VRT Rules 2015-04-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-multimedia, file-other, indicator-obfuscation, indicator-shellcode, malware-cnc, protocol-ftp, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-04-28 14:38:55 UTC

Snort Subscriber Rules Update

Date: 2015-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34213 <-> DISABLED <-> SERVER-WEBAPP WordPress overly large password class-phpass.php denial of service attempt (server-webapp.rules)
 * 1:34214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules)
 * 1:34216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34218 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lazyshare.net - Win.Trojan.Nanocore (blacklist.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection attempt (malware-cnc.rules)
 * 1:34267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34255 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34256 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34252 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34251 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34249 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34250 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34247 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection attempt (malware-cnc.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules)
 * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules)
 * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34230 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34229 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34228 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules)
 * 1:34223 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34194 <-> ENABLED <-> SERVER-WEBAPP RevSlider information disclosure attempt (server-webapp.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34275 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34248 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34272 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34273 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34268 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34274 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34269 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)

Modified Rules:


 * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules)
 * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:26777 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)

2015-04-28 14:38:55 UTC

Snort Subscriber Rules Update

Date: 2015-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34213 <-> DISABLED <-> SERVER-WEBAPP WordPress overly large password class-phpass.php denial of service attempt (server-webapp.rules)
 * 1:34214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules)
 * 1:34216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34217 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34218 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lazyshare.net - Win.Trojan.Nanocore (blacklist.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection attempt (malware-cnc.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34230 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34229 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34228 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules)
 * 1:34223 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34194 <-> ENABLED <-> SERVER-WEBAPP RevSlider information disclosure attempt (server-webapp.rules)
 * 1:34195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules)
 * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules)
 * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection attempt (malware-cnc.rules)
 * 1:34247 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34248 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34249 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34250 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34251 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34252 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34255 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34256 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34275 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34273 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34274 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34272 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34268 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34269 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)

Modified Rules:


 * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules)
 * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:26777 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)

2015-04-28 14:38:55 UTC

Snort Subscriber Rules Update

Date: 2015-04-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34256 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34255 <-> ENABLED <-> FILE-FLASH Adobe Flash Player flash settings manager double free attempt (file-flash.rules)
 * 1:34254 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34253 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34252 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34251 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet denial of service attempt (file-flash.rules)
 * 1:34250 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34249 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34248 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34247 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text field mask use after free attempt (file-flash.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection attempt (malware-cnc.rules)
 * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34276 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Sound.extract integer overflow attempt (file-flash.rules)
 * 1:34275 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34274 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34273 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34272 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed pixel bytecode attempt (file-flash.rules)
 * 1:34271 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34270 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV tag datasize buffer overflow attempt (file-flash.rules)
 * 1:34269 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34268 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player AVC parser integer overflow attempt (file-multimedia.rules)
 * 1:34267 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AVC parser integer overflow attempt (file-flash.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules)
 * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow attempt (server-other.rules)
 * 1:34237 <-> DISABLED <-> PUA-ADWARE Eorezo get advertisement (pua-adware.rules)
 * 1:34236 <-> DISABLED <-> PUA-ADWARE Eorezo outbound connection (pua-adware.rules)
 * 1:34235 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34234 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34233 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34232 <-> DISABLED <-> FILE-FLASH Adobe Flash Player potential information disclosure attempt (file-flash.rules)
 * 1:34231 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34230 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34229 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34228 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed CEA-708 packet arbitrary code execution attempt (file-flash.rules)
 * 1:34227 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34226 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple AV products evasion attempt (indicator-obfuscation.rules)
 * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules)
 * 1:34224 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit payload cmd_unix_reverse_perl (indicator-shellcode.rules)
 * 1:34223 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Yebot variant outbound connection (malware-cnc.rules)
 * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection attempt (malware-cnc.rules)
 * 1:34218 <-> ENABLED <-> BLACKLIST DNS request for known malware domain lazyshare.net - Win.Trojan.Nanocore (blacklist.rules)
 * 1:34217 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aytoke variant outbound connection (malware-cnc.rules)
 * 1:34216 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules)
 * 1:34214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Capimac variant outbound connection (malware-cnc.rules)
 * 1:34213 <-> DISABLED <-> SERVER-WEBAPP WordPress overly large password class-phpass.php denial of service attempt (server-webapp.rules)
 * 1:34212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34211 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34210 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34209 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34206 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34203 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34202 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34201 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34200 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34199 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34198 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34197 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34196 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34195 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34194 <-> ENABLED <-> SERVER-WEBAPP RevSlider information disclosure attempt (server-webapp.rules)
 * 1:34193 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34190 <-> ENABLED <-> FILE-FLASH Adobe Flash Player convolution filter use-after-free attempt (file-flash.rules)
 * 1:34189 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34188 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34187 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)
 * 1:34186 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuthorizedFeaturesLoader object memory corruption attempt (file-flash.rules)

Modified Rules:


 * 1:17131 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 parent style rendering arbitrary code execution (browser-ie.rules)
 * 1:17132 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access attempt (browser-ie.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:26777 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection attempt (malware-cnc.rules)
 * 1:33777 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33778 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33779 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33780 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33781 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33782 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33783 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33784 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33785 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33786 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33787 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33788 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33789 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33790 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33791 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33792 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33793 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33794 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33795 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33796 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33797 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33798 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33799 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33800 <-> DISABLED <-> SERVER-OTHER SSL export grade ciphersuite server negotiation attempt (server-other.rules)
 * 1:33801 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33802 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33803 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33804 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33805 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:33806 <-> DISABLED <-> SERVER-OTHER SSL request for export grade ciphersuite attempt (server-other.rules)
 * 1:34070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34071 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSVGMarkerElement use after free attempt (browser-ie.rules)
 * 1:34072 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34073 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CMetaElement use after free attempt (browser-ie.rules)
 * 1:34097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)
 * 1:34098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MSXML3 external entity injection attempt (browser-ie.rules)