Talos Rules 2016-01-05
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the exploit-kit, file-flash, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2016-01-05 15:03:03 UTC

Snort Subscriber Rules Update

Date: 2016-01-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37211 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37209 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37210 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37207 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules)
 * 1:37204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37202 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules)
 * 1:37203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37201 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules)
 * 1:37206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules)
 * 1:37200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules)
 * 1:37223 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules)
 * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules)
 * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37231 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules)
 * 1:37232 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules)
 * 1:37218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37233 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus FileUploader servlet directory traversal attempt (server-webapp.rules)
 * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37224 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules)
 * 1:37221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules)
 * 1:37220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules)
 * 1:37240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules)
 * 1:37241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules)

Modified Rules:


 * 1:26749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26742 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26743 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26725 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26729 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26737 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26739 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26736 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26735 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26740 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules)
 * 1:26748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)

2016-01-05 15:03:03 UTC

Snort Subscriber Rules Update

Date: 2016-01-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37223 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules)
 * 1:37238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37210 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37211 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37209 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37207 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules)
 * 1:37204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules)
 * 1:37203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37202 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules)
 * 1:37201 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules)
 * 1:37199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules)
 * 1:37218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules)
 * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules)
 * 1:37221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules)
 * 1:37224 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules)
 * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:37231 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules)
 * 1:37232 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules)
 * 1:37233 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus FileUploader servlet directory traversal attempt (server-webapp.rules)
 * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules)
 * 1:37240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules)

Modified Rules:


 * 1:26725 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26728 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26729 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26735 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26734 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26736 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26740 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26739 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26737 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26743 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules)
 * 1:26744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26742 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)

2016-01-05 15:03:03 UTC

Snort Subscriber Rules Update

Date: 2016-01-05

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules)
 * 1:37240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player canvas out of bounds read attempt (file-flash.rules)
 * 1:37239 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37238 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37237 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37236 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object hasOwnProperty use after free attempt (file-flash.rules)
 * 1:37235 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37234 <-> ENABLED <-> FILE-FLASH Adobe Flash Player removeMovieClip use after free attempt (file-flash.rules)
 * 1:37233 <-> DISABLED <-> SERVER-WEBAPP ManageEngine ServiceDesk Plus FileUploader servlet directory traversal attempt (server-webapp.rules)
 * 1:37232 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules)
 * 1:37231 <-> ENABLED <-> FILE-FLASH Adobe Flash Player getBounds method use after free attempt (file-flash.rules)
 * 1:37230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:37229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip method use after free attempt (file-flash.rules)
 * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection attempt (malware-cnc.rules)
 * 1:37224 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules)
 * 1:37223 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large bitmap integer overflow attempt (file-flash.rules)
 * 1:37222 <-> ENABLED <-> MALWARE-OTHER Win.Worm.Pixipos Outbound Connection Attempt (malware-other.rules)
 * 1:37221 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules)
 * 1:37220 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Date with invalid parameter toTimeString attempt (file-flash.rules)
 * 1:37219 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37218 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37217 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37216 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MovieClip setMask use after free attempt (file-flash.rules)
 * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection attempt (malware-cnc.rules)
 * 1:37211 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37210 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37209 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37208 <-> ENABLED <-> FILE-FLASH Adobe Flash Player LoadVars decode use after free attempt (file-flash.rules)
 * 1:37207 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit landing page (exploit-kit.rules)
 * 1:37206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37205 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37204 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37203 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object.addProperty method use after free attempt (file-flash.rules)
 * 1:37202 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules)
 * 1:37201 <-> ENABLED <-> FILE-FLASH Adobe Flash Standalone Player ASSetPropFlags use after free attempt (file-flash.rules)
 * 1:37200 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules)
 * 1:37199 <-> ENABLED <-> FILE-FLASH Adobe Flash Player multiple script render display use after free attempt (file-flash.rules)

Modified Rules:


 * 1:26725 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc http command (malware-cnc.rules)
 * 1:26726 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc stop command (malware-cnc.rules)
 * 1:26727 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc die command (malware-cnc.rules)
 * 1:26728 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc sleep command (malware-cnc.rules)
 * 1:26729 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc simple command (malware-cnc.rules)
 * 1:26730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc loginpost command (malware-cnc.rules)
 * 1:26731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc datapost command (malware-cnc.rules)
 * 1:26732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc syn command (malware-cnc.rules)
 * 1:26733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udp command (malware-cnc.rules)
 * 1:26734 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc udpdata command (malware-cnc.rules)
 * 1:26735 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc data command (malware-cnc.rules)
 * 1:26736 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc icmp command (malware-cnc.rules)
 * 1:26737 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc tcpdata command (malware-cnc.rules)
 * 1:26738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dataget command (malware-cnc.rules)
 * 1:26739 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc connect command (malware-cnc.rules)
 * 1:26740 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc dns command (malware-cnc.rules)
 * 1:26741 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc exec command (malware-cnc.rules)
 * 1:26742 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc resolve command (malware-cnc.rules)
 * 1:26743 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc antiddos command (malware-cnc.rules)
 * 1:26744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc range command (malware-cnc.rules)
 * 1:26745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc ftp command (malware-cnc.rules)
 * 1:26746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc download command (malware-cnc.rules)
 * 1:26747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc fastddos command (malware-cnc.rules)
 * 1:26748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc slowhttp command (malware-cnc.rules)
 * 1:26749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc allhttp command (malware-cnc.rules)
 * 1:26750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackRev cnc full command (malware-cnc.rules)
 * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli variant outbound connection (malware-cnc.rules)
 * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules)