Talos Rules 2016-09-01
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-plugins, deleted, exploit-kit, file-flash, file-identify, file-office, file-other, indicator-compromise, malware-cnc, malware-other, policy-other, policy-social, protocol-dns, protocol-snmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2016-09-01 15:37:09 UTC

Snort Subscriber Rules Update

Date: 2016-09-01

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:40007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:39957 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules)
 * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40025 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignus.com - Win.Trojan.Shakti (blacklist.rules)
 * 1:40026 <-> ENABLED <-> BLACKLIST DNS request for known malware domain web4solution.net - Win.Trojan.Shakti (blacklist.rules)
 * 1:39966 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules)
 * 1:39967 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bettitotuld.com - Donoff (blacklist.rules)
 * 1:39968 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39969 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules)
 * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules)
 * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules)
 * 1:40022 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40024 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignuk.com - Win.Trojan.Shakti (blacklist.rules)
 * 1:39978 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39979 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39980 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39981 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules)
 * 1:39982 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules)
 * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules)
 * 1:39965 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39964 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39963 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39954 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:39958 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules)
 * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39988 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39989 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39990 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40023 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39991 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39992 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules)
 * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules)
 * 1:39996 <-> DISABLED <-> DELETED this is a place holder 1XX (deleted.rules)
 * 1:39997 <-> DISABLED <-> DELETED this is a place holder 2XXX (deleted.rules)
 * 1:39998 <-> DISABLED <-> DELETED this is a place holder 3XXX (deleted.rules)
 * 1:39999 <-> DISABLED <-> DELETED this is a place holder 4XXX (deleted.rules)
 * 1:40000 <-> DISABLED <-> DELETED this is a place holder 5XXX (deleted.rules)
 * 1:40001 <-> DISABLED <-> DELETED this is a place holder 6XXX (deleted.rules)
 * 1:40002 <-> DISABLED <-> DELETED this is a place holder 7XXX (deleted.rules)
 * 1:40003 <-> DISABLED <-> DELETED this is a place holder 8XXX (deleted.rules)
 * 1:40004 <-> DISABLED <-> DELETED this is a place holder 9XXX (deleted.rules)
 * 1:40005 <-> DISABLED <-> DELETED this is a place holder 10XXX (deleted.rules)
 * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:39955 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:40008 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC buffer overflow attempt (server-other.rules)
 * 1:40011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:40012 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string DetoxCrypto2 (blacklist.rules)
 * 1:40009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:40016 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 3:39994 <-> ENABLED <-> PROTOCOL-SNMP Cisco SG200 Series SNMP request via undocumented community string attempt (protocol-snmp.rules)
 * 3:40006 <-> ENABLED <-> SERVER-OTHER Cisco Small Business SPA3x/5x series denial of service attempt (server-other.rules)
 * 3:40013 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)
 * 3:40014 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)

Modified Rules:


 * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules)
 * 1:38785 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules)
 * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules)
 * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules)
 * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules)
 * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules)
 * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules)
 * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:38552 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules)
 * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules)
 * 1:38553 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:38786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules)
 * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:39803 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules)
 * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 3:38293 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38294 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38295 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38296 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)

