Talos Rules 2017-05-04
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the app-detect, blacklist, browser-ie, file-executable, file-flash, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, os-windows, policy-other, protocol-dns, protocol-scada, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-05-04 14:59:27 UTC

Snort Subscriber Rules Update

Date: 2017-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42676 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42672 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection attempt (malware-cnc.rules)
 * 1:42448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42449 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42450 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42451 <-> DISABLED <-> SERVER-WEBAPP MCA Sistemas ScadaBR index.php brute force login attempt (server-webapp.rules)
 * 1:42452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection attempt (malware-cnc.rules)
 * 1:42453 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42454 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Frethog (blacklist.rules)
 * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules)
 * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules)
 * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules)
 * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42465 <-> DISABLED <-> SERVER-WEBAPP triple dot directory traversal attempt (server-webapp.rules)
 * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:42467 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42468 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42469 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42470 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42471 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42472 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42473 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42474 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42477 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42478 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42479 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42480 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42481 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42482 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42483 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42484 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42485 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42486 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42487 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42488 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42492 <-> DISABLED <-> APP-DETECT Intel AMT DHCP boot request detected (app-detect.rules)
 * 1:42494 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x01 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42495 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x02 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42496 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x03 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42497 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x04 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42498 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x05 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42499 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x06 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42500 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x07 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42501 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x08 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42502 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x09 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42503 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42504 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42505 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42506 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42507 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42508 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42509 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x10 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42510 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x11 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42511 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x12 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42512 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x13 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42513 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x14 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42514 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x15 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42515 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x16 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42516 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x17 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42517 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x18 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42518 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x19 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42519 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42520 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42521 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42522 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42523 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42524 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42525 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x20 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42526 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x21 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42527 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x22 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42528 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x23 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42529 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x24 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42530 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x25 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42531 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x26 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42532 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x27 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42533 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x28 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42534 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x29 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42535 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42536 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42537 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42538 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42539 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42540 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42541 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x30 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42542 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x31 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42543 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x32 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42544 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x33 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42545 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x34 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42546 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x35 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42547 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x36 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42548 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x37 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42549 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x38 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42550 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x39 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42551 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42552 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42553 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42554 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42555 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42556 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42557 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x40 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42558 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x41 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42559 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x42 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42560 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x43 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42561 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x44 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42562 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x45 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42563 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x46 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42564 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x47 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42565 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x48 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42566 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x49 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42567 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42568 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42569 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42570 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42571 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42572 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42573 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x50 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42574 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x51 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42575 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x52 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42576 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x53 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42577 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x54 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42578 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x55 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42579 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x56 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42580 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x57 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42581 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x58 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42582 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x59 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42583 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42584 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42585 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42586 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42587 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42588 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42589 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x60 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42590 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x61 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42591 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x62 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42592 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x63 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42593 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x64 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42594 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x65 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42595 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x66 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42741 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42734 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42735 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42736 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42737 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42738 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42739 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42740 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42742 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42743 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42744 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42745 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42746 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42747 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42748 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xff encrypted portable executable file download attempt (file-executable.rules)
