Talos Rules 2015-07-30
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-chrome, browser-plugins, file-multimedia, file-pdf, malware-backdoor, malware-cnc, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-07-30 15:33:06 UTC

Snort Subscriber Rules Update

Date: 2015-07-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
 * 1:35390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection attempt (malware-cnc.rules)
 * 1:35389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection attempt (malware-cnc.rules)
 * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
 * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules)
 * 1:35385 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35393 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules)
 * 1:35394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules)
 * 1:35400 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules)
 * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules)
 * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:30792 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30791 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:30790 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30793 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)

2015-07-30 15:33:06 UTC

Snort Subscriber Rules Update

Date: 2015-07-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection attempt (malware-cnc.rules)
 * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection attempt (malware-cnc.rules)
 * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules)
 * 1:35385 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35393 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules)
 * 1:35394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules)
 * 1:35400 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules)
 * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules)
 * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
 * 1:35416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)

Modified Rules:


 * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:30791 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30790 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30792 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30793 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)

2015-07-30 15:33:06 UTC

Snort Subscriber Rules Update

Date: 2015-07-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection attempt (malware-cnc.rules)
 * 1:35389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection attempt (malware-cnc.rules)
 * 1:35390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules)
 * 1:35385 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35393 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules)
 * 1:35394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules)
 * 1:35400 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules)
 * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules)
 * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
 * 1:35388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)

Modified Rules:


 * 1:30793 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:30790 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30791 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30792 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)

2015-07-30 15:33:06 UTC

Snort Subscriber Rules Update

Date: 2015-07-30

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules)
 * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
 * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
 * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules)
 * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules)
 * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules)
 * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35400 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules)
 * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules)
 * 1:35394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35393 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules)
 * 1:35392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules)
 * 1:35388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection attempt (malware-cnc.rules)
 * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection attempt (malware-cnc.rules)
 * 1:35385 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules)

Modified Rules:


 * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
 * 1:30790 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30791 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30792 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:30793 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules)
 * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
 * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)