2016-09-01 15:37:09 UTC

Snort Subscriber Rules Update

Date: 2016-09-01

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:40007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:39998 <-> DISABLED <-> DELETED this is a place holder 3XXX (deleted.rules)
 * 1:39996 <-> DISABLED <-> DELETED this is a place holder 1XX (deleted.rules)
 * 1:39997 <-> DISABLED <-> DELETED this is a place holder 2XXX (deleted.rules)
 * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules)
 * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules)
 * 1:39991 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39992 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39989 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39990 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39988 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules)
 * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules)
 * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39981 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules)
 * 1:39982 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules)
 * 1:39979 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39980 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules)
 * 1:39978 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules)
 * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules)
 * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules)
 * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39969 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39967 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bettitotuld.com - Donoff (blacklist.rules)
 * 1:39968 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39966 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39954 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules)
 * 1:39958 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39955 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39963 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39964 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39965 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39999 <-> DISABLED <-> DELETED this is a place holder 4XXX (deleted.rules)
 * 1:40000 <-> DISABLED <-> DELETED this is a place holder 5XXX (deleted.rules)
 * 1:40001 <-> DISABLED <-> DELETED this is a place holder 6XXX (deleted.rules)
 * 1:40002 <-> DISABLED <-> DELETED this is a place holder 7XXX (deleted.rules)
 * 1:40003 <-> DISABLED <-> DELETED this is a place holder 8XXX (deleted.rules)
 * 1:40004 <-> DISABLED <-> DELETED this is a place holder 9XXX (deleted.rules)
 * 1:40005 <-> DISABLED <-> DELETED this is a place holder 10XXX (deleted.rules)
 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:39957 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40026 <-> ENABLED <-> BLACKLIST DNS request for known malware domain web4solution.net - Win.Trojan.Shakti (blacklist.rules)
 * 1:40025 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignus.com - Win.Trojan.Shakti (blacklist.rules)
 * 1:40024 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignuk.com - Win.Trojan.Shakti (blacklist.rules)
 * 1:40023 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40022 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:40016 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules)
 * 1:40010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:40012 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string DetoxCrypto2 (blacklist.rules)
 * 1:40011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:40008 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC buffer overflow attempt (server-other.rules)
 * 3:39994 <-> ENABLED <-> PROTOCOL-SNMP Cisco SG200 Series SNMP request via undocumented community string attempt (protocol-snmp.rules)
 * 3:40006 <-> ENABLED <-> SERVER-OTHER Cisco Small Business SPA3x/5x series denial of service attempt (server-other.rules)
 * 3:40013 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)
 * 3:40014 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)

Modified Rules:


 * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules)
 * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules)
 * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules)
 * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39803 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules)
 * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:38785 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules)
 * 1:38786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules)
 * 1:38552 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:38553 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules)
 * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules)
 * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules)
 * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules)
 * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules)
 * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 3:38293 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38294 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38295 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38296 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)

