Talos Rules 2015-09-17
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, browser-ie, exploit-kit, file-identify, file-office, file-pdf, indicator-obfuscation, malware-cnc, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2015-09-17 18:29:16 UTC

Snort Subscriber Rules Update

Date: 2015-09-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36055 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36056 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36057 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ directory traversal attempt (server-webapp.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules)
 * 1:36060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shifu variant outbound connection (malware-cnc.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36067 <-> ENABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join  (indicator-obfuscation.rules)
 * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)

Modified Rules:


 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules)
 * 1:31909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:33719 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34463 <-> ENABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35503 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:35504 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:36001 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36000 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36002 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:33184 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash download (exploit-kit.rules)
 * 1:36003 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:33718 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection attempt (malware-cnc.rules)

2015-09-17 18:29:16 UTC

Snort Subscriber Rules Update

Date: 2015-09-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36055 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36056 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36057 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ directory traversal attempt (server-webapp.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules)
 * 1:36060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shifu variant outbound connection (malware-cnc.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36067 <-> ENABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join  (indicator-obfuscation.rules)
 * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)

Modified Rules:


 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection attempt (malware-cnc.rules)
 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules)
 * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:31909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:33184 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash download (exploit-kit.rules)
 * 1:33718 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:33719 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34463 <-> ENABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35503 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:36000 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:35504 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:36001 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36002 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:36003 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)

2015-09-17 18:29:15 UTC

Snort Subscriber Rules Update

Date: 2015-09-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join  (indicator-obfuscation.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36067 <-> ENABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:36060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shifu variant outbound connection (malware-cnc.rules)
 * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36057 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ directory traversal attempt (server-webapp.rules)
 * 1:36056 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36055 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)

Modified Rules:


 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules)
 * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:31909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:33184 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash download (exploit-kit.rules)
 * 1:33718 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:33719 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:34463 <-> ENABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35503 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:35504 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:36000 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36001 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36002 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:36003 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection attempt (malware-cnc.rules)