Talos Rules 2017-03-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-executable, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, os-linux, os-other, os-windows, policy-other, protocol-scada, protocol-snmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-03-28 17:13:34 UTC

Snort Subscriber Rules Update

Date: 2017-03-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:40809 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules)
 * 1:40805 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules)
 * 1:40804 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules)
 * 1:40802 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules)
 * 1:40803 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules)
 * 1:40801 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:40794 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40792 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40793 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40777 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules)
 * 1:40791 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40776 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules)
 * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:40756 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules)
 * 1:40757 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules)
 * 1:40539 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules)
 * 1:40540 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules)
 * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules)
 * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules)
 * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules)
 * 1:40489 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules)
 * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules)
 * 1:40488 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules)
 * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40429 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules)
 * 1:40430 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules)
 * 1:40336 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules)
 * 1:40337 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules)
 * 1:40314 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules)
 * 1:40315 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules)
 * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules)
 * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules)
 * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules)
 * 1:39884 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules)
 * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules)
 * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules)
 * 1:39883 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules)
 * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules)
 * 1:39876 <-> ENABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC SNMP request via undocumented community string attempt (protocol-snmp.rules)
 * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules)
 * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules)
 * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules)
 * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules)
 * 1:39635 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules)
 * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules)
 * 1:39632 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39634 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules)
 * 1:39630 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39631 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39628 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39629 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39626 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39627 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39624 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39625 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39622 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39623 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39620 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39621 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39618 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39619 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39616 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39617 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39614 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39610 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39613 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39612 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39611 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39608 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39609 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39606 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39604 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39605 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39602 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39603 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules)
 * 1:39601 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules)
 * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules)
 * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules)
 * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39467 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules)
 * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39162 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules)
 * 1:39466 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules)
 * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules)
 * 1:39161 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules)
 * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules)
 * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules)
 * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules)
 * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules)
 * 1:39079 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules)
 * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules)
 * 1:39078 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules)
 * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules)
 * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules)
 * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules)
 * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules)
 * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules)
 * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules)
 * 1:38869 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules)
 * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules)
 * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules)
 * 1:38868 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules)
 * 1:38860 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules)
 * 1:38861 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules)
 * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38849 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:38850 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:38627 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules)
 * 1:38628 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules)
 * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules)
 * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules)
 * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules)
 * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules)
 * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules)
 * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules)
 * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules)
 * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules)
 * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules)
 * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules)
 * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules)
 * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules)
 * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules)
 * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules)
 * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules)
 * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules)
 * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules)
 * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules)
 * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules)
 * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules)
 * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules)
 * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules)
 * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules)
 * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules)
 * 1:37519 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules)
 * 1:37520 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules)
 * 1:37517 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules)
 * 1:37518 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules)
 * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules)
 * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules)
 * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules)
 * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules)
 * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules)
 * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules)
 * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules)
 * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules)
 * 1:37494 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules)
 * 1:36388 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules)
 * 1:37493 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules)
 * 1:36386 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules)
 * 1:36387 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules)
 * 1:36230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules)
 * 1:36385 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules)
 * 1:36229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules)
 * 1:36228 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36226 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36227 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36217 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules)
 * 1:36225 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36213 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules)
 * 1:36216 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules)
 * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules)
 * 1:36212 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules)
 * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules)
 * 1:42079 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules)
 * 1:42080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules)
 * 1:42081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules)
 * 1:42083 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection attempt (malware-cnc.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules)
 * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules)
 * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules)
 * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules)
 * 1:42098 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:40806 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules)
 * 1:40919 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules)
 * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules)
 * 1:40901 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules)
 * 1:42073 <-> DISABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:41311 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules)
 * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules)
 * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules)
 * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules)
 * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules)
 * 1:40900 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules)
 * 1:40920 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules)
 * 1:40899 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules)
 * 1:40810 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules)
 * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules)
 * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:40925 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules)
 * 1:41218 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules)
 * 1:41212 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server digest_ripe message field out of bounds read attempt (server-other.rules)
 * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules)
 * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules)
 * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules)
 * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules)
 * 1:40923 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules)
 * 1:40924 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules)
 * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules)
 * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules)
 * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules)
 * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules)
 * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules)
 * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules)
 * 1:40808 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules)
 * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules)
 * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules)
 * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules)
 * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules)
 * 1:40903 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules)
 * 1:41108 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules)
 * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules)
 * 1:41217 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules)
 * 1:40918 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules)
 * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules)
 * 1:41310 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules)
 * 1:40926 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules)
 * 1:40935 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules)
 * 1:40934 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules)
 * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules)
 * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules)
 * 1:40917 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules)
 * 1:40902 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules)
 * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules)
 * 1:40898 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules)
 * 1:40807 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules)
 * 1:41213 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server client batch request exploit attempt (server-other.rules)
 * 1:41109 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules)
 * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42078 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0299 attack attempt (server-webapp.rules)
 * 3:42084 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42085 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42086 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42087 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42088 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42089 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42090 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42091 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)

