Snort - Network Intrusion Detection & Prevention System

Talos Rules 2018-08-07

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-other, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2983

2018-08-07 14:09:24 UTC

Snort Subscriber Rules Update

Date: 2018-08-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47449 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47451 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:47450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47437 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server denial of service attempt (server-webapp.rules)
 * 1:47448 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47445 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47444 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules)
 * 1:47446 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47436 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID outbound connection (malware-cnc.rules)
 * 1:47440 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules)
 * 1:47441 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47434 <-> DISABLED <-> MALWARE-CNC Win.Coinminer.HiddenShock variant outbound connection (malware-cnc.rules)
 * 1:47435 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID payload download (malware-cnc.rules)
 * 1:47454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules)
 * 3:47432 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47428 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules)
 * 3:47430 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47442 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules)
 * 3:47433 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47443 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules)
 * 3:47456 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules)
 * 3:47457 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules)
 * 3:47431 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47429 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules)

Modified Rules:


 * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.XAgent outbound connection (malware-cnc.rules)
 * 1:46999 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47000 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47001 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47002 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)

2990

2018-08-07 14:09:24 UTC

Snort Subscriber Rules Update

Date: 2018-08-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47435 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID payload download (malware-cnc.rules)
 * 1:47436 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID outbound connection (malware-cnc.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules)
 * 1:47448 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47434 <-> DISABLED <-> MALWARE-CNC Win.Coinminer.HiddenShock variant outbound connection (malware-cnc.rules)
 * 1:47452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47451 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:47444 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47440 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules)
 * 1:47437 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server denial of service attempt (server-webapp.rules)
 * 1:47445 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47446 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47449 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47441 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules)
 * 1:47450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 3:47443 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules)
 * 3:47430 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47442 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules)
 * 3:47433 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47429 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules)
 * 3:47457 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules)
 * 3:47432 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47431 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47428 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules)
 * 3:47456 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules)

Modified Rules:


 * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.XAgent outbound connection (malware-cnc.rules)
 * 1:46999 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47000 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47001 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47002 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)

3000

2018-08-07 14:09:24 UTC

Snort Subscriber Rules Update

Date: 2018-08-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (snort3-policy-other.rules)
 * 1:47454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (snort3-malware-other.rules)
 * 1:47435 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID payload download (snort3-malware-cnc.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (snort3-file-pdf.rules)
 * 1:47445 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)
 * 1:47446 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)
 * 1:47436 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID outbound connection (snort3-malware-cnc.rules)
 * 1:47449 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)
 * 1:47444 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)
 * 1:47450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)
 * 1:47453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (snort3-malware-other.rules)
 * 1:47448 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)
 * 1:47434 <-> DISABLED <-> MALWARE-CNC Win.Coinminer.HiddenShock variant outbound connection (snort3-malware-cnc.rules)
 * 1:47451 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)
 * 1:47441 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (snort3-file-other.rules)
 * 1:47447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)
 * 1:47437 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server denial of service attempt (snort3-server-webapp.rules)
 * 1:47440 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (snort3-file-other.rules)
 * 1:47452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (snort3-malware-cnc.rules)

Modified Rules:


 * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.XAgent outbound connection (snort3-malware-cnc.rules)
 * 1:46999 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (snort3-indicator-compromise.rules)
 * 1:47000 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (snort3-indicator-compromise.rules)
 * 1:47001 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (snort3-indicator-compromise.rules)
 * 1:47002 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (snort3-indicator-compromise.rules)

29110

2018-08-07 14:09:24 UTC

Snort Subscriber Rules Update

Date: 2018-08-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47437 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server denial of service attempt (server-webapp.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:47434 <-> DISABLED <-> MALWARE-CNC Win.Coinminer.HiddenShock variant outbound connection (malware-cnc.rules)
 * 1:47450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47445 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47449 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47451 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47444 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47435 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID payload download (malware-cnc.rules)
 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47448 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47441 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules)
 * 1:47453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules)
 * 1:47446 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules)
 * 1:47440 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47436 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID outbound connection (malware-cnc.rules)
 * 3:47428 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules)
 * 3:47456 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules)
 * 3:47430 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47433 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47432 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47429 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules)
 * 3:47457 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules)
 * 3:47443 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules)
 * 3:47442 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules)
 * 3:47431 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)

Modified Rules:


 * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.XAgent outbound connection (malware-cnc.rules)
 * 1:46999 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47000 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47001 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47002 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)

29111

2018-08-07 14:09:24 UTC

Snort Subscriber Rules Update

Date: 2018-08-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:47445 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47444 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47441 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules)
 * 1:47440 <-> ENABLED <-> FILE-OTHER InPage reader remote code execution attemptt (file-other.rules)
 * 1:47439 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47438 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JBIG parsing out of bounds read attempt (file-pdf.rules)
 * 1:47437 <-> DISABLED <-> SERVER-WEBAPP Weblog Expert Web Server denial of service attempt (server-webapp.rules)
 * 1:47436 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID outbound connection (malware-cnc.rules)
 * 1:47435 <-> ENABLED <-> MALWARE-CNC Win.Dropper.IcedID payload download (malware-cnc.rules)
 * 1:47434 <-> DISABLED <-> MALWARE-CNC Win.Coinminer.HiddenShock variant outbound connection (malware-cnc.rules)
 * 1:47455 <-> DISABLED <-> POLICY-OTHER IntegraXor config change attempt (policy-other.rules)
 * 1:47454 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules)
 * 1:47453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Gorgon attempted download (malware-other.rules)
 * 1:47452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47451 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47449 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47448 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 1:47446 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gorgon outbound connection (malware-cnc.rules)
 * 3:47428 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules)
 * 3:47429 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0645 attack attempt (file-image.rules)
 * 3:47430 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47431 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47432 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47433 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2018-0644 attack attempt (file-image.rules)
 * 3:47442 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules)
 * 3:47443 <-> ENABLED <-> BROWSER-OTHER TRUFFLEHUNTER TALOS-2018-0647 attack attempt (browser-other.rules)
 * 3:47456 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules)
 * 3:47457 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2018-0646 attack attempt (file-office.rules)

Modified Rules:


 * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.XAgent outbound connection (malware-cnc.rules)
 * 1:46999 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47000 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47001 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)
 * 1:47002 <-> DISABLED <-> INDICATOR-COMPROMISE SettingContent-ms file type download attempt (indicator-compromise.rules)