Talos Rules 2015-08-25
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-image, file-multimedia, file-office, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc, os-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2015-08-25 18:20:01 UTC

Snort Subscriber Rules Update

Date: 2015-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules)
 * 1:35746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35739 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules)
 * 1:35740 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt  (file-pdf.rules)
 * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection attempt (malware-cnc.rules)
 * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules)
 * 1:35731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:35709 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules)
 * 1:35708 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35629 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)
 * 1:35707 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules)
 * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules)
 * 1:35761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules)
 * 1:35760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules)
 * 1:35755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35751 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules)
 * 1:35752 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules)
 * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection attempt (malware-cnc.rules)
 * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection attempt (malware-cnc.rules)
 * 1:35747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35768 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules)
 * 1:35769 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike inbound connection  (malware-cnc.rules)
 * 1:35771 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35770 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike outbound connection  (malware-cnc.rules)
 * 1:35772 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35767 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules)
 * 1:35628 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)
 * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules)
 * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules)
 * 1:35762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)

Modified Rules:


 * 1:24090 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules)
 * 1:28852 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules)
 * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules)
 * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)

2015-08-25 18:20:01 UTC

Snort Subscriber Rules Update

Date: 2015-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules)
 * 1:35759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules)
 * 1:35754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35752 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules)
 * 1:35753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection attempt (malware-cnc.rules)
 * 1:35751 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules)
 * 1:35748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection attempt (malware-cnc.rules)
 * 1:35746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules)
 * 1:35743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35740 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt  (file-pdf.rules)
 * 1:35741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35739 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules)
 * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules)
 * 1:35731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection attempt (malware-cnc.rules)
 * 1:35710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules)
 * 1:35708 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35709 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35629 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)
 * 1:35707 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35772 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35771 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35770 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike outbound connection  (malware-cnc.rules)
 * 1:35769 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike inbound connection  (malware-cnc.rules)
 * 1:35768 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules)
 * 1:35767 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules)
 * 1:35628 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)
 * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules)
 * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules)
 * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules)
 * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules)
 * 1:35762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)

Modified Rules:


 * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules)
 * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules)
 * 1:24090 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:28852 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules)

2015-08-25 18:20:01 UTC

Snort Subscriber Rules Update

Date: 2015-08-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:35772 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35771 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35770 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike outbound connection  (malware-cnc.rules)
 * 1:35769 <-> ENABLED <-> MALWARE-CNC Windows.Backdoor.Cobrike inbound connection  (malware-cnc.rules)
 * 1:35768 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules)
 * 1:35767 <-> ENABLED <-> FILE-PDF Adobe Reader CBBBRInvite privilege escalation attempt (file-pdf.rules)
 * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules)
 * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules)
 * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules)
 * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules)
 * 1:35762 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35761 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35760 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35759 <-> ENABLED <-> FILE-FLASH Adobe Flash Player XMLSocket destroy function type confusion attempt (file-flash.rules)
 * 1:35758 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules)
 * 1:35757 <-> DISABLED <-> FILE-PDF Adobe Reader exclGroup element null pointer dereference attempt (file-pdf.rules)
 * 1:35756 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35755 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35754 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35753 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SharedObject use after free attempt (file-flash.rules)
 * 1:35752 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules)
 * 1:35751 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat GIF to PDF conversion heap overflow attempt (file-image.rules)
 * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection attempt (malware-cnc.rules)
 * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection attempt (malware-cnc.rules)
 * 1:35748 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35747 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules)
 * 1:35746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35745 <-> ENABLED <-> INDICATOR-COMPROMISE Wild Neutron potential exploit attempt (indicator-compromise.rules)
 * 1:35744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35743 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35742 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player raster pointer null pointer dereference attempt (file-flash.rules)
 * 1:35740 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt  (file-pdf.rules)
 * 1:35739 <-> ENABLED <-> FILE-PDF Adobe Reader GoToE javascript execution attempt (file-pdf.rules)
 * 1:35738 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35737 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript stealth executable download attempt (indicator-obfuscation.rules)
 * 1:35736 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35735 <-> ENABLED <-> OS-OTHER OS X DYLD_PRINT_TO_FILE privilege escalation attempt (os-other.rules)
 * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules)
 * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection attempt (malware-cnc.rules)
 * 1:35732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35731 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:35710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules)
 * 1:35709 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35708 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35707 <-> DISABLED <-> SERVER-WEBAPP Pimcore CMS add-asset-compatibility directory traversal attempt (server-webapp.rules)
 * 1:35629 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)
 * 1:35628 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime tkhd atom matrix integer overflow attempt (file-multimedia.rules)

Modified Rules:


 * 1:24090 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WebDAV invalid character argument injection attempt (os-windows.rules)
 * 1:28852 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Linux.Trojan.Zollard (blacklist.rules)
 * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules)
 * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules)
 * 1:35497 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)
 * 1:35498 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Document invalid directory entry use after free attempt (file-office.rules)