Modified Rules:


 * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules)
 * 1:36968 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:39865 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules)
 * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules)
 * 1:39864 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules)
 * 1:36969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:37045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 3:40822 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:40821 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:40758 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0231 attack attempt (server-other.rules)
 * 3:42060 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP client dummy XID denial of service attempt (server-other.rules)
 * 3:40820 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0239 attack attempt (server-webapp.rules)

2017-03-28 17:13:34 UTC

Snort Subscriber Rules Update

Date: 2017-03-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:40805 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules)
 * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules)
 * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules)
 * 1:36212 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules)
 * 1:36213 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules)
 * 1:36216 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules)
 * 1:36217 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules)
 * 1:36225 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36226 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36227 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36228 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules)
 * 1:36230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules)
 * 1:36385 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules)
 * 1:36386 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules)
 * 1:36387 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules)
 * 1:36388 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules)
 * 1:37493 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules)
 * 1:37494 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules)
 * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules)
 * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules)
 * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules)
 * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules)
 * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules)
 * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules)
 * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules)
 * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules)
 * 1:37517 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules)
 * 1:37518 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules)
 * 1:37519 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules)
 * 1:37520 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules)
 * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules)
 * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules)
 * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules)
 * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules)
 * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules)
 * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules)
 * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules)
 * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules)
 * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules)
 * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules)
 * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules)
 * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules)
 * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules)
 * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules)
 * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules)
 * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules)
 * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules)
 * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules)
 * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules)
 * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules)
 * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules)
 * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules)
 * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules)
 * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules)
 * 1:38627 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules)
 * 1:38628 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules)
 * 1:38849 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:38850 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38860 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules)
 * 1:38861 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules)
 * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules)
 * 1:38868 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules)
 * 1:38869 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules)
 * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules)
 * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules)
 * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules)
 * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules)
 * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules)
 * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules)
 * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules)
 * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules)
 * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules)
 * 1:39078 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:39079 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules)
 * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules)
 * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules)
 * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules)
 * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules)
 * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules)
 * 1:39161 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules)
 * 1:39162 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules)
 * 1:39466 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules)
 * 1:39467 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules)
 * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules)
 * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules)
 * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules)
 * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules)
 * 1:39601 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39602 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39603 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39604 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39605 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39606 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39608 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39609 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39610 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39611 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39612 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39613 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39614 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39616 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39617 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39618 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39619 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39620 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39621 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39622 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39623 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39624 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39625 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39626 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39627 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39628 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39629 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39630 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39631 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39632 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39634 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules)
 * 1:39635 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules)
 * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules)
 * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules)
 * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules)
 * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules)
 * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules)
 * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules)
 * 1:39876 <-> ENABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC SNMP request via undocumented community string attempt (protocol-snmp.rules)
 * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules)
 * 1:39883 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules)
 * 1:39884 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules)
 * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules)
 * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules)
 * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules)
 * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules)
 * 1:40314 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules)
 * 1:40315 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules)
 * 1:40336 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules)
 * 1:40337 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules)
 * 1:40429 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules)
 * 1:40430 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules)
 * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40488 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules)
 * 1:40489 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules)
 * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules)
 * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules)
 * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules)
 * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules)
 * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40539 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules)
 * 1:40540 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules)
 * 1:40756 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules)
 * 1:40757 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules)
 * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:40776 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules)
 * 1:40777 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules)
 * 1:40791 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40792 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40793 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40794 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40801 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules)
 * 1:40802 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules)
 * 1:40803 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules)
 * 1:40804 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules)
 * 1:42099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42098 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules)
 * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules)
 * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules)
 * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42083 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection attempt (malware-cnc.rules)
 * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules)
 * 1:42081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules)
 * 1:42079 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:42073 <-> DISABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules)
 * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules)
 * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules)
 * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules)
 * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules)
 * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules)
 * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules)
 * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules)
 * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules)
 * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules)
 * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules)
 * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules)
 * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules)
 * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules)
 * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules)
 * 1:41311 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules)
 * 1:41310 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules)
 * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules)
 * 1:41218 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules)
 * 1:41217 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules)
 * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules)
 * 1:41213 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server client batch request exploit attempt (server-other.rules)
 * 1:41212 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server digest_ripe message field out of bounds read attempt (server-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules)
 * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules)
 * 1:41109 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules)
 * 1:41108 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules)
 * 1:40935 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules)
 * 1:40934 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules)
 * 1:40926 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules)
 * 1:40925 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules)
 * 1:40924 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules)
 * 1:40923 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules)
 * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules)
 * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules)
 * 1:40920 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules)
 * 1:40919 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules)
 * 1:40918 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules)
 * 1:40917 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules)
 * 1:40903 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules)
 * 1:40902 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules)
 * 1:40901 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules)
 * 1:40900 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules)
 * 1:40899 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules)
 * 1:40898 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules)
 * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules)
 * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules)
 * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules)
 * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules)
 * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules)
 * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules)
 * 1:40810 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules)
 * 1:40809 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules)
 * 1:40808 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules)
 * 1:40806 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules)
 * 1:40807 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules)
 * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42078 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0299 attack attempt (server-webapp.rules)
 * 3:42084 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42085 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42086 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42087 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42088 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42089 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42090 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42091 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)

