash.rules)
 * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (server-webapp.rules)
 * 1:32721 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer element type confusion use after free attempt (browser-ie.rules)
 * 1:32702 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32701 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32700 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32699 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32698 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32697 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32696 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32695 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG stack information disclosure attempt (browser-ie.rules)
 * 1:32576 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32575 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32571 <-> ENABLED <-> FILE-FLASH Adobe Flash Player string concatenation integer overflow attempt (file-flash.rules)
 * 1:32545 <-> ENABLED <-> FILE-FLASH Adobe Flash Player HTML focus with no data denial of service attempt (file-flash.rules)
 * 1:32539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 regular expression grouping depth denial of service attempt (file-flash.rules)
 * 1:32461 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CPtsTextParaclient out of bounds error remote code execution attempt (browser-ie.rules)
 * 1:32459 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer clipboardData unauthorized JavaScript read and write attempt (browser-ie.rules)
 * 1:32435 <-> DISABLED <-> FILE-OFFICE Microsoft Word fcPlfguidUim out-of-bounds attempt (file-office.rules)
 * 1:32434 <-> DISABLED <-> FILE-OFFICE Microsoft Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules)
 * 1:32433 <-> DISABLED <-> FILE-OFFICE Microsoft Word fcPlfguidUim out-of-bounds attempt (file-office.rules)
 * 1:32432 <-> DISABLED <-> FILE-OFFICE Microsoft Word lcbPlcffndTxt out-of-bounds attempt (file-office.rules)
 * 1:32431 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHeaderElement object use-after-free remote code execution attempt (browser-ie.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:32260 <-> ENABLED <-> MALWARE-OTHER Sinkhole reply - irc-sinkhole.cert.pl (malware-other.rules)
 * 1:32246 <-> ENABLED <-> SERVER-OTHER Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (server-other.rules)
 * 1:32245 <-> ENABLED <-> SERVER-OTHER Samsung iPOLiS device manager possible FindConfigChildeKeyList buffer overflow attempt (server-other.rules)
 * 1:32158 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules)
 * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules)
 * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules)
 * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules)
 * 1:32098 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D format Line Set Continuation out-of-bounds memory access attempt (file-pdf.rules)
 * 1:31842 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules)
 * 1:31841 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-file-access security bypass attempt (file-flash.rules)
 * 1:31810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer integer overflow exploit attempt (browser-ie.rules)
 * 1:31800 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTableCell Use After Free exploit attempt (browser-ie.rules)
 * 1:31750 <-> ENABLED <-> FILE-FLASH Adobe Flash Player marshallException through JavaScript XSS attempt (file-flash.rules)
 * 1:31733 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MMgc use-after-free attempt (file-flash.rules)
 * 1:31724 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory leak ASLR bypass attempt (file-flash.rules)
 * 1:31707 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules)
 * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31685 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-origin security policy bypass attempt (file-flash.rules)
 * 1:31671 <-> ENABLED <-> FILE-OTHER Symantec Endpoint Protection Sysplant kernel pool overflow exploit attempt (file-other.rules)
 * 1:31633 <-> DISABLED <-> MALWARE-CNC Noniem.A outbound connection (malware-cnc.rules)
 * 1:31630 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMarkup insertMarquee use after free attempt (browser-ie.rules)
 * 1:31613 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded PRC stream NULL dereference denial of service attempt (file-pdf.rules)
 * 1:31611 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:31610 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer cloneNode for loop remote code execution attempt (browser-ie.rules)
 * 1:31585 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt (browser-ie.rules)
 * 1:31583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules)
 * 1:31582 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer OnMove Use After Free exploit attempt (browser-ie.rules)
 * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules)
 * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:31512 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:31389 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer improper object cast memory corruption attempt (browser-ie.rules)
 * 1:31356 <-> ENABLED <-> SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt (server-webapp.rules)
 * 1:31336 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31335 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 9 ActiveX clsid access (browser-plugins.rules)
 * 1:31334 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31333 <-> DISABLED <-> BROWSER-PLUGINS IBM iNotes version 8.5 ActiveX clsid access (browser-plugins.rules)
 * 1:31286 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31285 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt (file-flash.rules)
 * 1:31207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt (browser-ie.rules)
 * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules)
 * 1:31009 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader length-compute UTF-16 string buffer overflow attempt (file-pdf.rules)
 * 1:30991 <-> ENABLED <-> MALWARE-CNC Shiqiang Gang malicious XLS targeted attack detection (malware-cnc.rules)
 * 1:30760 <-> ENABLED <-> FILE-IDENTIFY ABC Music Notation file download request (file-identify.rules)
 * 1:30538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:30537 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:30320 <-> ENABLED <-> BLACKLIST Connection to malware sinkhole (blacklist.rules)
 * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules)
 * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules)
 * 1:30145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer ruby text tag heap-based buffer overflow attempt (browser-ie.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29956 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget POST request cross-site scripting (server-webapp.rules)
 * 1:29955 <-> DISABLED <-> SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting (server-webapp.rules)
 * 1:29934 <-> ENABLED <-> FILE-FLASH Adobe Flash regular expression grouping depth buffer overflow attempt (file-flash.rules)