 * 1:42596 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x67 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42597 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x68 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42598 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x69 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42599 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42600 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42601 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42602 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42603 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42604 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42605 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x70 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42606 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x71 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42607 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x72 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42608 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x73 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42609 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x74 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42610 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x75 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42611 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x76 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42612 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x77 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42613 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x78 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42614 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x79 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42615 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42616 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42617 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42618 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42619 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42620 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42621 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x80 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42622 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x81 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42623 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x82 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42624 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x83 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42625 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x84 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42626 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x85 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42627 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x86 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42628 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x87 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42629 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x88 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42630 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x89 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42631 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42632 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42633 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42634 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42635 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42636 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42637 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x90 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42638 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x91 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42639 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x92 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42640 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x93 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42641 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x94 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42642 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x95 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42643 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x96 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42644 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x97 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42645 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x98 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42646 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x99 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42647 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42648 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42649 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42650 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42651 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42652 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42653 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42654 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42655 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42656 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42657 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42658 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42659 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42660 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42661 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42662 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42663 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42664 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xab encrypted portable executable file download attempt (file-executable.rules)
 * 1:42665 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xac encrypted portable executable file download attempt (file-executable.rules)
 * 1:42666 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xad encrypted portable executable file download attempt (file-executable.rules)
 * 1:42667 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xae encrypted portable executable file download attempt (file-executable.rules)
 * 1:42668 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42669 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42670 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42671 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42675 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42733 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42731 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xee encrypted portable executable file download attempt (file-executable.rules)
 * 1:42727 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xea encrypted portable executable file download attempt (file-executable.rules)
 * 1:42729 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xec encrypted portable executable file download attempt (file-executable.rules)
 * 1:42728 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xeb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42726 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42730 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xed encrypted portable executable file download attempt (file-executable.rules)
 * 1:42718 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42723 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42687 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42720 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42715 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xde encrypted portable executable file download attempt (file-executable.rules)
 * 1:42682 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42684 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42701 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42710 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42689 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42711 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xda encrypted portable executable file download attempt (file-executable.rules)
 * 1:42695 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xca encrypted portable executable file download attempt (file-executable.rules)
 * 1:42721 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42691 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42700 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42725 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42686 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42712 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42678 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42673 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42681 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42685 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42713 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42703 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42688 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42679 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xba encrypted portable executable file download attempt (file-executable.rules)
 * 1:42693 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42724 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42697 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42716 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42722 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42683 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42705 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42694 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42677 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42699 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xce encrypted portable executable file download attempt (file-executable.rules)
 * 1:42702 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42674 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42714 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42719 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42707 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42680 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42709 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42696 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42704 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42706 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42698 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42690 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42717 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42692 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42708 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42732 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xef encrypted portable executable file download attempt (file-executable.rules)
 * 3:42493 <-> ENABLED <-> SERVER-OTHER Cisco CVR100W VPN Router SSDP uuid stack buffer overflow attempt (server-other.rules)
 * 3:42489 <-> ENABLED <-> SERVER-OTHER Cisco Aironet Mobility Express PnP agent directory traversal attempt (server-other.rules)
 * 3:42438 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP parsing integer overflow attempt (server-mail.rules)
 * 3:42436 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42437 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0331 attack attempt (server-webapp.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules)
 * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:30340 <-> DISABLED <-> SERVER-WEBAPP Cisco 675 web administration denial of service attempt (server-webapp.rules)
 * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:39361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Batlopma (blacklist.rules)
 * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:25770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:25528 <-> DISABLED <-> SERVER-WEBAPP Moveable Type unauthenticated remote command execution attempt (server-webapp.rules)
 * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules)
 * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)

2017-05-04 14:59:27 UTC

Snort Subscriber Rules Update

Date: 2017-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42671 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42670 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42669 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42668 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42667 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xae encrypted portable executable file download attempt (file-executable.rules)
 * 1:42666 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xad encrypted portable executable file download attempt (file-executable.rules)
 * 1:42665 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xac encrypted portable executable file download attempt (file-executable.rules)
 * 1:42664 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xab encrypted portable executable file download attempt (file-executable.rules)