Modified Rules:


 * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules)
 * 1:39864 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules)
 * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules)
 * 1:36968 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:39865 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules)
 * 1:37045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:36969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 3:40822 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:40820 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0239 attack attempt (server-webapp.rules)
 * 3:40758 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0231 attack attempt (server-other.rules)
 * 3:40821 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:42060 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP client dummy XID denial of service attempt (server-other.rules)

2017-03-28 17:13:34 UTC

Snort Subscriber Rules Update

Date: 2017-03-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42098 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules)
 * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules)
 * 1:42095 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 directory traversal attempt (server-webapp.rules)
 * 1:42094 <-> DISABLED <-> SERVER-WEBAPP NetBiter WebSCADA ws100/ws200 information gathering attempt (server-webapp.rules)
 * 1:42093 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 file read attempt (policy-other.rules)
 * 1:42092 <-> DISABLED <-> POLICY-OTHER NetBiter WebSCADA ws100/ws200 logo modification attempt (policy-other.rules)
 * 1:42083 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection attempt (malware-cnc.rules)
 * 1:42082 <-> DISABLED <-> INDICATOR-COMPROMISE Request for external IP address detected (indicator-compromise.rules)
 * 1:42081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules)
 * 1:42079 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection attempt with unique User-Agent (malware-cnc.rules)
 * 1:42075 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:42074 <-> ENABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:42073 <-> DISABLED <-> PROTOCOL-SCADA TraceMode Runtime DOS attempt (protocol-scada.rules)
 * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules)
 * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules)
 * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap overflow attempt (server-other.rules)
 * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules)
 * 1:41507 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString denial of service attempt (server-other.rules)
 * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules)
 * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules)
 * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules)
 * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules)
 * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules)
 * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules)
 * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules)
 * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules)
 * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules)
 * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules)
 * 1:41311 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules)
 * 1:41310 <-> ENABLED <-> FILE-IMAGE libBPG restore_tqb_pixel out of bounds write attempt (file-image.rules)
 * 1:41219 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric denial of service attempt (server-other.rules)
 * 1:41218 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules)
 * 1:41217 <-> ENABLED <-> OS-OTHER Joyent SmartOS add entries denial of service attempt (os-other.rules)
 * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules)
 * 1:41213 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server client batch request exploit attempt (server-other.rules)
 * 1:41212 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server digest_ripe message field out of bounds read attempt (server-other.rules)
 * 1:41209 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server Fabric particle_vtable out of bounds read attempt (server-other.rules)
 * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules)
 * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules)
 * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules)
 * 1:41109 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules)
 * 1:41108 <-> DISABLED <-> FILE-OFFICE Oracle Outside In Technology image export use after free attempt (file-office.rules)
 * 1:40935 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules)
 * 1:40934 <-> ENABLED <-> FILE-EXECUTABLE Nvidia Windows kernel mode driver denial of service attempt (file-executable.rules)
 * 1:40926 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules)
 * 1:40925 <-> DISABLED <-> FILE-PDF Iceni Argus PDF TextToPolys rasterization code execution vulnerability attempt (file-pdf.rules)
 * 1:40924 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules)
 * 1:40923 <-> DISABLED <-> FILE-PDF Iceni Argus PDF font-encoding glyphmap adjustment code execution vulnerability attempt (file-pdf.rules)
 * 1:40922 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules)
 * 1:40921 <-> DISABLED <-> FILE-PDF Iceni Argus loadLZWBuffer out of bounds write attempt (file-pdf.rules)
