Talos Rules 2015-06-30
Talos is aware of vulnerabilities affecting products from Apple Inc.

Apple QuickTime CVE-2015-3667: A coding deficiency exists in Apple QuickTime that may lead to remote code execution.

Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, SIDs 35022 through 35023.

Talos has also added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-multimedia, file-office, indicator-obfuscation, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-06-30 17:14:29 UTC

Snort Subscriber Rules Update

Date: 2015-06-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35011 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35010 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35014 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXMLTrapsForVendor.php SQL injection attempt (server-webapp.rules)
 * 1:35012 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules)
 * 1:35015 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXmlTree.php SQL injection attempt (server-webapp.rules)
 * 1:35016 <-> ENABLED <-> SERVER-WEBAPP Centreon cmdGetExample.php SQL injection attempt (server-webapp.rules)
 * 1:34993 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:35023 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules)
 * 1:35022 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35013 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules)
 * 1:35017 <-> ENABLED <-> SERVER-WEBAPP Centreon makeXML_ListMetrics.php SQL injection attempt (server-webapp.rules)
 * 1:34994 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:34998 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection  (malware-cnc.rules)
 * 1:34999 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules)
 * 1:35000 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules)
 * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules)
 * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules)
 * 1:35005 <-> ENABLED <-> MALWARE-CNC win.trojan.xng outbound connection attempt (malware-cnc.rules)
 * 1:35006 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35007 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35008 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35009 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)

Modified Rules:


 * 1:10387 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX clsid access attempt (browser-plugins.rules)
 * 1:10389 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX function call access attempt (browser-plugins.rules)
 * 1:13631 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules)
 * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules)
 * 1:18247 <-> ENABLED <-> BLACKLIST User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (blacklist.rules)
 * 1:18458 <-> ENABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> ENABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules)
 * 1:23893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23903 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - you (blacklist.rules)
 * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:27625 <-> ENABLED <-> BLACKLIST DNS request for known malware domain documents.myPicture.info (blacklist.rules)
 * 1:27626 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ftp.documents.myPicture.info (blacklist.rules)
 * 1:27627 <-> ENABLED <-> BLACKLIST DNS request for known malware domain info.xxuz.com (blacklist.rules)
 * 1:27628 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.documents.myPicture.info (blacklist.rules)
 * 1:27629 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:32352 <-> ENABLED <-> SERVER-WEBAPP Centreon displayServiceStatus.php command injection attempt (server-webapp.rules)
 * 1:34990 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34992 <-> DISABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)

2015-06-30 17:14:29 UTC

Snort Subscriber Rules Update

Date: 2015-06-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35023 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules)
 * 1:35022 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35013 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules)
 * 1:35011 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35010 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35014 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXMLTrapsForVendor.php SQL injection attempt (server-webapp.rules)
 * 1:35012 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules)
 * 1:35015 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXmlTree.php SQL injection attempt (server-webapp.rules)
 * 1:35016 <-> ENABLED <-> SERVER-WEBAPP Centreon cmdGetExample.php SQL injection attempt (server-webapp.rules)
 * 1:35017 <-> ENABLED <-> SERVER-WEBAPP Centreon makeXML_ListMetrics.php SQL injection attempt (server-webapp.rules)
 * 1:34993 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:34994 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:34998 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection  (malware-cnc.rules)
 * 1:34999 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules)
 * 1:35000 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules)
 * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules)
 * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules)
 * 1:35005 <-> ENABLED <-> MALWARE-CNC win.trojan.xng outbound connection attempt (malware-cnc.rules)
 * 1:35006 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35007 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35008 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35009 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)

Modified Rules:


