Talos Rules 2016-06-09
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, exploit-kit, file-pdf, indicator-obfuscation, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2016-06-09 15:43:06 UTC

Snort Subscriber Rules Update

Date: 2016-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
 * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:39173 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.BladeShades Crypter outbound connection (malware-cnc.rules)
 * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules)
 * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules)
 * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules)
 * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules)
 * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules)
 * 1:39159 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39163 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39160 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
 * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules)
 * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules)
 * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules)
 * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules)
 * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:38556 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)

2016-06-09 15:43:06 UTC

Snort Subscriber Rules Update

Date: 2016-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:39173 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.BladeShades Crypter outbound connection (malware-cnc.rules)
 * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules)
 * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules)
 * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules)
 * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
 * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39159 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules)
 * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39163 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39160 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules)
 * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
 * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
 * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules)
 * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules)
 * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules)
 * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:38556 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules)

2016-06-09 15:43:06 UTC

Snort Subscriber Rules Update

Date: 2016-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:39173 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.BladeShades Crypter outbound connection (malware-cnc.rules)
 * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules)
 * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules)
 * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules)
 * 1:39164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39163 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39160 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39159 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
 * 1:39176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules)
 * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules)
 * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
 * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules)
 * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
 * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules)
 * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules)
 * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules)
 * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:38556 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)

2016-06-09 15:43:06 UTC

Snort Subscriber Rules Update

Date: 2016-06-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39188 <-> DISABLED <-> SERVER-WEBAPP Nagios XI backend API server side request forgery attempt (server-webapp.rules)
 * 1:39187 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39186 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39185 <-> DISABLED <-> SERVER-WEBAPP Cisco Unified Interactive Voice Response directory traversal attempt (server-webapp.rules)
 * 1:39184 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39183 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39182 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite directory traversal attempt (server-webapp.rules)
 * 1:39181 <-> DISABLED <-> SERVER-WEBAPP Nagios XI ajaxproxy.php server side request forgery attempt (server-webapp.rules)
 * 1:39180 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39179 <-> DISABLED <-> SERVER-WEBAPP Nagios XI nagiosim.php command injection attempt (server-webapp.rules)
 * 1:39178 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39177 <-> DISABLED <-> SERVER-WEBAPP Nagios XI graphApi.php command injection attempt (server-webapp.rules)
 * 1:39176 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39175 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
 * 1:39174 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:39173 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.BladeShades Crypter outbound connection (malware-cnc.rules)
 * 1:39172 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39171 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39170 <-> DISABLED <-> SERVER-WEBAPP Cisco Video Surveillance Operations Manager directory traversal attempt (server-webapp.rules)
 * 1:39169 <-> DISABLED <-> SERVER-WEBAPP Alpha Networks ADSL2/2+ Wireless Router password disclosure attempt (server-webapp.rules)
 * 1:39168 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39167 <-> DISABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39166 <-> DISABLED <-> SERVER-WEBAPP Asus RT-N56U router password disclosure attempt (server-webapp.rules)
 * 1:39165 <-> DISABLED <-> SERVER-WEBAPP iperf3 heap overflow remote code execution attempt (server-webapp.rules)
 * 1:39164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39163 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39160 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39159 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 3:39161 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)
 * 3:39162 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-CAN-0174 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt (browser-firefox.rules)
 * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules)
 * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules)
 * 1:20258 <-> DISABLED <-> OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt (os-windows.rules)
 * 1:34641 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX clsid access (browser-plugins.rules)
 * 1:34642 <-> DISABLED <-> BROWSER-PLUGINS McAffee Virtual Technician ActiveX control denial of service attempt ActiveX function call (browser-plugins.rules)
 * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules)
 * 1:37951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:37952 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules)
 * 1:38555 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:38556 <-> ENABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)