 * 1:40920 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules)
 * 1:40919 <-> DISABLED <-> FILE-PDF Iceni ArgusPDF convertor malformed embedded TTF file cmap table memory corruption attempt (file-pdf.rules)
 * 1:40918 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules)
 * 1:40917 <-> ENABLED <-> FILE-PDF Iceni Argus PDF uninitialized WordStyle color length code overflow attempt (file-pdf.rules)
 * 1:40903 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules)
 * 1:40902 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system path buffer overflow attempt (os-other.rules)
 * 1:40901 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules)
 * 1:40900 <-> ENABLED <-> OS-OTHER Joyent SmartOS file system name buffer overflow attempt (os-other.rules)
 * 1:40899 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules)
 * 1:40898 <-> ENABLED <-> OS-OTHER Joyent SmartOS ioctl integer underflow attempt (os-other.rules)
 * 1:40895 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules)
 * 1:40894 <-> DISABLED <-> FILE-OTHER R Project PDF encoding buffer overflow attempt (file-other.rules)
 * 1:40875 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules)
 * 1:40874 <-> DISABLED <-> FILE-PDF Iceni Argus icnChainAlloc heap corruption attempt (file-pdf.rules)
 * 1:40873 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules)
 * 1:40872 <-> DISABLED <-> FILE-PDF Iceni Argus loadTrailer heap corruption attempt (file-pdf.rules)
 * 1:40810 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules)
 * 1:40809 <-> DISABLED <-> FILE-OTHER HDF5 new object modification time out of bounds write attempt (file-other.rules)
 * 1:40808 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules)
 * 1:40807 <-> DISABLED <-> FILE-OTHER HDF5 symbol table message out of bounds write attempt (file-other.rules)
 * 1:40806 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules)
 * 1:40805 <-> DISABLED <-> FILE-OTHER HDF5 object modification time out of bounds write attempt (file-other.rules)
 * 1:40804 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules)
 * 1:40803 <-> ENABLED <-> FILE-OTHER HDF5 H5O_dtype_decode_helper heap buffer overflow attempt (file-other.rules)
 * 1:40802 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules)
 * 1:40801 <-> DISABLED <-> FILE-OTHER HDF5 H5Z_NBIT filter heap buffer overflow attempt (file-other.rules)
 * 1:40794 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40793 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40792 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40791 <-> DISABLED <-> FILE-OTHER HDF5 msg_dtype H5T_ARRAY heap buffer overflow attempt (file-other.rules)
 * 1:40777 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules)
 * 1:40776 <-> ENABLED <-> FILE-PDF Nitro Pro out of bounds memory write attempt (file-pdf.rules)
 * 1:40774 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:40773 <-> DISABLED <-> FILE-PDF Oracle Outside In Technology remote code execution attempt (file-pdf.rules)
 * 1:40757 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules)
 * 1:40756 <-> DISABLED <-> FILE-PDF Nitro Pro PDF Font Widths tag out of bounds read attempt (file-pdf.rules)
 * 1:40540 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules)
 * 1:40539 <-> DISABLED <-> FILE-IMAGE LibTIFF PixarLogDecode heap buffer overflow attempt (file-image.rules)
 * 1:40538 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40537 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40536 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40535 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40534 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40533 <-> DISABLED <-> FILE-IMAGE LibTIFF FAX IFD entry parsing type confusion attempt (file-image.rules)
 * 1:40526 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules)
 * 1:40525 <-> DISABLED <-> FILE-IMAGE LibTIFF tiff2pdf JPEG compression tables heap buffer overflow attempt (file-image.rules)
 * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules)
 * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules)
 * 1:40489 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules)
 * 1:40488 <-> DISABLED <-> FILE-EXECUTABLE Hopper Disassembler ELF section header memory corruption attempt (file-executable.rules)
 * 1:40487 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40486 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40485 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40484 <-> DISABLED <-> FILE-PDF Iceni Argus ipNameAdd stack buffer overflow attempt (file-pdf.rules)
 * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules)
 * 1:40430 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules)
 * 1:40429 <-> DISABLED <-> FILE-PDF Foxit PDF Reader JBIG2 parser out of bounds read attempt (file-pdf.rules)
 * 1:40337 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules)
 * 1:40336 <-> DISABLED <-> FILE-PDF Iceni Argus ipfSetColourStroke stack buffer overflow attempt (file-pdf.rules)
 * 1:40315 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules)
 * 1:40314 <-> DISABLED <-> FILE-IMAGE OpenJPEG JPEG2000 MCC record parsing heap memory corruption attempt (file-image.rules)
 * 1:40126 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules)
 * 1:40125 <-> DISABLED <-> FILE-OTHER Ichitaro Office Excel TxO record heap overflow attempt (file-other.rules)