 * 1:10387 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX clsid access attempt (browser-plugins.rules)
 * 1:10389 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX function call access attempt (browser-plugins.rules)
 * 1:13631 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules)
 * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules)
 * 1:18247 <-> ENABLED <-> BLACKLIST User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (blacklist.rules)
 * 1:18458 <-> ENABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> ENABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules)
 * 1:23893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23903 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - you (blacklist.rules)
 * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:27625 <-> ENABLED <-> BLACKLIST DNS request for known malware domain documents.myPicture.info (blacklist.rules)
 * 1:27626 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ftp.documents.myPicture.info (blacklist.rules)
 * 1:27627 <-> ENABLED <-> BLACKLIST DNS request for known malware domain info.xxuz.com (blacklist.rules)
 * 1:27628 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.documents.myPicture.info (blacklist.rules)
 * 1:27629 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:32352 <-> ENABLED <-> SERVER-WEBAPP Centreon displayServiceStatus.php command injection attempt (server-webapp.rules)
 * 1:34990 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34992 <-> DISABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)

2015-06-30 17:14:29 UTC

Snort Subscriber Rules Update

Date: 2015-06-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35023 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules)
 * 1:35022 <-> ENABLED <-> FILE-MULTIMEDIA Apple Quicktime corrupt stbl atom out of bounds read attempt (file-multimedia.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35017 <-> ENABLED <-> SERVER-WEBAPP Centreon makeXML_ListMetrics.php SQL injection attempt (server-webapp.rules)
 * 1:35016 <-> ENABLED <-> SERVER-WEBAPP Centreon cmdGetExample.php SQL injection attempt (server-webapp.rules)
 * 1:35015 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXmlTree.php SQL injection attempt (server-webapp.rules)
 * 1:35014 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXMLTrapsForVendor.php SQL injection attempt (server-webapp.rules)
 * 1:35013 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules)
 * 1:35012 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode use-after-free attempt (browser-ie.rules)
 * 1:35011 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35010 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35009 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35008 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35007 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35006 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption attempt (server-webapp.rules)
 * 1:35005 <-> ENABLED <-> MALWARE-CNC win.trojan.xng outbound connection attempt (malware-cnc.rules)
 * 1:35004 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules)
 * 1:35003 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Malumpos malware download attempt (malware-other.rules)
 * 1:35002 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:35001 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:35000 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules)
 * 1:34999 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules)
 * 1:34998 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection  (malware-cnc.rules)
 * 1:34997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:34996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34994 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34993 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:10387 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX clsid access attempt (browser-plugins.rules)
 * 1:10389 <-> DISABLED <-> BROWSER-PLUGINS McAfee Site Manager ActiveX function call access attempt (browser-plugins.rules)
 * 1:13631 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules)
 * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules)
 * 1:18247 <-> ENABLED <-> BLACKLIST User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (blacklist.rules)
 * 1:18458 <-> ENABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> ENABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:23621 <-> DISABLED <-> INDICATOR-OBFUSCATION known packer routine with secondary obfuscation (indicator-obfuscation.rules)
 * 1:23893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23903 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - you (blacklist.rules)
 * 1:25565 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:25566 <-> DISABLED <-> BROWSER-PLUGINS Oracle AutoVue ActiveX control function call access attempt (browser-plugins.rules)
 * 1:26327 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Flashfake variant outbound connection (malware-cnc.rules)
 * 1:27625 <-> ENABLED <-> BLACKLIST DNS request for known malware domain documents.myPicture.info (blacklist.rules)
 * 1:27626 <-> ENABLED <-> BLACKLIST DNS request for known malware domain ftp.documents.myPicture.info (blacklist.rules)
 * 1:27627 <-> ENABLED <-> BLACKLIST DNS request for known malware domain info.xxuz.com (blacklist.rules)
 * 1:27628 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.documents.myPicture.info (blacklist.rules)
 * 1:27629 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27630 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:27631 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Aumlib variant outbound connection (malware-cnc.rules)
 * 1:32352 <-> ENABLED <-> SERVER-WEBAPP Centreon displayServiceStatus.php command injection attempt (server-webapp.rules)
 * 1:34990 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)
 * 1:34992 <-> DISABLED <-> MALWARE-OTHER Adobe Flash exploit download attempt - Group 6 (malware-other.rules)