Snort - Network Intrusion Detection & Prevention System

Talos Rules 2015-09-17

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, browser-ie, exploit-kit, file-identify, file-office, file-pdf, indicator-obfuscation, malware-cnc, protocol-dns and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2962

2015-09-17 18:29:16 UTC

Snort Subscriber Rules Update

Date: 2015-09-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36055 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36056 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36057 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ directory traversal attempt (server-webapp.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules)
 * 1:36060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shifu variant outbound connection (malware-cnc.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36067 <-> ENABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join  (indicator-obfuscation.rules)
 * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)

Modified Rules:


 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules)
 * 1:31909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:33719 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34463 <-> ENABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35503 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:35504 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:36001 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36000 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36002 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:33184 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash download (exploit-kit.rules)
 * 1:36003 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:33718 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection attempt (malware-cnc.rules)

2973

2015-09-17 18:29:16 UTC

Snort Subscriber Rules Update

Date: 2015-09-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36055 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36056 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36057 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ directory traversal attempt (server-webapp.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules)
 * 1:36060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shifu variant outbound connection (malware-cnc.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36067 <-> ENABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join  (indicator-obfuscation.rules)
 * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)

Modified Rules:


 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection attempt (malware-cnc.rules)
 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules)
 * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:31909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:33184 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash download (exploit-kit.rules)
 * 1:33718 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:33719 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34463 <-> ENABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35503 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:36000 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:35504 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:36001 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36002 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:36003 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)

2975

2015-09-17 18:29:15 UTC

Snort Subscriber Rules Update

Date: 2015-09-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36071 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit browser version detection attempt (exploit-kit.rules)
 * 1:36070 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join  (indicator-obfuscation.rules)
 * 1:36069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:36067 <-> ENABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36063 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36062 <-> DISABLED <-> FILE-PDF Adobe Reader makeMeasurement information disclosure attempt (file-pdf.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:36060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shifu variant outbound connection (malware-cnc.rules)
 * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules)
 * 1:36058 <-> ENABLED <-> FILE-IDENTIFY OLE Document upload detected (file-identify.rules)
 * 1:36057 <-> DISABLED <-> SERVER-WEBAPP Apache ActiveMQ directory traversal attempt (server-webapp.rules)
 * 1:36056 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)
 * 1:36055 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC response unsupported cryptographic algorithm attempt (protocol-dns.rules)

Modified Rules:


 * 1:17696 <-> ENABLED <-> PROTOCOL-DNS Microsoft Windows DNS Server ANY query cache weakness (protocol-dns.rules)
 * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules)
 * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules)
 * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free attempt (browser-ie.rules)
 * 1:31909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Basostab variant outbound connection (malware-cnc.rules)
 * 1:33184 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Adobe Flash download (exploit-kit.rules)
 * 1:33718 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:33719 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreeNode interpreted as CGeneratedTreeNode remote code execution attempt (browser-ie.rules)
 * 1:34463 <-> ENABLED <-> APP-DETECT TeamViewer remote administration tool outbound connection attempt (app-detect.rules)
 * 1:34737 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34738 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter ForeignToRtf32 use after free attempt (file-office.rules)
 * 1:34739 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:34740 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word WordPerfect converter EnumFontFamProc use after free attempt (file-office.rules)
 * 1:35018 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35019 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35020 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35021 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word nested tblStylePr element use after free attempt (file-office.rules)
 * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules)
 * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35499 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35500 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer window scroll integer overflow attempt (browser-ie.rules)
 * 1:35503 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:35504 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word incomplete ActiveX control use-after-free attempt (file-office.rules)
 * 1:36000 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36001 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed XF record use after free attempt (file-office.rules)
 * 1:36002 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:36003 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel bad file pointer memory corruption attempt (file-office.rules)
 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection attempt (malware-cnc.rules)