Talos Rules 2017-02-21
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-plugins, file-flash, malware-cnc, malware-other, protocol-scada, pua-adware, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2017-02-21 18:43:10 UTC

Snort Subscriber Rules Update

Date: 2017-02-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41691 <-> DISABLED <-> SERVER-WEBAPP Siemens WinCC DoS attempt (server-webapp.rules)
 * 1:41687 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules)
 * 1:41682 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules)
 * 1:41677 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Appliance insecure configuration export attempt (server-webapp.rules)
 * 1:41681 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules)
 * 1:41676 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41678 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Appliance insecure configuration import attempt (server-webapp.rules)
 * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules)
 * 1:41672 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules)
 * 1:41670 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41675 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41668 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41669 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41666 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41671 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules)
 * 1:41665 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41667 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41660 <-> DISABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:41661 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41663 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules)
 * 1:41683 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41692 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote use of authentication token attempt (server-webapp.rules)
 * 1:41689 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41690 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41684 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:40869 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Virut (blacklist.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:41383 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules)
 * 1:41384 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)

2017-02-21 18:43:10 UTC

Snort Subscriber Rules Update

Date: 2017-02-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41690 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41691 <-> DISABLED <-> SERVER-WEBAPP Siemens WinCC DoS attempt (server-webapp.rules)
 * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules)
 * 1:41689 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41682 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41692 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote use of authentication token attempt (server-webapp.rules)
 * 1:41660 <-> DISABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:41661 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41663 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules)
 * 1:41665 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41666 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41667 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41668 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41669 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41670 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41671 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41672 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules)
 * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules)
 * 1:41675 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41676 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41684 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41677 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Appliance insecure configuration export attempt (server-webapp.rules)
 * 1:41678 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Appliance insecure configuration import attempt (server-webapp.rules)
 * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules)
 * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules)
 * 1:41681 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules)

Modified Rules:


 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules)
 * 1:41383 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:40869 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Virut (blacklist.rules)
 * 1:41384 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules)
 * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)

2017-02-21 18:43:10 UTC

Snort Subscriber Rules Update

Date: 2017-02-21

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41692 <-> DISABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote use of authentication token attempt (server-webapp.rules)
 * 1:41691 <-> DISABLED <-> SERVER-WEBAPP Siemens WinCC DoS attempt (server-webapp.rules)
 * 1:41690 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41689 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules)
 * 1:41688 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_http2 denial of service attempt (server-apache.rules)
 * 1:41687 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41684 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41682 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41681 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux remote code execution attempt (server-webapp.rules)
 * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules)
 * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules)
 * 1:41678 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Appliance insecure configuration import attempt (server-webapp.rules)
 * 1:41677 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Appliance insecure configuration export attempt (server-webapp.rules)
 * 1:41676 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41675 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules)
 * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules)
 * 1:41672 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41671 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41670 <-> DISABLED <-> SERVER-WEBAPP Netgear ReadyNAS np_handler command injection attempt (server-webapp.rules)
 * 1:41669 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41668 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41667 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41666 <-> DISABLED <-> BROWSER-PLUGINS KingScada kxClientDownload ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41665 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41664 <-> DISABLED <-> PUA-ADWARE Win.Adware.Xiazai variant outbound connection (pua-adware.rules)
 * 1:41663 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41661 <-> ENABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41660 <-> DISABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)

Modified Rules:


 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules)
 * 1:28054 <-> ENABLED <-> MALWARE-OTHER VBScript potential executable write attempt (malware-other.rules)
 * 1:29204 <-> DISABLED <-> PROTOCOL-SCADA Modbus read holding register response - invalid byte count (protocol-scada.rules)
 * 1:36072 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36073 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36074 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36075 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36076 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36077 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36078 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36079 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36080 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36081 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36082 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36083 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36084 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36085 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36086 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36087 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36088 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36089 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36090 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36091 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36092 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:41384 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules)
 * 1:36095 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:40869 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Virut (blacklist.rules)
 * 1:41383 <-> DISABLED <-> SERVER-WEBAPP PHP ZipArchive getFromIndex and getFromName integer overflow attempt (server-webapp.rules)
 * 1:36094 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)
 * 1:36093 <-> DISABLED <-> SERVER-OTHER Dell Netvault Backup remote denial of service attempt (server-other.rules)