Snort - Network Intrusion Detection & Prevention System

Talos Rules 2017-10-31

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, exploit-kit, file-office, file-other, indicator-obfuscation, malware-cnc, os-windows, policy-other, pua-adware, server-apache, server-MySQL and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2983

2017-10-31 14:08:22 UTC

Snort Subscriber Rules Update

Date: 2017-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44697 <-> DISABLED <-> MALWARE-CNC SquirrelMail directory traversal attempt (malware-cnc.rules)
 * 1:44700 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules)
 * 1:44682 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44696 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess MSRPC server integer overflow attempt (server-other.rules)
 * 1:44692 <-> DISABLED <-> INDICATOR-OBFUSCATION CoinHive cryptocurrency mining attempt (indicator-obfuscation.rules)
 * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules)
 * 1:44677 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44681 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:44668 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:44670 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:44683 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44669 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:44693 <-> DISABLED <-> INDICATOR-OBFUSCATION CoinHive cryptocurrency mining attempt (indicator-obfuscation.rules)
 * 1:44684 <-> DISABLED <-> SERVER-WEBAPP Kaltura userzone cookie PHP object injection attempt (server-webapp.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules)
 * 1:44701 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules)
 * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules)
 * 1:44689 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound communication (malware-cnc.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules)
 * 1:44675 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules)
 * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules)
 * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules)
 * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules)
 * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules)

Modified Rules:


 * 1:34332 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Oracle Java exploit download (exploit-kit.rules)
 * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules)
 * 1:37678 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules)
 * 1:42169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules)
 * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26275 <-> DISABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)
 * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:34331 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Microsoft SilverLight exploit download (exploit-kit.rules)
 * 1:32896 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:43481 <-> DISABLED <-> FILE-OTHER Vim modelines remote command execution attempt (file-other.rules)
 * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:44595 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)
 * 1:42170 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules)
 * 1:28436 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34330 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Flash exploit download (exploit-kit.rules)
 * 1:43482 <-> DISABLED <-> FILE-OTHER Vim modelines remote command execution attempt (file-other.rules)
 * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules)
 * 1:32897 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)

2990

2017-10-31 14:08:22 UTC

Snort Subscriber Rules Update

Date: 2017-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules)
 * 1:44696 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess MSRPC server integer overflow attempt (server-other.rules)
 * 1:44697 <-> DISABLED <-> MALWARE-CNC SquirrelMail directory traversal attempt (malware-cnc.rules)
 * 1:44701 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules)
 * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules)
 * 1:44700 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:44668 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:44669 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:44670 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules)
 * 1:44675 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules)
 * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules)
 * 1:44677 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules)
 * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules)
 * 1:44681 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:44682 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44683 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44684 <-> DISABLED <-> SERVER-WEBAPP Kaltura userzone cookie PHP object injection attempt (server-webapp.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules)
 * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules)
 * 1:44689 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound communication (malware-cnc.rules)
 * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules)
 * 1:44692 <-> DISABLED <-> INDICATOR-OBFUSCATION CoinHive cryptocurrency mining attempt (indicator-obfuscation.rules)
 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44693 <-> DISABLED <-> INDICATOR-OBFUSCATION CoinHive cryptocurrency mining attempt (indicator-obfuscation.rules)
 * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)

Modified Rules:


 * 1:32897 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)
 * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules)
 * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)
 * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules)
 * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules)
 * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:42169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules)
 * 1:37678 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules)
 * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules)
 * 1:34332 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Oracle Java exploit download (exploit-kit.rules)
 * 1:34330 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Flash exploit download (exploit-kit.rules)
 * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:44595 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:42170 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules)
 * 1:32896 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34331 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Microsoft SilverLight exploit download (exploit-kit.rules)
 * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:26275 <-> DISABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:43481 <-> DISABLED <-> FILE-OTHER Vim modelines remote command execution attempt (file-other.rules)
 * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:43482 <-> DISABLED <-> FILE-OTHER Vim modelines remote command execution attempt (file-other.rules)
 * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:28436 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)