 * 1:29933 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PCRE regexp out of bounds memory leak ASLR bypass attempt (file-flash.rules)
 * 1:29836 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript bytecode object type confusion information disclosure attempt (file-flash.rules)
 * 1:29742 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:29710 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer fontFamily attribute deleted object access memory corruption attempt (browser-ie.rules)
 * 1:29681 <-> ENABLED <-> BROWSER-PLUGINS Microsoft XML Core Services same origin policy bypass attempt (browser-plugins.rules)
 * 1:29668 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos deleted object access attempt (browser-ie.rules)
 * 1:29643 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules)
 * 1:29642 <-> ENABLED <-> MALWARE-OTHER Java FileDialog heap buffer overflow attempt (malware-other.rules)
 * 1:29617 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules)
 * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:29577 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29576 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29575 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29574 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules)
 * 1:29527 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules)
 * 1:29410 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules)
 * 1:29102 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (browser-plugins.rules)
 * 1:29101 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:29100 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:29099 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:29098 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX function call access (browser-plugins.rules)
 * 1:29097 <-> DISABLED <-> BROWSER-PLUGINS HP Application Lifecycle Management XGO.XGoCtrl ActiveX clsid access (browser-plugins.rules)
 * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules)
 * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules)
 * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules)
 * 1:29000 <-> DISABLED <-> SERVER-WEBAPP Cisco EPC3925 cross site request forgery attempt (server-webapp.rules)
 * 1:28962 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules)
 * 1:28927 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:28908 <-> ENABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules)
 * 1:28907 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28903 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28848 <-> ENABLED <-> MALWARE-OTHER Win.Backdoor.Tavdig download attempt (malware-other.rules)
 * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules)
 * 1:28715 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28714 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28713 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28712 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules)
 * 1:28690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:28689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules)
 * 1:28578 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader memory disclosure attempt (file-pdf.rules)
 * 1:28569 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules)
 * 1:28567 <-> ENABLED <-> FILE-FLASH Adobe Flash Player use after free race condition (file-flash.rules)
 * 1:28547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules)
 * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules)
 * 1:28503 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:28499 <-> ENABLED <-> FILE-OTHER Microsoft Word WordPerfect CSTYL border element stack overflow attempt (file-other.rules)
 * 1:28495 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand CTreePos memory corruption attempt (browser-ie.rules)
 * 1:28324 <-> ENABLED <-> PUA-ADWARE FakeAV runtime detection (pua-adware.rules)
 * 1:28301 <-> DISABLED <-> INDICATOR-SCAN User-Agent known malicious user-agent Masscan (indicator-scan.rules)
 * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:28127 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX function call access (browser-plugins.rules)
 * 1:28126 <-> DISABLED <-> BROWSER-PLUGINS WibuKey Runtime ActiveX clsid access (browser-plugins.rules)
 * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules)
 * 1:27787 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:27765 <-> ENABLED <-> FILE-JAVA Oracle Java ImagingLib buffer overflow attempt (file-java.rules)
 * 1:27754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (file-flash.rules)
 * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:27743 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules)
 * 1:27742 <-> DISABLED <-> BROWSER-PLUGINS EasyMail Objects Activex remote buffer overflow attempt (browser-plugins.rules)
 * 1:27732 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /jspspy.jsp (indicator-compromise.rules)
 * 1:27731 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /inback.jsp (indicator-compromise.rules)
 * 1:27729 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /Silic.jsp (indicator-compromise.rules)
 * 1:27730 <-> DISABLED <-> INDICATOR-COMPROMISE request for potential web shell - /css3.jsp (indicator-compromise.rules)
 * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules)
 * 1:27268 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript user-supplied PCM resampling integer overflow attempt (file-flash.rules)
 * 1:27266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player heap buffer overflow attempt (file-flash.rules)
 * 1:26983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player remote memory corruption attempt (file-flash.rules)
 * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:26900 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager exploit attempt (browser-plugins.rules)
 * 1:26899 <-> ENABLED <-> BROWSER-PLUGINS Java Applet sql.DriverManager fakedriver exploit attempt (browser-plugins.rules)
 * 1:26717 <-> ENABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:26688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed HTML text null dereference attempt (file-flash.rules)
 * 1:26665 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules)
 * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:26496 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules)
 * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules)
 * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules)
 * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules)
 * 1:26173 <-> ENABLED <-> FILE-FLASH Adobe Flashplayer sortOn heap overflow attempt (file-flash.rules)
 * 1:25835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript 3 integer overflow attempt (file-flash.rules)
 * 1:25834 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25833 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV crafted ADPCM stream heap overflow attempt (file-flash.rules)
 * 1:25537 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TTF parsing bad cmap format attempt (file-pdf.rules)