2016-09-01 15:37:08 UTC

Snort Subscriber Rules Update

Date: 2016-09-01

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:40029 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40028 <-> DISABLED <-> POLICY-OTHER AutoItv3 Aut2Exe interpreter - compiled script (policy-other.rules)
 * 1:40027 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40026 <-> ENABLED <-> BLACKLIST DNS request for known malware domain web4solution.net - Win.Trojan.Shakti (blacklist.rules)
 * 1:40025 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignus.com - Win.Trojan.Shakti (blacklist.rules)
 * 1:40024 <-> ENABLED <-> BLACKLIST DNS request for known malware domain securedesignuk.com - Win.Trojan.Shakti (blacklist.rules)
 * 1:40023 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40022 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40021 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40020 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file magic detected (file-identify.rules)
 * 1:40019 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40018 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file attachment detected (file-identify.rules)
 * 1:40017 <-> ENABLED <-> FILE-IDENTIFY Hierarchal Data Format file download request (file-identify.rules)
 * 1:40016 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:40015 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox about field spoofing attempt (browser-firefox.rules)
 * 1:40012 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string DetoxCrypto2 (blacklist.rules)
 * 1:40011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:40009 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:40008 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess DCERPC buffer overflow attempt (server-other.rules)
 * 1:40007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:40005 <-> DISABLED <-> DELETED this is a place holder 10XXX (deleted.rules)
 * 1:40004 <-> DISABLED <-> DELETED this is a place holder 9XXX (deleted.rules)
 * 1:40003 <-> DISABLED <-> DELETED this is a place holder 8XXX (deleted.rules)
 * 1:40002 <-> DISABLED <-> DELETED this is a place holder 7XXX (deleted.rules)
 * 1:40001 <-> DISABLED <-> DELETED this is a place holder 6XXX (deleted.rules)
 * 1:40000 <-> DISABLED <-> DELETED this is a place holder 5XXX (deleted.rules)
 * 1:39999 <-> DISABLED <-> DELETED this is a place holder 4XXX (deleted.rules)
 * 1:39998 <-> DISABLED <-> DELETED this is a place holder 3XXX (deleted.rules)
 * 1:39997 <-> DISABLED <-> DELETED this is a place holder 2XXX (deleted.rules)
 * 1:39996 <-> DISABLED <-> DELETED this is a place holder 1XX (deleted.rules)
 * 1:39995 <-> DISABLED <-> POLICY-SOCIAL IRC server connection (policy-social.rules)
 * 1:39993 <-> DISABLED <-> SERVER-OTHER Netcore router backdoor access attempt (server-other.rules)
 * 1:39992 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39991 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39990 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39989 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39988 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:39987 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39986 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules)
 * 1:39985 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39984 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt. (indicator-compromise.rules)
 * 1:39983 <-> DISABLED <-> INDICATOR-COMPROMISE Cisco IOS commandline overflow attempt (indicator-compromise.rules)
 * 1:39982 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules)
 * 1:39981 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt (server-webapp.rules)
 * 1:39980 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39979 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39978 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS Surveillance cgi_main command injection attempt (server-webapp.rules)
 * 1:39977 <-> DISABLED <-> SERVER-OTHER BGP invalid length (server-other.rules)
 * 1:39976 <-> DISABLED <-> SERVER-OTHER BGP bad marker strings (server-other.rules)
 * 1:39975 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules)
 * 1:39974 <-> ENABLED <-> MALWARE-OTHER Andr.Trojan.KungFu variant download (malware-other.rules)
 * 1:39973 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39972 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39971 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39970 <-> DISABLED <-> BROWSER-PLUGINS UCanCode Visualization Enterprise Suite ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39969 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39968 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39967 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bettitotuld.com - Donoff (blacklist.rules)
 * 1:39966 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39965 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39964 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39963 <-> DISABLED <-> BROWSER-PLUGINS Moxa VPort SDK PLUS ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39962 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39961 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39960 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39959 <-> DISABLED <-> BROWSER-PLUGINS AdvantechNVS VideoDAQ ActiveX clsid access attempt (browser-plugins.rules)
 * 1:39958 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39957 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules)
 * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules)
 * 1:39955 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:39954 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules)
 * 1:39953 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39952 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39951 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39950 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TSIG query denial of service attempt (protocol-dns.rules)
 * 1:39949 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39948 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TCP TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39947 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 1:39946 <-> DISABLED <-> PROTOCOL-DNS PowerDNS TKEY query denial of service attempt (protocol-dns.rules)
 * 3:39994 <-> ENABLED <-> PROTOCOL-SNMP Cisco SG200 Series SNMP request via undocumented community string attempt (protocol-snmp.rules)
 * 3:40006 <-> ENABLED <-> SERVER-OTHER Cisco Small Business SPA3x/5x series denial of service attempt (server-other.rules)
 * 3:40013 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)
 * 3:40014 <-> ENABLED <-> FILE-OTHER Cisco WebEx Meetings Player arbitrary code execution attempt (file-other.rules)

Modified Rules:


 * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules)
 * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules)
 * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:35070 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules)
 * 1:35071 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules)
 * 1:35072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules)
 * 1:35073 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength insertItemBefore use after free attempt (browser-firefox.rules)
 * 1:35074 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength replaceItem use after free attempt (browser-firefox.rules)
 * 1:35075 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMSVGLength initialize use after free attempt (browser-firefox.rules)
 * 1:38552 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:38553 <-> DISABLED <-> EXPLOIT-KIT Angler landing page detected (exploit-kit.rules)
 * 1:38785 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules)
 * 1:38786 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BOF memory disclosure attempt (file-office.rules)
 * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules)
 * 1:39803 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39804 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39805 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39806 <-> ENABLED <-> MALWARE-OTHER Win.Adware.Dlhelper outbound connection detected (malware-other.rules)
 * 1:39882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt (file-office.rules)
 * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access attempt (browser-plugins.rules)
 * 3:38293 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38294 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38295 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)
 * 3:38296 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0094 attack attempt (file-other.rules)