29110

2017-10-31 14:08:22 UTC

Snort Subscriber Rules Update

Date: 2017-10-31

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44702 <-> DISABLED <-> POLICY-OTHER Inedo BuildMaster web server login with default credentials attempt (policy-other.rules)
 * 1:44701 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules)
 * 1:44700 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules)
 * 1:44699 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules)
 * 1:44698 <-> DISABLED <-> SERVER-WEBAPP Internal field separator use in HTTP URI attempt (server-webapp.rules)
 * 1:44697 <-> DISABLED <-> MALWARE-CNC SquirrelMail directory traversal attempt (malware-cnc.rules)
 * 1:44696 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess MSRPC server integer overflow attempt (server-other.rules)
 * 1:44695 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44694 <-> DISABLED <-> FILE-OFFICE Microsoft Office dde field code execution attempt (file-office.rules)
 * 1:44693 <-> DISABLED <-> INDICATOR-OBFUSCATION CoinHive cryptocurrency mining attempt (indicator-obfuscation.rules)
 * 1:44692 <-> DISABLED <-> INDICATOR-OBFUSCATION CoinHive cryptocurrency mining attempt (indicator-obfuscation.rules)
 * 1:44691 <-> DISABLED <-> PUA-ADWARE Win.Adware.Clover outbound connection (pua-adware.rules)
 * 1:44690 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:44689 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound communication (malware-cnc.rules)
 * 1:44688 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt (server-webapp.rules)
 * 1:44687 <-> ENABLED <-> SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt (server-webapp.rules)
 * 1:44686 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:44685 <-> DISABLED <-> SERVER-OTHER TVMOBiLi HttpUtils.dll denial of service attempt (server-other.rules)
 * 1:44684 <-> DISABLED <-> SERVER-WEBAPP Kaltura userzone cookie PHP object injection attempt (server-webapp.rules)
 * 1:44683 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44682 <-> DISABLED <-> SERVER-OTHER Novell GroupWise Post Office Agent heap overflow attempt (server-other.rules)
 * 1:44681 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:44680 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules)
 * 1:44679 <-> DISABLED <-> SERVER-OTHER Beetel Connection Manager username buffer overflow attempt (server-other.rules)
 * 1:44678 <-> DISABLED <-> POLICY-OTHER NetSupport Manager RAT outbound connection detected (policy-other.rules)
 * 1:44677 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:44676 <-> DISABLED <-> SERVER-OTHER Wireshark Sigcomp buffer overflow attempt (server-other.rules)
 * 1:44675 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules)
 * 1:44674 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query integer overflow attempt (server-mysql.rules)
 * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:44670 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:44669 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:44668 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:44667 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)

Modified Rules:


 * 1:32896 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:26275 <-> DISABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)
 * 1:44595 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26302 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:43482 <-> DISABLED <-> FILE-OTHER Vim modelines remote command execution attempt (file-other.rules)
 * 1:26303 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26304 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26305 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:26306 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:43481 <-> DISABLED <-> FILE-OTHER Vim modelines remote command execution attempt (file-other.rules)
 * 1:26307 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26308 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26309 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:43279 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess cross site scripting attempt (server-webapp.rules)
 * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:26311 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules)
 * 1:26312 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules)
 * 1:26313 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules)
 * 1:27810 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit redirection (exploit-kit.rules)
 * 1:42170 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules)
 * 1:28436 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:29444 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit flashplayer11 payload download (exploit-kit.rules)
 * 1:32894 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX clsid access attempt (browser-plugins.rules)
 * 1:32895 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)
 * 1:42169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer classid remote code execution attempt (browser-ie.rules)
 * 1:39908 <-> DISABLED <-> SERVER-APACHE Apache Tomcat Commons FileUpload library denial of service attempt (server-apache.rules)
 * 1:37678 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX clsid access attempt (browser-plugins.rules)
 * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules)
 * 1:34332 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Oracle Java exploit download (exploit-kit.rules)
 * 1:34331 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Microsoft SilverLight exploit download (exploit-kit.rules)
 * 1:34330 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Flash exploit download (exploit-kit.rules)
 * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules)
 * 1:32897 <-> DISABLED <-> BROWSER-PLUGINS HP Sprinter Tidestone ActiveX function call access attempt (browser-plugins.rules)