 * 1:25475 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:25469 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25468 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader structtreeroot children recursive call denial of service attempt (file-pdf.rules)
 * 1:25464 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25463 <-> ENABLED <-> FILE-PDF OpenType parsing buffer overflow attempt (file-pdf.rules)
 * 1:25460 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader incomplete JP2K image geometry exploit attempt (file-pdf.rules)
 * 1:25458 <-> ENABLED <-> INDICATOR-OBFUSCATION DOC header followed by PDF header (indicator-obfuscation.rules)
 * 1:25457 <-> ENABLED <-> INDICATOR-OBFUSCATION JPEG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25456 <-> ENABLED <-> INDICATOR-OBFUSCATION PNG header followed by PDF header (indicator-obfuscation.rules)
 * 1:25455 <-> ENABLED <-> INDICATOR-OBFUSCATION GIF header followed by PDF header (indicator-obfuscation.rules)
 * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules)
 * 1:25298 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules)
 * 1:25228 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox iframe and xul element reload crash attempt (browser-firefox.rules)
 * 1:24993 <-> ENABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules)
 * 1:24992 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DoInitAction invalid action overflow attempt (file-flash.rules)
 * 1:24990 <-> ENABLED <-> FILE-FLASH Adobe Flash Player specially invalid traits structure attempt (file-flash.rules)
 * 1:24983 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24986 <-> ENABLED <-> FILE-FLASH Adobe Flash Player index overflow attempt (file-flash.rules)
 * 1:24981 <-> ENABLED <-> FILE-FLASH Adobe Flash Player actionscript bytecode trait type null pointer dereference attempt (file-flash.rules)
 * 1:24915 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules)
 * 1:24896 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript bytecode symbolclass tag type confusion attempt (file-flash.rules)
 * 1:24892 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24893 <-> ENABLED <-> FILE-FLASH Action InitArray stack overflow attempt (file-flash.rules)
 * 1:24882 <-> ENABLED <-> FILE-FLASH Adobe Flash Player invalid JPEG index attempt (file-flash.rules)
 * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24811 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS2 privilege escalation attempt (file-flash.rules)
 * 1:24809 <-> ENABLED <-> FILE-FLASH Microsoft Internet Explorer premature unload of Flash plugin use after free attempt (file-flash.rules)
 * 1:24770 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24762 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24672 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules)
 * 1:24703 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24650 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF parsing counter overflow attempt (file-other.rules)
 * 1:24585 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24584 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24582 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX function call access (protocol-scada.rules)
 * 1:24581 <-> ENABLED <-> PROTOCOL-SCADA Broadwin WebAccess ActiveX clsid access (protocol-scada.rules)
 * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24573 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24570 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules)
 * 1:24511 <-> ENABLED <-> FILE-JAVA Oracle Java XGetSamplePtrFromSnd memory corruption attempt (file-java.rules)
 * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules)
 * 1:24415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player stsz box heap overflow attempt (file-flash.rules)
 * 1:24367 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed record stack exhaustion attempt (file-flash.rules)
 * 1:24364 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24365 <-> ENABLED <-> FILE-FLASH Adobe Flash null reference JIT compilation attempt (file-flash.rules)
 * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules)
 * 1:24155 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader free text annotation invalid IT value denial of service attempt (file-pdf.rules)
 * 1:24153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF bytecode memory corruption attempt (file-pdf.rules)
 * 1:24151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader TrueType font corrupt header attempt (file-pdf.rules)
 * 1:24149 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malicious charstring stream attempt (file-pdf.rules)
 * 1:24126 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24085 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24066 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24064 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24058 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24056 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24038 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24036 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24027 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24025 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24023 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:24021 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23965 <-> ENABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client arbitrary memory corruption attempt (protocol-scada.rules)
 * 1:23964 <-> ENABLED <-> PROTOCOL-SCADA BroadWin WebAccess Client format string exploit attempt (protocol-scada.rules)
 * 1:23892 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23891 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23884 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 encoding invalid symbol in dictionary segment (file-pdf.rules)
 * 1:23881 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules)
 * 1:23880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules)
 * 1:23875 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader postscript font execution malformed subroutine entries attempt (file-pdf.rules)
 * 1:23871 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23867 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid inline image attempt (file-pdf.rules)
 * 1:23865 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader invalid font WeightVector attempt (file-pdf.rules)
 * 1:23611 <-> ENABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules)
 * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:19257 <-> ENABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:18768 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules)
 * 1:16289 <-> ENABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules)
 * 1:15481 <-> ENABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:14038 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:14037 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13679 <-> DISABLED <-> BROWSER-PLUGINS IBiz EBanking Integrator ActiveX clsid access (browser-plugins.rules)