 * 1:42663 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42662 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42661 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42660 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42659 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42658 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42657 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42656 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42655 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42654 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42653 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42652 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42650 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42651 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42648 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42649 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42646 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x99 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42647 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42644 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x97 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42645 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x98 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42642 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x95 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42643 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x96 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42640 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x93 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42641 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x94 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42638 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x91 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42639 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x92 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42637 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x90 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42636 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42634 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42635 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42632 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42633 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42630 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x89 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42631 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42628 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x87 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42629 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x88 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42626 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x85 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42627 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x86 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42624 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x83 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42625 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x84 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42622 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x81 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42623 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x82 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42620 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42621 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x80 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42618 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42619 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42616 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42617 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42614 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x79 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42615 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42612 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x77 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42613 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x78 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42610 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x75 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42611 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x76 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42608 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x73 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42609 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x74 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42606 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x71 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42607 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x72 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42602 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42605 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x70 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42604 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42603 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42600 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42601 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42598 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x69 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42599 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42596 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x67 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42597 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x68 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42594 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x65 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42595 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x66 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42592 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x63 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42593 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x64 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42590 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x61 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42591 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x62 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42588 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42589 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x60 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42586 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42587 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42584 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42585 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42582 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x59 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42583 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42580 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x57 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42581 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x58 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42578 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x55 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42579 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x56 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42576 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x53 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42577 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x54 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42574 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x51 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42575 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x52 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42572 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42573 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x50 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42570 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42571 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42569 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42568 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42567 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42565 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x48 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42566 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x49 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42563 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x46 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42564 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x47 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42561 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x44 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42562 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x45 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42559 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x42 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42560 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x43 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42557 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x40 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42558 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x41 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42555 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42556 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42553 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42554 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42551 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42552 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42549 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x38 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42550 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x39 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42547 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x36 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42548 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x37 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42545 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x34 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42546 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x35 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42543 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x32 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42544 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x33 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42541 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x30 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42542 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x31 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42539 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42540 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42537 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42538 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42535 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42536 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42533 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x28 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42534 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x29 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42531 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x26 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42532 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x27 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42529 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x24 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42530 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x25 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42527 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x22 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42528 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x23 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42525 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x20 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42526 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x21 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42523 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42524 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42521 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42522 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42519 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42520 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42517 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x18 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42518 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x19 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42515 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x16 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42516 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x17 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42513 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x14 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42514 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x15 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42511 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x12 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42512 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x13 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42509 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x10 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42510 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x11 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42507 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42508 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42505 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42506 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42503 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42504 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42501 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x08 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42502 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x09 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42500 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x07 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42499 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x06 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42498 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x05 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42496 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x03 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42497 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x04 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42494 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x01 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42495 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x02 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42492 <-> DISABLED <-> APP-DETECT Intel AMT DHCP boot request detected (app-detect.