Talos Rules 2016-07-14
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the exploit-kit, file-flash, file-image, file-multimedia, malware-cnc, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2016-07-14 21:57:00 UTC

Snort Subscriber Rules Update

Date: 2016-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules)
 * 1:39590 <-> DISABLED <-> SERVER-WEBAPP TikiWiki elFinder component arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39585 <-> DISABLED <-> SERVER-WEBAPP Google Chromecast factory reset attempt (server-webapp.rules)
 * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules)
 * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules)
 * 1:39582 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection attempt (malware-cnc.rules)
 * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules)
 * 1:39591 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules)
 * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules)
 * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection attempt (malware-cnc.rules)
 * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 3:39599 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules)
 * 3:39626 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39628 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39625 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39623 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39624 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39621 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39620 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39619 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39616 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39617 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39614 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39615 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39613 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39605 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39606 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39601 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39609 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39595 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39597 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules)
 * 3:39604 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39610 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39632 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39594 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39635 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules)
 * 3:39596 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39634 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules)
 * 3:39598 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules)
 * 3:39611 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39631 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39630 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39607 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39612 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39618 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39622 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39593 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39600 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules)
 * 3:39608 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39627 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39629 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39603 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39602 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)

Modified Rules:


 * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:38984 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39240 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules)
 * 1:39241 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules)
 * 1:38985 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules)

2016-07-14 21:57:00 UTC

Snort Subscriber Rules Update

Date: 2016-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules)
 * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules)
 * 1:39582 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection attempt (malware-cnc.rules)
 * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules)
 * 1:39590 <-> DISABLED <-> SERVER-WEBAPP TikiWiki elFinder component arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39585 <-> DISABLED <-> SERVER-WEBAPP Google Chromecast factory reset attempt (server-webapp.rules)
 * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules)
 * 1:39591 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules)
 * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules)
 * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection attempt (malware-cnc.rules)
 * 3:39594 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39628 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39626 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39624 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39625 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39621 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39623 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39620 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39619 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39616 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39617 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39615 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39614 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39613 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39632 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39593 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39595 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39604 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39608 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39596 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39605 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39606 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39609 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39598 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules)
 * 3:39610 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39599 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules)
 * 3:39611 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39600 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules)
 * 3:39601 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39630 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39631 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39597 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules)
 * 3:39607 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39618 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39612 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39622 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39635 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules)
 * 3:39634 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules)
 * 3:39603 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39602 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39627 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39629 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)

Modified Rules:


 * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39241 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules)
 * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:38985 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:39240 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules)
 * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules)
 * 1:38984 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)

2016-07-14 21:57:00 UTC

Snort Subscriber Rules Update

Date: 2016-07-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules)
 * 1:39592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules)
 * 1:39591 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules)
 * 1:39590 <-> DISABLED <-> SERVER-WEBAPP TikiWiki elFinder component arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules)
 * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules)
 * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules)
 * 1:39585 <-> DISABLED <-> SERVER-WEBAPP Google Chromecast factory reset attempt (server-webapp.rules)
 * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules)
 * 1:39583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39582 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection attempt (malware-cnc.rules)
 * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection attempt (malware-cnc.rules)
 * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules)
 * 3:39635 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules)
 * 3:39634 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules)
 * 3:39632 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39631 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39630 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39629 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39628 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39626 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39627 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39625 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39624 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39623 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39622 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39621 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39620 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39619 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39618 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39612 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39617 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39616 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39615 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39614 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39613 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39611 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39610 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39609 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39593 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39594 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39595 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39596 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules)
 * 3:39597 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules)
 * 3:39608 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39598 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules)
 * 3:39599 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules)
 * 3:39600 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules)
 * 3:39601 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39607 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39606 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39605 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39604 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39602 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
 * 3:39603 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)

Modified Rules:


 * 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:39241 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules)
 * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules)
 * 1:38985 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
 * 1:39240 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules)
 * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules)
 * 1:38984 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)