VRT Rules 2015-04-16
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-firefox, browser-plugins, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-other, indicator-obfuscation, malware-cnc, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2015-04-16 16:27:58 UTC

Snort Subscriber Rules Update

Date: 2015-04-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34130 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jamel100pirar.com.br - Win.Trojan.Banload (blacklist.rules)
 * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection attempt (malware-cnc.rules)
 * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules)
 * 1:34135 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules)
 * 1:34123 <-> ENABLED <-> SERVER-WEBAPP PHP php_date.c DateTimeZone data user after free attempt (server-webapp.rules)
 * 1:34124 <-> ENABLED <-> SERVER-WEBAPP PHP php_date.c DateTimeZone data user after free attempt (server-webapp.rules)
 * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules)
 * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules)
 * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules)
 * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules)
 * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules)
 * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules)
 * 1:34104 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)
 * 1:34105 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)
 * 1:34106 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)
 * 1:34107 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahoforaje.ru - Win.Trojan.Scarsi (blacklist.rules)
 * 1:34108 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:34109 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34110 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34111 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules)
 * 1:34113 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules)
 * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection attempt (malware-cnc.rules)
 * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection attempt (malware-cnc.rules)
 * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection attempt (malware-cnc.rules)
 * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection attempt (malware-cnc.rules)
 * 1:34133 <-> ENABLED <-> FILE-IMAGE Adobe Flash Player element array stack overflow attempt (file-image.rules)
 * 1:34134 <-> ENABLED <-> FILE-IMAGE Adobe Flash Player element array stack overflow attempt (file-image.rules)
 * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules)
 * 1:34136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)

Modified Rules:


 * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:23561 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules)
 * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom titl field attempt (file-multimedia.rules)
 * 1:28509 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules)
 * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules)
 * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)

2015-04-16 16:27:58 UTC

Snort Subscriber Rules Update

Date: 2015-04-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34124 <-> ENABLED <-> SERVER-WEBAPP PHP php_date.c DateTimeZone data user after free attempt (server-webapp.rules)
 * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules)
 * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules)
 * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules)
 * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules)
 * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules)
 * 1:34123 <-> ENABLED <-> SERVER-WEBAPP PHP php_date.c DateTimeZone data user after free attempt (server-webapp.rules)
 * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules)
 * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules)
 * 1:34104 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)
 * 1:34105 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)
 * 1:34106 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)
 * 1:34107 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahoforaje.ru - Win.Trojan.Scarsi (blacklist.rules)
 * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection attempt (malware-cnc.rules)
 * 1:34108 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:34109 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34110 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jamel100pirar.com.br - Win.Trojan.Banload (blacklist.rules)
 * 1:34111 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules)
 * 1:34113 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules)
 * 1:34130 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection attempt (malware-cnc.rules)
 * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection attempt (malware-cnc.rules)
 * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection attempt (malware-cnc.rules)
 * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection attempt (malware-cnc.rules)
 * 1:34133 <-> ENABLED <-> FILE-IMAGE Adobe Flash Player element array stack overflow attempt (file-image.rules)
 * 1:34134 <-> ENABLED <-> FILE-IMAGE Adobe Flash Player element array stack overflow attempt (file-image.rules)
 * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules)
 * 1:34136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:34135 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules)

Modified Rules:


 * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:23561 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom titl field attempt (file-multimedia.rules)
 * 1:28509 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules)
 * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules)
 * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules)
 * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)

2015-04-16 16:27:58 UTC

Snort Subscriber Rules Update

Date: 2015-04-16

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:34136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant MSSQL response (malware-cnc.rules)
 * 1:34135 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules)
 * 1:34134 <-> ENABLED <-> FILE-IMAGE Adobe Flash Player element array stack overflow attempt (file-image.rules)
 * 1:34133 <-> ENABLED <-> FILE-IMAGE Adobe Flash Player element array stack overflow attempt (file-image.rules)
 * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection attempt (malware-cnc.rules)
 * 1:34131 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:34130 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34129 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jamel100pirar.com.br - Win.Trojan.Banload (blacklist.rules)
 * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection attempt (malware-cnc.rules)
 * 1:34127 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules)
 * 1:34126 <-> DISABLED <-> PUA-ADWARE Vitruvian outbound connection (pua-adware.rules)
 * 1:34125 <-> DISABLED <-> PUA-ADWARE User-Agent Vitruvian (pua-adware.rules)
 * 1:34124 <-> ENABLED <-> SERVER-WEBAPP PHP php_date.c DateTimeZone data user after free attempt (server-webapp.rules)
 * 1:34123 <-> ENABLED <-> SERVER-WEBAPP PHP php_date.c DateTimeZone data user after free attempt (server-webapp.rules)
 * 1:34122 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting fetch offers stage status (pua-adware.rules)
 * 1:34121 <-> DISABLED <-> PUA-ADWARE InstallMetrix reporting binary installation stage status (pua-adware.rules)
 * 1:34120 <-> DISABLED <-> PUA-ADWARE InstallMetrix fetch offers stage outbound connection (pua-adware.rules)
 * 1:34119 <-> DISABLED <-> PUA-ADWARE InstallMetrix precheck stage outbound connection (pua-adware.rules)
 * 1:34118 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious javascript packer detected (indicator-obfuscation.rules)
 * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection attempt (malware-cnc.rules)
 * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection attempt (malware-cnc.rules)
 * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection attempt (malware-cnc.rules)
 * 1:34114 <-> DISABLED <-> SERVER-OTHER NTP mode 6 UNSETTRAP denial of service attempt (server-other.rules)
 * 1:34113 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent beacon reply attempt (malware-cnc.rules)
 * 1:34112 <-> DISABLED <-> SERVER-OTHER NTP mode 6 REQ_NONCE denial of service attempt (server-other.rules)
 * 1:34111 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chrozil variant outbound connection (malware-cnc.rules)
 * 1:34110 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34109 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox proxy prototype privileged javascript execution attempt (browser-firefox.rules)
 * 1:34108 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Scarsi variant outbound connection (malware-cnc.rules)
 * 1:34107 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ahoforaje.ru - Win.Trojan.Scarsi (blacklist.rules)
 * 1:34106 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)
 * 1:34105 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)
 * 1:34104 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:18685 <-> DISABLED <-> FILE-OFFICE RTF file with embedded OLE object (file-office.rules)
 * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom titl field attempt (file-multimedia.rules)
 * 1:23561 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules)
 * 1:28509 <-> DISABLED <-> FILE-OTHER Microsoft Wordpad embedded BMP overflow attempt (file-other.rules)
 * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules)
 * 1:31332 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit outbound URL structure (exploit-kit.rules)
 * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules)
 * 1:31701 <-> ENABLED <-> EXPLOIT-KIT Hanjuan exploit kit Silverlight exploit request (exploit-kit.rules)
 * 1:32817 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:32818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player corrupt MP4 video denial of service attempt (file-flash.rules)
 * 1:33100 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33101 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33102 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33103 <-> DISABLED <-> BROWSER-PLUGINS PTC IsoView ActiveX clsid access attempt (browser-plugins.rules)
 * 1:33166 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33167 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33168 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)
 * 1:33169 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Mobile Device Management remote code execution attempt (server-other.rules)