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42487 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42488 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42485 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42486 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42483 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42484 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42481 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42482 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42479 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42480 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42478 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42477 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42474 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42472 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42473 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42470 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42471 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42468 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42469 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:42467 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42465 <-> DISABLED <-> SERVER-WEBAPP triple dot directory traversal attempt (server-webapp.rules)
 * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules)
 * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules)
 * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules)
 * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42454 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Frethog (blacklist.rules)
 * 1:42453 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42451 <-> DISABLED <-> SERVER-WEBAPP MCA Sistemas ScadaBR index.php brute force login attempt (server-webapp.rules)
 * 1:42452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection attempt (malware-cnc.rules)
 * 1:42449 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42450 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection attempt (malware-cnc.rules)
 * 1:42448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42748 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xff encrypted portable executable file download attempt (file-executable.rules)
 * 1:42747 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42746 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42745 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42744 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42743 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42742 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42741 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42740 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42739 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42738 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42737 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42736 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42735 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42734 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42733 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42732 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xef encrypted portable executable file download attempt (file-executable.rules)
 * 1:42731 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xee encrypted portable executable file download attempt (file-executable.rules)
 * 1:42730 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xed encrypted portable executable file download attempt (file-executable.rules)
 * 1:42729 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xec encrypted portable executable file download attempt (file-executable.rules)
 * 1:42728 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xeb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42727 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xea encrypted portable executable file download attempt (file-executable.rules)
 * 1:42726 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42725 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42724 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42723 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42722 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42721 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42720 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42719 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42718 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42717 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42716 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42715 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xde encrypted portable executable file download attempt (file-executable.rules)
 * 1:42714 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42713 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42712 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42711 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xda encrypted portable executable file download attempt (file-executable.rules)
 * 1:42710 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42709 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42708 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42707 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42706 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42705 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42704 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42703 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42702 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42701 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42700 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42699 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xce encrypted portable executable file download attempt (file-executable.rules)
 * 1:42698 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42697 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42696 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42695 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xca encrypted portable executable file download attempt (file-executable.rules)
 * 1:42694 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42693 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42692 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42691 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42690 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42689 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42688 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42687 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42686 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42685 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42684 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42683 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42682 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42681 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42680 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42679 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xba encrypted portable executable file download attempt (file-executable.rules)
 * 1:42678 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42677 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42676 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42675 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42674 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42672 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42673 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb4 encrypted portable executable file download attempt (file-executable.rules)
 * 3:42493 <-> ENABLED <-> SERVER-OTHER Cisco CVR100W VPN Router SSDP uuid stack buffer overflow attempt (server-other.rules)
 * 3:42489 <-> ENABLED <-> SERVER-OTHER Cisco Aironet Mobility Express PnP agent directory traversal attempt (server-other.rules)
 * 3:42438 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP parsing integer overflow attempt (server-mail.rules)
 * 3:42437 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0331 attack attempt (server-webapp.rules)
 * 3:42436 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules)
 * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:39361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Batlopma (blacklist.rules)
 * 1:25770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:25528 <-> DISABLED <-> SERVER-WEBAPP Moveable Type unauthenticated remote command execution attempt (server-webapp.rules)
 * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:30340 <-> DISABLED <-> SERVER-WEBAPP Cisco 675 web administration denial of service attempt (server-webapp.rules)
 * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules)
 * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)

2017-05-04 14:59:27 UTC

Snort Subscriber Rules Update

Date: 2017-05-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:42748 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xff encrypted portable executable file download attempt (file-executable.rules)
 * 1:42747 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42746 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42745 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42744 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42743 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xfa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42742 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42741 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42740 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42739 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42738 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42737 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42736 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42735 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42734 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42733 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xf0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42732 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xef encrypted portable executable file download attempt (file-executable.rules)
 * 1:42731 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xee encrypted portable executable file download attempt (file-executable.rules)
 * 1:42730 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xed encrypted portable executable file download attempt (file-executable.rules)
 * 1:42729 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xec encrypted portable executable file download attempt (file-executable.rules)
 * 1:42728 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xeb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42727 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xea encrypted portable executable file download attempt (file-executable.rules)
 * 1:42726 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42725 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42724 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42723 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42722 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42721 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42720 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42719 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42718 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42717 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xe0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42716 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42715 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xde encrypted portable executable file download attempt (file-executable.rules)
 * 1:42714 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42713 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42712 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xdb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42711 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xda encrypted portable executable file download attempt (file-executable.rules)