 * 1:39919 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules)
 * 1:39918 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Anti-Virus unhandled windows messages denial of service vulnerability attempt (file-executable.rules)
 * 1:39884 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules)
 * 1:39883 <-> DISABLED <-> FILE-IMAGE FreeImage library XPM handling out of bounds write attempt (file-image.rules)
 * 1:39877 <-> DISABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC firmware update detected (protocol-snmp.rules)
 * 1:39876 <-> ENABLED <-> PROTOCOL-SNMP Allen-Bradley MicroLogix PLC SNMP request via undocumented community string attempt (protocol-snmp.rules)
 * 1:39762 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules)
 * 1:39761 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Hcell cssValFormat checkUnderbar out of bounds write attempt (file-office.rules)
 * 1:39760 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39759 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39758 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39757 <-> DISABLED <-> FILE-OFFICE Hancom Hangul HCell TableStyle record heap buffer overflow attempt (file-office.rules)
 * 1:39676 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39675 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39674 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39673 <-> DISABLED <-> FILE-IMAGE Oracle OIT CYMK TIFF parsing heap buffer overflow attempt (file-image.rules)
 * 1:39672 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39671 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39668 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39667 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39666 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39665 <-> DISABLED <-> FILE-OTHER Oracle OIT libvs_word ContentAccess out of bounds write attempt (file-other.rules)
 * 1:39664 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules)
 * 1:39663 <-> DISABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord out of bounds write attempt (file-other.rules)
 * 1:39661 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules)
 * 1:39660 <-> DISABLED <-> FILE-OTHER Oracle OIT gem metafile n_integers heap buffer overflow attempt (file-other.rules)
 * 1:39635 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules)
 * 1:39634 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image invalid box2i attribute heap buffer overflow attempt (file-image.rules)
 * 1:39632 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39631 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39630 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39629 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39628 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39627 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39626 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39625 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39624 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39623 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39622 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39621 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39620 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39619 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39618 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39617 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39616 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39614 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39613 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39612 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39611 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39610 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39609 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39608 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39606 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39605 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39604 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39603 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39602 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39601 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules)
 * 1:39600 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules)
 * 1:39599 <-> DISABLED <-> FILE-IMAGE Apple OSX EXR image tile size heap buffer overflow attempt (file-image.rules)
 * 1:39598 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules)
 * 1:39597 <-> DISABLED <-> FILE-MULTIMEDIA Apple OSX SceneKit invalid COLLADA file geometry attribute type confusion attempt (file-multimedia.rules)
 * 1:39596 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39595 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39594 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39593 <-> DISABLED <-> FILE-IMAGE Oracle OIT BMP file parsing heap buffer overflow attempt (file-image.rules)
 * 1:39467 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules)
 * 1:39466 <-> DISABLED <-> FILE-EXECUTABLE Symantec Norton Security IDSvix86 out of bounds read attempt (file-executable.rules)
 * 1:39162 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules)
 * 1:39161 <-> ENABLED <-> FILE-PDF Google Chrome PDFium jpeg2000 SIZ segment check failure heap buffer overflow attempt (file-pdf.rules)