 * 1:42710 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42709 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42708 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42707 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42706 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42705 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42704 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42703 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42702 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42701 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xd0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42700 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42699 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xce encrypted portable executable file download attempt (file-executable.rules)
 * 1:42698 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42697 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42696 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xcb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42695 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xca encrypted portable executable file download attempt (file-executable.rules)
 * 1:42694 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42693 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42692 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42691 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42690 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42689 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42688 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42687 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42686 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42685 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xc0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42684 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42683 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbe encrypted portable executable file download attempt (file-executable.rules)
 * 1:42682 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbd encrypted portable executable file download attempt (file-executable.rules)
 * 1:42681 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbc encrypted portable executable file download attempt (file-executable.rules)
 * 1:42680 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xbb encrypted portable executable file download attempt (file-executable.rules)
 * 1:42679 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xba encrypted portable executable file download attempt (file-executable.rules)
 * 1:42678 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42677 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42676 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42675 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42674 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42673 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42672 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42671 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42670 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42669 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xb0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42668 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaf encrypted portable executable file download attempt (file-executable.rules)
 * 1:42667 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xae encrypted portable executable file download attempt (file-executable.rules)
 * 1:42666 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xad encrypted portable executable file download attempt (file-executable.rules)
 * 1:42665 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xac encrypted portable executable file download attempt (file-executable.rules)
 * 1:42664 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xab encrypted portable executable file download attempt (file-executable.rules)
 * 1:42663 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xaa encrypted portable executable file download attempt (file-executable.rules)
 * 1:42662 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa9 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42661 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa8 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42660 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa7 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42659 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa6 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42658 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa5 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42657 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa4 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42656 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa3 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42655 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa2 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42654 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa1 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42653 <-> DISABLED <-> FILE-EXECUTABLE XOR 0xa0 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42652 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42651 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42650 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42649 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42648 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42647 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x9a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42646 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x99 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42645 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x98 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42644 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x97 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42643 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x96 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42642 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x95 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42641 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x94 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42640 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x93 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42639 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x92 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42638 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x91 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42637 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x90 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42636 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42635 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42634 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42633 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42632 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42631 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x8a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42630 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x89 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42629 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x88 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42628 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x87 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42627 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x86 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42626 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x85 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42625 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x84 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42624 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x83 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42623 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x82 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42622 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x81 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42621 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x80 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42620 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42619 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42618 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42617 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42616 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42615 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x7a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42614 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x79 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42613 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x78 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42612 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x77 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42611 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x76 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42610 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x75 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42609 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x74 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42608 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x73 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42607 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x72 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42606 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x71 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42605 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x70 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42604 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42603 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42602 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42601 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42600 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42599 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x6a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42598 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x69 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42597 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x68 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42596 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x67 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42595 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x66 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42594 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x65 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42593 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x64 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42592 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x63 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42591 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x62 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42590 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x61 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42589 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x60 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42588 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42587 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42586 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42585 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42584 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42583 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x5a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42582 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x59 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42581 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x58 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42580 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x57 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42579 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x56 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42578 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x55 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42577 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x54 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42576 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x53 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42575 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x52 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42574 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x51 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42573 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x50 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42572 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42571 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42570 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42569 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42568 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42567 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x4a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42566 