 * 1:39151 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT message length overflow attempt (server-other.rules)
 * 1:39150 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT negative message length underflow attempt (server-other.rules)
 * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules)
 * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules)
 * 1:39111 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules)
 * 1:39110 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office HCell HncChart out of bounds write attempt (file-office.rules)
 * 1:39079 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:39078 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:39050 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules)
 * 1:39049 <-> DISABLED <-> FILE-OFFICE Hancom Hangul Office NXDeleteLineObj memory corruption attempt (file-office.rules)
 * 1:39048 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules)
 * 1:39047 <-> DISABLED <-> FILE-EXECUTABLE Kaspersky Internet Security kl1.sys out of bounds read attempt (file-executable.rules)
 * 1:39046 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules)
 * 1:39045 <-> DISABLED <-> FILE-OTHER libarchive RAR RestartModel out of bounds write attempt (file-other.rules)
 * 1:39035 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules)
 * 1:39034 <-> DISABLED <-> FILE-OTHER libarchive mtree parse_device stack buffer overflow attempt (file-other.rules)
 * 1:38870 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_cr out of bounds read attempt (server-other.rules)
 * 1:38869 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules)
 * 1:38868 <-> ENABLED <-> FILE-OTHER Hancom Hangul Office HShow integer-based heap buffer overflow attempt (file-other.rules)
 * 1:38867 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_chunk_parse_get_avatar out of bounds read attempt (server-other.rules)
 * 1:38861 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules)
 * 1:38860 <-> ENABLED <-> FILE-OTHER Oracle OIT ContentAccess libvs_mwkd out of bounds write attempt (file-other.rules)
 * 1:38859 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38858 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38857 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pVertices OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38856 <-> DISABLED <-> FILE-OTHER Hancom Hangul HCell pConnectionSites OfficeArt record heap buffer overflow attempt (file-other.rules)
 * 1:38850 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:38849 <-> ENABLED <-> OS-WINDOWS Kaspersky Internet Security KLIF driver denial of service attempt (os-windows.rules)
 * 1:38628 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules)
 * 1:38627 <-> DISABLED <-> FILE-OTHER libarchive zip_read_mac_metadata heap buffer overflow attempt (file-other.rules)
 * 1:38583 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_suggestcontacts out of bounds read attempt (server-other.rules)
 * 1:38578 <-> DISABLED <-> SERVER-OTHER Pidgin multimx_message_received out of bounds read attempt (server-other.rules)
 * 1:38551 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules)
 * 1:38550 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling splash_remove directory traversal attempt (server-other.rules)
 * 1:38549 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_parse_cmd_extprofile out of bounds read attempt (server-other.rules)
 * 1:38548 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT protocol handling null pointer dereference attempt (server-other.rules)
 * 1:38547 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules)
 * 1:38546 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT table markup command out of bounds read attempt (server-other.rules)
 * 1:38545 <-> DISABLED <-> SERVER-OTHER Pidgin mxit_update_contact out of bounds read attempt (server-other.rules)
 * 1:38345 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules)
 * 1:38344 <-> DISABLED <-> SERVER-OTHER Pidgin MXIT is operation null pointer dereference attempt (server-other.rules)
 * 1:38343 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules)
 * 1:38342 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf Root xref stack exhaustion attempt (file-pdf.rules)
 * 1:38324 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules)
 * 1:38323 <-> DISABLED <-> FILE-OTHER 7zip HFS+ handling heap buffer overflow attempt (file-other.rules)
 * 1:38296 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38295 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38294 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38293 <-> DISABLED <-> FILE-OTHER 7zip UDF partition reference out of bounds read attempt (file-other.rules)
 * 1:38290 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules)
 * 1:38289 <-> DISABLED <-> FILE-PDF Oracle IOT IX SDK libvs_pdf null pointer dereference attempt (file-pdf.rules)
 * 1:37869 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37868 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37867 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules)
 * 1:37866 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf arbitrary pointer access attempt (file-pdf.rules)
 * 1:37865 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules)
 * 1:37864 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf xref offset out of bounds read attempt (file-pdf.rules)
 * 1:37863 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37862 <-> DISABLED <-> FILE-PDF Oracle Outside In libvs_pdf integer overflow attempt (file-pdf.rules)
 * 1:37843 <-> DISABLED <-> SERVER-OTHER NTP crypto-NAK possible DoS attempt (server-other.rules)
 * 1:37842 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules)
 * 1:37841 <-> DISABLED <-> SERVER-OTHER ntpd reference clock impersonation attempt (server-other.rules)
 * 1:37520 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules)
 * 1:37519 <-> DISABLED <-> FILE-OTHER Intel HD Graphics Windows kernel driver local privilege escalation attempt (file-other.rules)
 * 1:37518 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules)
 * 1:37517 <-> DISABLED <-> FILE-OTHER Apple OSX local privilege escalation attempt (file-other.rules)
 * 1:37502 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules)
 * 1:37501 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Trailer ID array heap buffer overflow attempt (file-pdf.rules)
 * 1:37500 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules)
 * 1:37499 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF Filter Basefont string overflow attempt (file-pdf.rules)
 * 1:37498 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules)
 * 1:37497 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter encrypted stream code execution attempt (file-pdf.rules)
 * 1:37496 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules)
 * 1:37495 <-> DISABLED <-> FILE-PDF IBM Domino KeyView PDF filter compressed stream length code execution attempt (file-pdf.rules)
 * 1:37494 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules)
 * 1:37493 <-> DISABLED <-> FILE-OTHER lhasa decode_level3_header heap corruption attempt (file-other.rules)
 * 1:36388 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules)
 * 1:36387 <-> DISABLED <-> FILE-OTHER Libgraphite context item handling arbitrary code execution attempt (file-other.rules)
 * 1:36386 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules)
 * 1:36385 <-> ENABLED <-> FILE-OTHER SIL LibGraphite BracketPairStack out of bounds access exploit attempt (file-other.rules)
 * 1:36230 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules)
 * 1:36229 <-> ENABLED <-> FILE-FLASH Adobe Flash Player On2 VP6 video codec fragment read access violation attempt (file-flash.rules)
 * 1:36228 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36227 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36226 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36225 <-> ENABLED <-> FILE-OTHER Libgraphite empty feature list denial of service attempt (file-other.rules)
 * 1:36217 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules)
 * 1:36216 <-> DISABLED <-> FILE-OTHER libgraphite TTF opcode handling out of bounds read attempt (file-other.rules)
 * 1:36213 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules)
 * 1:36212 <-> ENABLED <-> FILE-OTHER Libgraphite LocaLookup out-of-bounds read attempt (file-other.rules)
 * 1:35829 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules)
 * 1:35828 <-> DISABLED <-> FILE-OTHER OpenOffice Starview metafile arbitrary read write attempt (file-other.rules)
 * 3:42076 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42077 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0300 attack attempt (file-office.rules)
 * 3:42078 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0299 attack attempt (server-webapp.rules)
 * 3:42084 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42085 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42086 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42087 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0297 attack attempt (file-image.rules)
 * 3:42088 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42089 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42090 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)
 * 3:42091 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2017-0298 attack attempt (file-image.rules)

Modified Rules:


 * 1:39864 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules)
 * 1:34334 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit Adobe Reader exploit download (exploit-kit.rules)
 * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41853 <-> DISABLED <-> OS-LINUX cURL and libcurl set-cookie remote code execution attempt (os-linux.rules)
 * 1:36969 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:37045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:36968 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableRow memory corruption attempt (browser-ie.rules)
 * 1:39865 <-> ENABLED <-> FILE-PDF Adobe Reader CoolType engine FlateDecode use-after-free attempt (file-pdf.rules)
 * 3:42060 <-> ENABLED <-> SERVER-OTHER Cisco IOS DHCP client dummy XID denial of service attempt (server-other.rules)
 * 3:40822 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)
 * 3:40758 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2016-0231 attack attempt (server-other.rules)
 * 3:40820 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0239 attack attempt (server-webapp.rules)
 * 3:40821 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2016-0241 attack attempt (server-webapp.rules)