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x49 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42565 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x48 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42564 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x47 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42563 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x46 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42562 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x45 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42561 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x44 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42560 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x43 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42559 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x42 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42558 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x41 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42557 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x40 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42556 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42555 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42554 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42553 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42552 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42551 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x3a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42550 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x39 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42549 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x38 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42548 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x37 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42547 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x36 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42546 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x35 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42545 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x34 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42544 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x33 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42543 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x32 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42542 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x31 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42541 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x30 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42540 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42539 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42538 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42537 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42536 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42535 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x2a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42534 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x29 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42533 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x28 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42532 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x27 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42531 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x26 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42530 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x25 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42529 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x24 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42528 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x23 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42527 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x22 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42526 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x21 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42525 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x20 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42524 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42523 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42522 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42521 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42520 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42519 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x1a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42518 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x19 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42517 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x18 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42516 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x17 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42515 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x16 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42514 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x15 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42513 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x14 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42512 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x13 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42511 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x12 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42510 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x11 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42509 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x10 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42508 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0f encrypted portable executable file download attempt (file-executable.rules)
 * 1:42507 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0e encrypted portable executable file download attempt (file-executable.rules)
 * 1:42506 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0d encrypted portable executable file download attempt (file-executable.rules)
 * 1:42505 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0c encrypted portable executable file download attempt (file-executable.rules)
 * 1:42504 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0b encrypted portable executable file download attempt (file-executable.rules)
 * 1:42503 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x0a encrypted portable executable file download attempt (file-executable.rules)
 * 1:42502 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x09 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42501 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x08 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42500 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x07 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42499 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x06 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42498 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x05 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42497 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x04 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42496 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x03 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42495 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x02 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42494 <-> DISABLED <-> FILE-EXECUTABLE XOR 0x01 encrypted portable executable file download attempt (file-executable.rules)
 * 1:42492 <-> DISABLED <-> APP-DETECT Intel AMT DHCP boot request detected (app-detect.rules)
 * 1:42491 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42490 <-> DISABLED <-> POLICY-OTHER Intel AMT remote administration tool access attempt (policy-other.rules)
 * 1:42488 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42487 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42486 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42485 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42484 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42483 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42482 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42481 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42480 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42479 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42478 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42477 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules)
 * 1:42474 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42473 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42472 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42471 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42470 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42469 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42468 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42467 <-> DISABLED <-> SERVER-WEBAPP Edimax 802.11AC repeater command injection attempt (server-webapp.rules)
 * 1:42466 <-> DISABLED <-> SERVER-OTHER WinRadius long password denial of service attempt (server-other.rules)
 * 1:42465 <-> DISABLED <-> SERVER-WEBAPP triple dot directory traversal attempt (server-webapp.rules)
 * 1:42464 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42463 <-> DISABLED <-> FILE-IMAGE Foxit Reader malformed DataSubBlock size attempt (file-image.rules)
 * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules)
 * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules)
 * 1:42460 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42459 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Reader PDF embedded null JPEG image (indicator-compromise.rules)
 * 1:42458 <-> DISABLED <-> PROTOCOL-DNS ISC BIND unexpected DNAME CNAME ordering denial of service attempt (protocol-dns.rules)
 * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules)
 * 1:42454 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Frethog (blacklist.rules)
 * 1:42453 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection attempt (malware-cnc.rules)
 * 1:42451 <-> DISABLED <-> SERVER-WEBAPP MCA Sistemas ScadaBR index.php brute force login attempt (server-webapp.rules)
 * 1:42450 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42449 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:42447 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection attempt (malware-cnc.rules)
 * 1:42446 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42445 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42444 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42443 <-> ENABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42442 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42441 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42440 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:42439 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 3:42432 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42433 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42434 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0328 attack attempt (server-webapp.rules)
 * 3:42435 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42436 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0330 attack attempt (server-webapp.rules)
 * 3:42437 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2017-0331 attack attempt (server-webapp.rules)
 * 3:42438 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP parsing integer overflow attempt (server-mail.rules)
 * 3:42489 <-> ENABLED <-> SERVER-OTHER Cisco Aironet Mobility Express PnP agent directory traversal attempt (server-other.rules)
 * 3:42493 <-> ENABLED <-> SERVER-OTHER Cisco CVR100W VPN Router SSDP uuid stack buffer overflow attempt (server-other.rules)

Modified Rules:


 * 1:17413 <-> DISABLED <-> OS-WINDOWS Microsoft Jet DB Engine Buffer Overflow attempt (os-windows.rules)
 * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:36973 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:39361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Batlopma (blacklist.rules)
 * 1:25770 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt (browser-ie.rules)
 * 1:25528 <-> DISABLED <-> SERVER-WEBAPP Moveable Type unauthenticated remote command execution attempt (server-webapp.rules)
 * 1:23092 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:23095 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules)
 * 1:30340 <-> DISABLED <-> SERVER-WEBAPP Cisco 675 web administration denial of service attempt (server-webapp.rules)
 * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
 * 1:34082 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:34083 <-> DISABLED <-> FILE-OTHER Microsoft emf small header overwrite attempt (file-other.rules)
 * 1:35599 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35600 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35601 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:35602 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection use-after-free attempt (file-flash.rules)
 * 1:36972 <-> DISABLED <-> FILE-OTHER Windows Media Player MCL to HTML information disclosure attempt (file-other.rules)
 * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules)
 * 1:23094 <-> DISABLED <-> FILE-OFFICE EMF corruption attempt (file-office.rules)
 * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules)